diff options
Diffstat (limited to 'data/CVE/2021.list')
-rw-r--r-- | data/CVE/2021.list | 71102 |
1 files changed, 71102 insertions, 0 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list new file mode 100644 index 0000000000..06406baf29 --- /dev/null +++ b/data/CVE/2021.list @@ -0,0 +1,71102 @@ +CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket transport. An ...) + NOT-FOR-US: PreMiD +CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...) + - libsixel <unfixed> + [bullseye] - libsixel <no-dsa> (Minor issue) + [buster] - libsixel <no-dsa> (Minor issue) + NOTE: https://github.com/saitoha/libsixel/issues/158 +CVE-2021-4222 + RESERVED +CVE-2021-4221 + RESERVED +CVE-2021-46699 + RESERVED +CVE-2021-4220 + REJECTED +CVE-2021-4219 + RESERVED +CVE-2021-46687 + RESERVED +CVE-2021-46270 + RESERVED +CVE-2021-45730 + RESERVED +CVE-2021-45721 + RESERVED +CVE-2021-45074 + RESERVED +CVE-2021-41834 + RESERVED +CVE-2021-23163 + RESERVED +CVE-2021-22590 + RESERVED +CVE-2021-46681 + RESERVED +CVE-2021-46680 + RESERVED +CVE-2021-46679 + RESERVED +CVE-2021-46678 + RESERVED +CVE-2021-46677 + RESERVED +CVE-2021-46676 + RESERVED +CVE-2021-46675 + RESERVED +CVE-2021-46674 + RESERVED +CVE-2021-46673 + RESERVED +CVE-2021-46672 + RESERVED +CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array, and co ...) + - atftp 0.7.git20210915-1 (bug #1004974) + [bullseye] - atftp <no-dsa> (Minor issue) + [buster] - atftp <no-dsa> (Minor issue) + [stretch] - atftp <no-dsa> (Minor issue) + NOTE: https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 (v0.7.5) +CVE-2021-46670 + RESERVED +CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_ ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 <removed> + - mariadb-10.3 <removed> + NOTE: https://jira.mariadb.org/browse/MDEV-25638 +CVE-2021-46668 (MariaDB through 10.5.9 allows an application crash via certain long SE ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 <removed> + - mariadb-10.3 <removed> + NOTE: https://jira.mariadb.org/browse/MDEV-25787 + NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 +CVE-2021-46667 (MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an ...) + - mariadb-10.6 1:10.6.5-1 + - mariadb-10.5 <removed> + - mariadb-10.3 <removed> + NOTE: https://jira.mariadb.org/browse/MDEV-26350 + NOTE: Fixed in MariaDB: 10.2.41, 10.3.32, 10.4.22, 10.5.13, 10.6.5 +CVE-2021-46666 (MariaDB before 10.6.2 allows an application crash because of mishandli ...) + - mariadb-10.6 <not-affected> (Fixed before initial upload to Debian) + - mariadb-10.5 1:10.5.11-1 + - mariadb-10.3 <removed> + [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-25635 + NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2 +CVE-2021-46665 (MariaDB through 10.5.9 allows a sql_parse.cc application crash because ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 <removed> + - mariadb-10.3 <removed> + NOTE: https://jira.mariadb.org/browse/MDEV-25636 + NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 +CVE-2021-46664 (MariaDB through 10.5.9 allows an application crash in sub_select_postj ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 <removed> + - mariadb-10.3 <removed> + NOTE: https://jira.mariadb.org/browse/MDEV-25761 + NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 +CVE-2021-46663 (MariaDB through 10.5.13 allows a ha_maria::extra application crash via ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 <removed> + - mariadb-10.3 <removed> + NOTE: https://jira.mariadb.org/browse/MDEV-26351 + NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 +CVE-2021-46662 (MariaDB through 10.5.9 allows a set_var.cc application crash via certa ...) + - mariadb-10.6 1:10.6.5-1 + - mariadb-10.5 <removed> + - mariadb-10.3 <removed> + NOTE: https://jira.mariadb.org/browse/MDEV-25637 + NOTE: https://jira.mariadb.org/browse/MDEV-22464 + NOTE: Fixed in MariaDB: 10.3.32, 10.4.22, 10.5.13, 10.6.5 +CVE-2021-46661 (MariaDB through 10.5.9 allows an application crash in find_field_in_ta ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 <removed> + - mariadb-10.3 <removed> + NOTE: https://jira.mariadb.org/browse/MDEV-25766 + NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 +CVE-2021-4218 + RESERVED + - linux 5.8.7-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048359 + NOTE: Fixed by: https://git.kernel.org/linus/32927393dc1ccd60fb2bdc05b9e8e88753761469 (5.8-rc1) +CVE-2021-46660 (Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) a ...) + NOT-FOR-US: Signiant Manager+Agents +CVE-2021-46659 (MariaDB before 10.7.2 allows an application crash because it does not ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 <removed> + - mariadb-10.3 <removed> + NOTE: https://jira.mariadb.org/browse/MDEV-25631 + NOTE: Fixed in MariaDB: 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6, 10.7.2 +CVE-2021-46658 (save_window_function_values in MariaDB before 10.6.3 allows an applica ...) + - mariadb-10.6 <not-affected> (Fixed before initial upload to Debian) + - mariadb-10.5 1:10.5.11-1 + - mariadb-10.3 <removed> + [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-25630 + NOTE: Fixed in MariaDB: 10.2.40, 10.3.31, 10.4.21, 10.5.12, 10.6.3 +CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 allows an application crash ...) + - mariadb-10.6 <not-affected> (Fixed before initial upload to Debian) + - mariadb-10.5 1:10.5.11-1 + - mariadb-10.3 <removed> + [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-25629 + NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2 +CVE-2021-4217 [Null pointer dereference in Unicode strings code] + RESERVED + - unzip <unfixed> (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044583 + NOTE: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077 + NOTE: Crash in CLI tool, no security impact +CVE-2021-4216 + RESERVED +CVE-2021-46656 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-46655 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-46654 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-46653 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-46652 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-46651 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46650 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46649 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46648 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46647 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46646 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46645 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46644 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46643 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46642 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46641 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46640 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46639 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46638 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46637 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46636 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46635 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46634 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46633 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46632 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46631 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46630 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46629 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46628 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46627 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46626 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46625 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46624 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46623 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46622 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46621 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46620 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46619 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46618 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46617 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46616 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46615 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46614 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46613 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46612 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46611 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46610 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46609 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46608 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46607 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46606 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46605 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46604 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46603 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46602 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46601 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46600 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46599 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46598 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46597 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46596 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46595 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46594 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46593 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46592 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46591 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46590 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46589 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46588 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46587 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46586 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46585 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46584 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46583 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46582 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46581 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46580 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46579 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46578 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46577 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46576 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46575 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46574 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46573 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46572 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46571 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46570 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46569 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46568 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46567 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46566 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46565 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46564 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46563 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46562 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...) + NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API +CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...) + NOT-FOR-US: Moxa +CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...) + NOT-FOR-US: Moxa +CVE-2021-4215 + RESERVED +CVE-2021-4214 + RESERVED + - libpng1.6 <unfixed> (unimportant) + NOTE: https://github.com/glennrp/libpng/issues/302 + NOTE: Crash in CLI package, not shipped in binary packages +CVE-2021-4213 + RESERVED + - jss <unfixed> + [bullseye] - jss <no-dsa> (Minor issue) + [buster] - jss <no-dsa> (Minor issue) + [stretch] - jss <postponed> (revisit when/if fix is complete) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2042900 + NOTE: https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448 +CVE-2021-4212 + RESERVED +CVE-2021-4211 + RESERVED +CVE-2021-4210 + RESERVED +CVE-2021-46558 (Multiple cross-site scripting (XSS) vulnerabilities in the Add User mo ...) + NOT-FOR-US: Issabel +CVE-2021-46557 (Vicidial 2.14-783a was discovered to contain a cross-site scripting (X ...) + NOT-FOR-US: Vicidial +CVE-2021-46556 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46555 + RESERVED +CVE-2021-46554 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46553 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46552 + RESERVED +CVE-2021-46551 + RESERVED +CVE-2021-46550 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46549 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46548 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46547 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46546 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46545 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46544 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46543 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46542 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46541 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46540 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46539 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46538 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46537 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46536 + RESERVED +CVE-2021-46535 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46534 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46533 + RESERVED +CVE-2021-46532 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46531 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46530 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46529 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46528 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46527 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46526 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46525 (Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free vi ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46524 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46523 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46522 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46521 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46520 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46519 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46518 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46517 (There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' fai ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46516 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46515 (There is an Assertion `mjs_stack_size(&mjs->scopes) >= scope ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46514 (There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' f ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46513 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46512 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46511 (There is an Assertion `m->len >= sizeof(v)' failed at src/mjs_co ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46510 (There is an Assertion `s < mjs->owned_strings.buf + mjs->owne ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46509 (Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snq ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46508 (There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46507 (Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg ...) + NOT-FOR-US: Jsish +CVE-2021-46506 (There is an Assertion 'v->d.lval != v' failed at src/jsiValue.c in ...) + NOT-FOR-US: Jsish +CVE-2021-46505 (Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x ...) + NOT-FOR-US: Jsish +CVE-2021-46504 (There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5 ...) + NOT-FOR-US: Jsish +CVE-2021-46503 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/ ...) + NOT-FOR-US: Jsish +CVE-2021-46502 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/ ...) + NOT-FOR-US: Jsish +CVE-2021-46501 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortS ...) + NOT-FOR-US: Jsish +CVE-2021-46500 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_A ...) + NOT-FOR-US: Jsish +CVE-2021-46499 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_V ...) + NOT-FOR-US: Jsish +CVE-2021-46498 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_w ...) + NOT-FOR-US: Jsish +CVE-2021-46497 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_U ...) + NOT-FOR-US: Jsish +CVE-2021-46496 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_O ...) + NOT-FOR-US: Jsish +CVE-2021-46495 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Delet ...) + NOT-FOR-US: Jsish +CVE-2021-46494 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_V ...) + NOT-FOR-US: Jsish +CVE-2021-46493 + RESERVED +CVE-2021-46492 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Fu ...) + NOT-FOR-US: Jsish +CVE-2021-46491 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Co ...) + NOT-FOR-US: Jsish +CVE-2021-46490 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Number ...) + NOT-FOR-US: Jsish +CVE-2021-46489 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_D ...) + NOT-FOR-US: Jsish +CVE-2021-46488 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_Ar ...) + NOT-FOR-US: Jsish +CVE-2021-46487 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x ...) + NOT-FOR-US: Jsish +CVE-2021-46486 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_Ar ...) + NOT-FOR-US: Jsish +CVE-2021-46485 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Va ...) + NOT-FOR-US: Jsish +CVE-2021-46484 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_I ...) + NOT-FOR-US: Jsish +CVE-2021-46483 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Bool ...) + NOT-FOR-US: Jsish +CVE-2021-46482 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Numb ...) + NOT-FOR-US: Jsish +CVE-2021-46481 (Jsish v3.5.0 was discovered to contain a memory leak via linenoise at ...) + NOT-FOR-US: Jsish +CVE-2021-46480 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiV ...) + NOT-FOR-US: Jsish +CVE-2021-46479 + RESERVED +CVE-2021-46478 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiC ...) + NOT-FOR-US: Jsish +CVE-2021-46477 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegE ...) + NOT-FOR-US: Jsish +CVE-2021-46476 + RESERVED +CVE-2021-46475 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ ...) + NOT-FOR-US: Jsish +CVE-2021-46474 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiE ...) + NOT-FOR-US: Jsish +CVE-2021-46473 + RESERVED +CVE-2021-46472 + RESERVED +CVE-2021-46471 + RESERVED +CVE-2021-46470 + RESERVED +CVE-2021-46469 + RESERVED +CVE-2021-46468 + RESERVED +CVE-2021-46467 + RESERVED +CVE-2021-46466 + RESERVED +CVE-2021-46465 + RESERVED +CVE-2021-46464 + RESERVED +CVE-2021-46463 (njs through 0.7.1, used in NGINX, was discovered to contain a control ...) + NOT-FOR-US: njs +CVE-2021-46462 (njs through 0.7.1, used in NGINX, was discovered to contain a segmenta ...) + NOT-FOR-US: njs +CVE-2021-46461 (njs through 0.7.0, used in NGINX, was discovered to contain an out-of- ...) + NOT-FOR-US: njs +CVE-2021-46460 + RESERVED +CVE-2021-46459 (Victor CMS v1.0 was discovered to contain multiple SQL injection vulne ...) + NOT-FOR-US: Victor CMS +CVE-2021-46458 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Victor CMS +CVE-2021-46457 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46456 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46455 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46454 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46453 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46452 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46451 (An SQL Injection vulnerabilty exists in Sourcecodester Online Project ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46450 + RESERVED +CVE-2021-46449 + RESERVED +CVE-2021-46448 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) + NOT-FOR-US: H.H.G Multistore +CVE-2021-46447 (A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 ...) + NOT-FOR-US: H.H.G Multistore +CVE-2021-46446 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) + NOT-FOR-US: H.H.G Multistore +CVE-2021-46445 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) + NOT-FOR-US: H.H.G Multistore +CVE-2021-46444 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) + NOT-FOR-US: H.H.G Multistore +CVE-2021-46443 + RESERVED +CVE-2021-46442 + RESERVED +CVE-2021-46441 + RESERVED +CVE-2021-46440 + RESERVED +CVE-2021-46439 + RESERVED +CVE-2021-46438 + RESERVED +CVE-2021-46437 + RESERVED +CVE-2021-46436 + RESERVED +CVE-2021-46435 + RESERVED +CVE-2021-46434 + RESERVED +CVE-2021-46433 + RESERVED +CVE-2021-46432 + RESERVED +CVE-2021-46431 + RESERVED +CVE-2021-46430 + RESERVED +CVE-2021-46429 + RESERVED +CVE-2021-46428 (A Remote Code Execution (RCE) vulnerability exists in Sourcecodester S ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46427 (An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46426 + RESERVED +CVE-2021-46425 + RESERVED +CVE-2021-46424 + RESERVED +CVE-2021-46423 + RESERVED +CVE-2021-46422 + RESERVED +CVE-2021-46421 + RESERVED +CVE-2021-46420 + RESERVED +CVE-2021-46419 + RESERVED +CVE-2021-46418 + RESERVED +CVE-2021-46417 + RESERVED +CVE-2021-46416 + RESERVED +CVE-2021-46415 + RESERVED +CVE-2021-46414 + RESERVED +CVE-2021-46413 + RESERVED +CVE-2021-46412 + RESERVED +CVE-2021-46411 + RESERVED +CVE-2021-46410 + RESERVED +CVE-2021-46409 + RESERVED +CVE-2021-46408 + RESERVED +CVE-2021-46407 + RESERVED +CVE-2021-46406 + RESERVED +CVE-2021-46405 + RESERVED +CVE-2021-46404 + RESERVED +CVE-2021-4209 + RESERVED +CVE-2021-46403 + RESERVED +CVE-2021-4208 (The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46402 + RESERVED +CVE-2021-46401 + RESERVED +CVE-2021-46400 + RESERVED +CVE-2021-46399 + RESERVED +CVE-2021-46398 (A Cross-Site Request Forgery vulnerability exists in Filebrowser < ...) + NOT-FOR-US: FileBrowser +CVE-2021-46397 + RESERVED +CVE-2021-46396 + RESERVED +CVE-2021-46395 + RESERVED +CVE-2021-46394 + RESERVED +CVE-2021-46393 + RESERVED +CVE-2021-46392 + RESERVED +CVE-2021-46391 + RESERVED +CVE-2021-46390 + RESERVED +CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...) + NOT-FOR-US: IIPImage High Resolution Streaming Image Server +CVE-2021-46388 (WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affec ...) + NOT-FOR-US: WAGO +CVE-2021-46387 + RESERVED +CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File U ...) + NOT-FOR-US: MCMS +CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...) + NOT-FOR-US: MCMS +CVE-2021-46384 + RESERVED +CVE-2021-46383 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL In ...) + NOT-FOR-US: MCMS +CVE-2021-46382 + RESERVED +CVE-2021-46381 + RESERVED +CVE-2021-46380 + RESERVED +CVE-2021-46379 + RESERVED +CVE-2021-46378 + RESERVED +CVE-2021-46377 (There is a front-end sql injection vulnerability in cszcms 1.2.9 via c ...) + NOT-FOR-US: cszcms +CVE-2021-46376 + RESERVED +CVE-2021-46375 + RESERVED +CVE-2021-46374 + RESERVED +CVE-2021-46373 + RESERVED +CVE-2021-46372 (Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. Wh ...) + NOT-FOR-US: Scoold +CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control vulnerabil ...) + NOT-FOR-US: antd-admin +CVE-2021-46370 + RESERVED +CVE-2021-46369 + RESERVED +CVE-2021-46368 (TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path s ...) + NOT-FOR-US: TRIGONE Remote System Monitor +CVE-2021-46367 + RESERVED +CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-46364 (A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and be ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-46363 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-46362 (A Server-Side Template Injection (SSTI) vulnerability in the Registrat ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-46361 (An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allo ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...) + NOT-FOR-US: Composr-CMS +CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...) + NOT-FOR-US: FISCO-BCOS +CVE-2021-46358 + RESERVED +CVE-2021-46357 + RESERVED +CVE-2021-46356 + RESERVED +CVE-2021-46355 (OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To expl ...) + NOT-FOR-US: OCS Inventory (not the same as ocsinventory-server) +CVE-2021-46354 (Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version ...) + NOT-FOR-US: Thinfinity VirtualUI +CVE-2021-46353 + RESERVED +CVE-2021-46352 + RESERVED +CVE-2021-46351 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...) + - iotjs <not-affected> (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4940 +CVE-2021-46350 (There is an Assertion 'ecma_is_value_object (value)' failed at jerrysc ...) + - iotjs <not-affected> (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4953 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4936 +CVE-2021-46349 (There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECM ...) + - iotjs <unfixed> (bug #1004288) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4937 +CVE-2021-46348 (There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' fa ...) + - iotjs <unfixed> (bug #1004288) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4961 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4941 +CVE-2021-46347 (There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' ...) + - iotjs <not-affected> (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4938 +CVE-2021-46346 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...) + - iotjs <unfixed> (bug #1004288) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4939 +CVE-2021-46345 (There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry ...) + - iotjs <not-affected> (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4946 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4920 +CVE-2021-46344 (There is an Assertion 'flags & PARSER_PATTERN_HAS_REST_ELEMENT' fa ...) + - iotjs <not-affected> (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4950 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4928 +CVE-2021-46343 (There is an Assertion 'context_p->token.type == LEXER_LITERAL' fail ...) + - iotjs <not-affected> (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4947 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4921 +CVE-2021-46342 (There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op ...) + - iotjs <not-affected> (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4952 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4934 +CVE-2021-46341 + RESERVED +CVE-2021-46340 (There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY ...) + - iotjs <unfixed> (bug #1004288) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4964 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4924 +CVE-2021-46339 (There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_siz ...) + - iotjs <undetermined> + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4935 +CVE-2021-46338 (There is an Assertion 'ecma_is_lexical_environment (object_p)' failed ...) + - iotjs <unfixed> (bug #1004288) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4943 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4933 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4900 +CVE-2021-46337 (There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser- ...) + - iotjs <not-affected> (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4951 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4930 +CVE-2021-46336 (There is an Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' f ...) + - iotjs <not-affected> (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4949 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4927 +CVE-2021-46335 (Moddable SDK v11.5.0 was discovered to contain a NULL pointer derefere ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46334 (Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46333 (Moddable SDK v11.5.0 was discovered to contain an invalid memory acces ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46332 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46331 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46330 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46329 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46328 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46327 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46326 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46325 (Espruino 2v10.246 was discovered to contain a stack buffer overflow vi ...) + NOT-FOR-US: Espruino +CVE-2021-46324 (Espruino 2v11.251 was discovered to contain a stack buffer overflow vi ...) + NOT-FOR-US: Espruino +CVE-2021-46323 (Espruino 2v11.251 was discovered to contain a SEGV vulnerability via s ...) + NOT-FOR-US: Espruino +CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV vulnerability via th ...) + NOT-FOR-US: Duktape +CVE-2021-46321 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2021-46320 (In OpenZeppelin <=v4.4.0, initializer functions that are invoked se ...) + NOT-FOR-US: OpenZeppelin +CVE-2021-46319 (Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR- ...) + NOT-FOR-US: Dlink DIR-846 Router +CVE-2021-46318 + RESERVED +CVE-2021-46317 + RESERVED +CVE-2021-46316 + RESERVED +CVE-2021-46315 (Remote Command Execution (RCE) vulnerability exists in HNAP1/control/S ...) + NOT-FOR-US: D-Link +CVE-2021-46314 (A Remote Command Execution (RCE) vulnerability exists in HNAP1/control ...) + NOT-FOR-US: D-Link +CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentat ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2039 + NOTE: https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba +CVE-2021-46312 + RESERVED +CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2038 + NOTE: https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491 +CVE-2021-46310 + RESERVED +CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...) + NOT-FOR-US: Projectworlds Online Examination System +CVE-2021-46306 + RESERVED +CVE-2021-46305 + RESERVED +CVE-2021-46304 + RESERVED +CVE-2021-46303 + RESERVED +CVE-2021-46302 + RESERVED +CVE-2021-46301 + RESERVED +CVE-2021-46300 + RESERVED +CVE-2021-46299 + RESERVED +CVE-2021-46298 + RESERVED +CVE-2021-46297 + RESERVED +CVE-2021-46296 + RESERVED +CVE-2021-46295 + RESERVED +CVE-2021-46294 + RESERVED +CVE-2021-46293 + RESERVED +CVE-2021-46292 + RESERVED +CVE-2021-46291 + RESERVED +CVE-2021-46290 + RESERVED +CVE-2021-46289 + RESERVED +CVE-2021-46288 + RESERVED +CVE-2021-46287 + RESERVED +CVE-2021-46286 + RESERVED +CVE-2021-46285 + RESERVED +CVE-2021-46284 + RESERVED +CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...) + NOT-FOR-US: WordPress plugin +CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] ...) + NOT-FOR-US: WordPress plugin +CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...) + NOT-FOR-US: WordPress plugin +CVE-2021-44760 + RESERVED +CVE-2021-4207 + RESERVED +CVE-2021-4206 + RESERVED +CVE-2021-4205 + RESERVED +CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability discovere ...) + NOT-FOR-US: WordPress plugin +CVE-2021-26256 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...) + NOT-FOR-US: WordPress plugin +CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Ever ...) + NOT-FOR-US: WordPress plugin +CVE-2021-23209 + RESERVED +CVE-2021-23174 (Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-23150 + RESERVED +CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux <not-affected> (Vulnerable code not present) + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ad9f151e560b016b6ad3280b48e42fa11e1a5440 (5.13-rc7) +CVE-2021-4204 [eBPF Improper Input Validation Vulnerability] + RESERVED + - linux <unfixed> + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/4 +CVE-2021-46269 + RESERVED +CVE-2021-46268 + RESERVED +CVE-2021-46267 + RESERVED +CVE-2021-46266 + RESERVED +CVE-2021-46265 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2021-46264 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2021-46263 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2021-46262 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2021-46261 + RESERVED +CVE-2021-46260 + RESERVED +CVE-2021-46259 + RESERVED +CVE-2021-46258 + RESERVED +CVE-2021-46257 + RESERVED +CVE-2021-46256 + RESERVED +CVE-2021-46255 (eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to ...) + NOT-FOR-US: eyouCMS +CVE-2021-46254 + RESERVED +CVE-2021-46253 (A cross-site scripting (XSS) vulnerability in the Create Post function ...) + NOT-FOR-US: Anchor CMS +CVE-2021-46252 (A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of S ...) + NOT-FOR-US: scratch-confirmaccount-v3 +CVE-2021-46251 (A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit ...) + NOT-FOR-US: ScratchOAuth2 +CVE-2021-46250 (An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879 ...) + NOT-FOR-US: ScratchOAuth2 +CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Specific ...) + NOT-FOR-US: ScratchOAuth2 +CVE-2021-46248 + RESERVED +CVE-2021-46247 (The use of a hard-coded cryptographic key significantly increases the ...) + NOT-FOR-US: ASUS +CVE-2021-46246 + RESERVED +CVE-2021-46245 + RESERVED +CVE-2021-46244 (A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the functi ...) + - hdf5 <undetermined> + NOTE: https://github.com/HDFGroup/hdf5/issues/1327 + NOTE: https://github.com/advisories/GHSA-vrxh-5gxg-rmhm +CVE-2021-46243 (An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1- ...) + - hdf5 <undetermined> + NOTE: https://github.com/HDFGroup/hdf5/issues/1326 + NOTE: https://github.com/advisories/GHSA-2rqw-mg55-mp69 +CVE-2021-46242 (HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the ...) + - hdf5 <undetermined> + NOTE: https://github.com/HDFGroup/hdf5/issues/1329 + NOTE: https://github.com/advisories/GHSA-x9pw-hh7v-wjpf +CVE-2021-46241 + RESERVED +CVE-2021-46240 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2028 + NOTE: https://github.com/gpac/gpac/commit/31eb879ea67b3a6ff67d3211f4c6b83369d4898d +CVE-2021-46239 (The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2026 + NOTE: https://github.com/gpac/gpac/commit/4e1215758fa89455e8de1262df36f11740bb1bc4 +CVE-2021-46238 (GPAC v1.1.0 was discovered to contain a stack overflow via the functio ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2027 + NOTE: https://github.com/gpac/gpac/commit/4b9736ab8c9274db5858e5bf9fe0470bc3e7b6cf +CVE-2021-46237 (An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 v ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2033 + NOTE: https://github.com/gpac/gpac/commit/3cc122ad664a2355cce9784f50b59c6272d43f00 +CVE-2021-46236 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2024 + NOTE: https://github.com/gpac/gpac/commit/6a5effb57153cb05e72f6e9bd72afefc334a673d +CVE-2021-46235 + RESERVED +CVE-2021-46234 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2023 + NOTE: https://github.com/gpac/gpac/commit/70c6f6f832dccff814a19a74d87b97b3d68a4af5 +CVE-2021-46233 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46232 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46231 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46230 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46229 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46228 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46227 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46226 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46225 (A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allo ...) + NOT-FOR-US: libMeshb +CVE-2021-46224 + RESERVED +CVE-2021-46223 + RESERVED +CVE-2021-46222 + RESERVED +CVE-2021-46221 + RESERVED +CVE-2021-46220 + RESERVED +CVE-2021-46219 + RESERVED +CVE-2021-46218 + RESERVED +CVE-2021-46217 + RESERVED +CVE-2021-46216 + RESERVED +CVE-2021-46215 + RESERVED +CVE-2021-46214 + RESERVED +CVE-2021-46213 + RESERVED +CVE-2021-46212 + RESERVED +CVE-2021-46211 + RESERVED +CVE-2021-46210 + RESERVED +CVE-2021-46209 + RESERVED +CVE-2021-46208 + RESERVED +CVE-2021-46207 + RESERVED +CVE-2021-46206 + RESERVED +CVE-2021-46205 + RESERVED +CVE-2021-46204 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...) + NOT-FOR-US: taocms +CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...) + NOT-FOR-US: taocms +CVE-2021-46202 + RESERVED +CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort ...) + NOT-FOR-US: Sourcecodester Online Resort Management System +CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46199 + RESERVED +CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46197 + RESERVED +CVE-2021-46196 + RESERVED +CVE-2021-46195 (GCC v12.0 was discovered to contain an uncontrolled recursion via the ...) + - binutils <unfixed> (unimportant) + NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 + NOTE: binutils not covered by security support +CVE-2021-46194 + RESERVED +CVE-2021-46193 + RESERVED +CVE-2021-46192 + RESERVED +CVE-2021-46191 + RESERVED +CVE-2021-46190 + RESERVED +CVE-2021-46189 + RESERVED +CVE-2021-46188 + RESERVED +CVE-2021-46187 + RESERVED +CVE-2021-46186 + RESERVED +CVE-2021-46185 + RESERVED +CVE-2021-46184 + RESERVED +CVE-2021-46183 + RESERVED +CVE-2021-46182 + RESERVED +CVE-2021-46181 + RESERVED +CVE-2021-46180 + RESERVED +CVE-2021-46179 + RESERVED +CVE-2021-46178 + RESERVED +CVE-2021-46177 + RESERVED +CVE-2021-46176 + RESERVED +CVE-2021-46175 + RESERVED +CVE-2021-46174 + RESERVED +CVE-2021-46173 + RESERVED +CVE-2021-46172 + RESERVED +CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer dereference in se ...) + NOT-FOR-US: Modex +CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There is an Use ...) + - iotjs <unfixed> + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4917 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4942/commits/5e1fdd1d1e75105b43392b4bb3996099cdc50f3d +CVE-2021-46169 (Modex v2.11 was discovered to contain an Use-After-Free vulnerability ...) + NOT-FOR-US: Modex +CVE-2021-46168 (Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() ...) + NOT-FOR-US: Spin +CVE-2021-46167 + RESERVED +CVE-2021-44458 (Linux users running Lens 5.2.6 and earlier could be compromised by vis ...) + NOT-FOR-US: Lens +CVE-2021-4203 [af_unix: fix races in sk_peer_pid and sk_peer_cred accesses] + RESERVED + - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 + [stretch] - linux 4.9.290-1 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2230 + NOTE: https://git.kernel.org/linus/35306eb23814444bd4021f8a1c3047d3cb0c8b2b (5.15-rc4) +CVE-2021-4202 + RESERVED + - linux 5.15.5-1 (unimportant) + [bullseye] - linux 5.10.84-1 + NOTE: CONFIG_NFC_NCI not enabled in Debian +CVE-2021-23218 (When running with FIPS mode enabled, Mirantis Container Runtime 20.10. ...) + NOT-FOR-US: Mirantis Container Runtime +CVE-2021-23154 (In Lens prior to 5.3.4, custom helm chart configuration creates helm c ...) + NOT-FOR-US: Lens +CVE-2021-46166 (Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-46165 (Zoho ManageEngine Desktop Central before 10.0.662, during startup, lau ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-46164 (Zoho ManageEngine Desktop Central before 10.0.662 allows remote code e ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-46163 (Kentico Xperience 13.0.44 allows XSS via an XML document to the Media ...) + NOT-FOR-US: Kentico Xperience CMS +CVE-2021-46162 + RESERVED +CVE-2021-46161 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46160 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46159 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46158 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46157 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46156 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46155 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46154 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46153 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46152 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46151 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + NOT-FOR-US: MediaWiki extension CheckUser +CVE-2021-46149 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + NOT-FOR-US: MediaWiki extension UniversalLanguageSelector +CVE-2021-46148 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + NOT-FOR-US: MediaWiki extension SecurePoll +CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + NOT-FOR-US: MediaWiki extension MassEditRegex +CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + NOT-FOR-US: MediaWiki extension WikiBaseMediainfo +CVE-2021-4201 (Missing access control in ForgeRock Access Management 7.1.0 and earlie ...) + NOT-FOR-US: ForgeRock +CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...) + NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles +CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...) + {DSA-5073-1 DLA-2904-1} + - expat 2.4.3-1 + NOTE: https://github.com/libexpat/libexpat/issues/532 + NOTE: https://github.com/libexpat/libexpat/pull/538 + NOTE: https://github.com/libexpat/libexpat/commit/85ae9a2d7d0e9358f356b33977b842df8ebaec2b (R_2_4_3) +CVE-2021-46142 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...) + {DSA-5063-1 DLA-2883-1} + - uriparser 0.9.6+dfsg-1 + NOTE: https://github.com/uriparser/uriparser/issues/122 + NOTE: https://github.com/uriparser/uriparser/commit/c0483990e6b5b454f7c8752b36760cfcb0d093f5 (uriparser-0.9.6) + NOTE: https://github.com/uriparser/uriparser/pull/124 +CVE-2021-46141 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...) + {DSA-5063-1 DLA-2883-2 DLA-2883-1} + - uriparser 0.9.6+dfsg-1 + NOTE: https://github.com/uriparser/uriparser/issues/121 + NOTE: https://github.com/uriparser/uriparser/commit/987b046e41f407d17c622e580fc82a5e834b4329 (uriparser-0.9.6) + NOTE: https://github.com/uriparser/uriparser/commit/b1a34743bc1472e055d886e29e9b53f670eb3282 (uriparser-0.9.6) + NOTE: https://github.com/uriparser/uriparser/pull/124 +CVE-2021-4200 + RESERVED +CVE-2021-46140 + RESERVED +CVE-2021-46139 + RESERVED +CVE-2021-46138 + RESERVED +CVE-2021-46137 + RESERVED +CVE-2021-46136 + RESERVED +CVE-2021-46135 + RESERVED +CVE-2021-46134 + RESERVED +CVE-2021-46133 + RESERVED +CVE-2021-46132 + RESERVED +CVE-2021-46131 + RESERVED +CVE-2021-45722 + RESERVED +CVE-2021-45110 + RESERVED +CVE-2021-45073 + RESERVED +CVE-2021-44778 + RESERVED +CVE-2021-44468 + RESERVED +CVE-2021-44456 + RESERVED +CVE-2021-44452 + RESERVED +CVE-2021-43352 + RESERVED +CVE-2021-4199 + RESERVED +CVE-2021-4198 + RESERVED +CVE-2021-31564 + RESERVED +CVE-2021-23229 + RESERVED +CVE-2021-46130 + RESERVED +CVE-2021-46129 + RESERVED +CVE-2021-46128 + RESERVED +CVE-2021-46127 + RESERVED +CVE-2021-46126 + RESERVED +CVE-2021-46125 + RESERVED +CVE-2021-46124 + RESERVED +CVE-2021-46123 + RESERVED +CVE-2021-46122 + RESERVED +CVE-2021-46121 + RESERVED +CVE-2021-46120 + RESERVED +CVE-2021-46119 + RESERVED +CVE-2021-46118 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...) + NOT-FOR-US: jpress +CVE-2021-46117 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...) + NOT-FOR-US: jpress +CVE-2021-46116 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web. ...) + NOT-FOR-US: jpress +CVE-2021-46115 (jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateCon ...) + NOT-FOR-US: jpress +CVE-2021-46114 (jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.Produ ...) + NOT-FOR-US: jpress +CVE-2021-46113 (In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote ...) + NOT-FOR-US: MartDevelopers KEA-Hotel-ERP open source +CVE-2021-46112 + RESERVED +CVE-2021-46111 + RESERVED +CVE-2021-46110 (Online Shopping Portal v3.1 was discovered to contain multiple time-ba ...) + NOT-FOR-US: Online Shopping Portal +CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...) + NOT-FOR-US: ASUS +CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...) + NOT-FOR-US: D-Link +CVE-2021-46107 + RESERVED +CVE-2021-46106 + RESERVED +CVE-2021-46105 + RESERVED +CVE-2021-46104 (An issue was discovered in webp_server_go 0.4.0. There is a directory ...) + NOT-FOR-US: webp_server_go +CVE-2021-46103 + RESERVED +CVE-2021-46102 (From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in ...) + NOT-FOR-US: Solana rBBP +CVE-2021-46101 (In Git for windows through 2.34.1 when using git pull to update the lo ...) + NOT-FOR-US: Git for Windows +CVE-2021-46100 + RESERVED +CVE-2021-46099 + RESERVED +CVE-2021-46098 + RESERVED +CVE-2021-46097 (Dolphinphp v1.5.0 contains a remote code execution vulnerability in /a ...) + NOT-FOR-US: Dolphinphp +CVE-2021-46096 + RESERVED +CVE-2021-46095 + RESERVED +CVE-2021-46094 + RESERVED +CVE-2021-46093 (eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads ...) + NOT-FOR-US: eliteCMS +CVE-2021-46092 + RESERVED +CVE-2021-46091 + RESERVED +CVE-2021-46090 + RESERVED +CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that can oper ...) + NOT-FOR-US: JeecgBoot +CVE-2021-46088 (Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Exe ...) + - zabbix <undetermined> + NOTE: closed upstream as a "feature", then changed in 5.4 to make the attack less likely + NOTE: https://github.com/paalbra/zabbix-zbxsec-7 + NOTE: https://www.zabbix.com/documentation/3.0/en/manual/config/notifications/action/operation/remote_command + NOTE: https://www.zabbix.com/documentation/current/en/manual/config/notifications/action/operation/remote_command#access-permissions +CVE-2021-46087 (In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the ...) + NOT-FOR-US: jfinal_cms +CVE-2021-46086 (xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The fron ...) + NOT-FOR-US: xzs-mysql +CVE-2021-46085 (OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level a ...) + NOT-FOR-US: OneBlog +CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...) + NOT-FOR-US: uscat +CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...) + NOT-FOR-US: uscat +CVE-2021-46082 (Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gate ...) + NOT-FOR-US: Moxa +CVE-2021-46081 + RESERVED +CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Se ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46079 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46078 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46077 + RESERVED +CVE-2021-46076 (Sourcecodester Vehicle Service Management System 1.0 is vulnerable to ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46075 (A Privilege Escalation vulnerability exists in Sourcecodester Vehicle ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46074 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46073 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46072 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46071 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46070 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46069 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46068 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46067 (In Vehicle Service Management System 1.0 an attacker can steal the coo ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46066 + RESERVED +CVE-2021-46065 (A Cross-site scripting (XSS) vulnerability in Secondary Email Field in ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-46064 + RESERVED +CVE-2021-46063 (MCMS v5.2.5 was discovered to contain a Server Side Template Injection ...) + NOT-FOR-US: MCMS +CVE-2021-46062 (MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulne ...) + NOT-FOR-US: MCMS +CVE-2021-46061 (An SQL Injection vulnerability exists in Sourcecodester Computer and M ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46060 + REJECTED +CVE-2021-46059 + REJECTED +CVE-2021-46058 + REJECTED +CVE-2021-46057 + RESERVED +CVE-2021-46056 + RESERVED +CVE-2021-46055 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...) + - binaryen <unfixed> (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4413 + NOTE: Crash in CLI tool, no security impact +CVE-2021-46054 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...) + - binaryen <unfixed> (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4410 + NOTE: Crash in CLI tool, no security impact +CVE-2021-46053 (A Denial of Service vulnerability exists in Binaryen 103. The program ...) + - binaryen <unfixed> (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4392 + NOTE: Crash in CLI tool, no security impact +CVE-2021-46052 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...) + - binaryen <unfixed> (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4411 + NOTE: Crash in CLI tool, no security impact +CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media ...) + - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2011 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f +CVE-2021-46050 (A Stack Overflow vulnerability exists in Binaryen 103 via the printf_c ...) + - binaryen <unfixed> (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4391 + NOTE: Crash in CLI tool, no security impact +CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fi ...) + - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2013 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f +CVE-2021-46048 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...) + - binaryen <unfixed> (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4412 + NOTE: Crash in CLI tool, no security impact +CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hi ...) + - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2008 + NOTE: https://github.com/gpac/gpac/commit/dd2e8b1b9378a9679de8e7e5dcb2d7841acd5dbd +CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_si ...) + - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2005 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f +CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial ...) + - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2007 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f +CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...) + - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2006 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f +CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list ...) + - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2001 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f +CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...) + - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2002 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f +CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...) + - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2004 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f +CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...) + - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2003 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f +CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...) + - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/1999 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f +CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...) + - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/2000 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f +CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...) + NOT-FOR-US: MCMS +CVE-2021-46036 (An arbitrary file upload vulnerability in the component /ms/file/uploa ...) + NOT-FOR-US: MCMS +CVE-2021-46035 + RESERVED +CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...) + NOT-FOR-US: ForestBlog +CVE-2021-46033 (In ForestBlog, as of 2021-12-28, File upload can bypass verification. ...) + NOT-FOR-US: ForestBlog +CVE-2021-46032 + RESERVED +CVE-2021-46031 + RESERVED +CVE-2021-46030 (There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuar ...) + NOT-FOR-US: JavaQuarkBBS +CVE-2021-46029 + RESERVED +CVE-2021-46028 (In mblog <= 3.5.0 there is a CSRF vulnerability in the background a ...) + NOT-FOR-US: mblog +CVE-2021-46027 (mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the backgro ...) + NOT-FOR-US: mysiteforme +CVE-2021-46026 (mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting ( ...) + NOT-FOR-US: mysiteforme +CVE-2021-46025 (A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2 ...) + NOT-FOR-US: OneBlog +CVE-2021-46024 (Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL I ...) + NOT-FOR-US: Projectworlds online-shopping-webvsite-in-php +CVE-2021-46023 + RESERVED +CVE-2021-46022 (An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset ...) + - recutils <unfixed> (unimportant) + NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00007.html + NOTE: Negligible security impact +CVE-2021-46021 (An Use-After-Free vulnerability in rec_record_destroy() at rec-record. ...) + - recutils <unfixed> (unimportant) + NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00008.html + NOTE: Negligible security impact +CVE-2021-46020 (An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can ...) + - mruby <unfixed> + [bullseye] - mruby <no-dsa> (Minor issue) + [buster] - mruby <no-dsa> (Minor issue) + [stretch] - mruby <postponed> (revisit when/if fix is complete) + NOTE: https://github.com/mruby/mruby/issues/5613 +CVE-2021-46019 (An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GN ...) + - recutils <unfixed> (unimportant) + NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00009.html + NOTE: Negligible security impact +CVE-2021-46018 + RESERVED +CVE-2021-46017 + RESERVED +CVE-2021-46016 + RESERVED +CVE-2021-46015 + RESERVED +CVE-2021-46014 + RESERVED +CVE-2021-46013 (An unrestricted file upload vulnerability exists in Sourcecodester Fre ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46012 + REJECTED +CVE-2021-46011 + RESERVED +CVE-2021-46010 + RESERVED +CVE-2021-46009 + RESERVED +CVE-2021-46008 + RESERVED +CVE-2021-46007 + RESERVED +CVE-2021-46006 + RESERVED +CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46004 + RESERVED +CVE-2021-46003 + RESERVED +CVE-2021-46002 + RESERVED +CVE-2021-46001 + RESERVED +CVE-2021-46000 + RESERVED +CVE-2021-45999 + RESERVED +CVE-2021-45998 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...) + NOT-FOR-US: D-Link +CVE-2021-45997 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45996 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45995 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45994 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45993 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45992 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45991 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45990 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45989 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45988 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45987 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45986 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45985 + RESERVED +CVE-2021-4197 [cgroup: Use open-time creds and namespace for migration perm checks] + RESERVED + - linux 5.15.15-1 + NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/ + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652 +CVE-2021-46144 (Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML ...) + {DSA-5037-1 DLA-2878-1} + - roundcube <unfixed> (bug #1003027) + NOTE: https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 (1.5.2) + NOTE: https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 (1.4.13) + NOTE: https://roundcube.net/news/2021/12/30/update-1.5.2-released + NOTE: https://roundcube.net/news/2021/12/30/security-update-1.4.13-released +CVE-2021-45984 + RESERVED +CVE-2021-45983 + RESERVED +CVE-2021-45982 + RESERVED +CVE-2021-45981 + RESERVED +CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) + NOT-FOR-US: Foxit +CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) + NOT-FOR-US: Foxit +CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) + NOT-FOR-US: Foxit +CVE-2021-45977 + RESERVED +CVE-2021-45976 + RESERVED +CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerabi ...) + NOT-FOR-US: Acer +CVE-2021-45974 + RESERVED +CVE-2021-45973 + RESERVED +CVE-2021-45972 (The giftrans function in giftrans 1.12.2 contains a stack-based buffer ...) + - giftrans <unfixed> (bug #1002739; unimportant) + NOTE: Negligible security impact; crash in CLI tool +CVE-2021-45971 (An issue was discovered in SdHostDriver in Insyde InsydeH2O with kerne ...) + NOT-FOR-US: Insyde +CVE-2021-45970 (An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5 ...) + NOT-FOR-US: Insyde +CVE-2021-45969 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) + NOT-FOR-US: Insyde +CVE-2021-45968 + RESERVED +CVE-2021-45967 + RESERVED +CVE-2021-45966 + RESERVED +CVE-2021-45965 + RESERVED +CVE-2021-45964 + RESERVED +CVE-2021-45963 + RESERVED +CVE-2021-45962 + RESERVED +CVE-2021-45961 + RESERVED +CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) pla ...) + {DSA-5073-1 DLA-2904-1} + - expat 2.4.3-1 (bug #1002994) + NOTE: https://github.com/libexpat/libexpat/issues/531 + NOTE: https://github.com/libexpat/libexpat/pull/534 + NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/0adcb34c49bee5b19bd29b16a578c510c23597ea (R_2_4_3) +CVE-2021-45959 + REJECTED +CVE-2021-45958 (UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow ...) + - ujson <unfixed> (bug #1005140) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 + NOTE: https://github.com/ultrajson/ultrajson/issues/501 + NOTE: https://github.com/ultrajson/ultrajson/issues/502 +CVE-2021-45957 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in answer ...) + - dnsmasq <unfixed> (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35920 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-935.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45956 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in print_ ...) + - dnsmasq <unfixed> (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45955 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in resize ...) + - dnsmasq <unfixed> (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35898 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-932.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45954 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extrac ...) + - dnsmasq <unfixed> (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35861 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-931.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45953 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extrac ...) + - dnsmasq <unfixed> (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35858 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-929.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45952 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_r ...) + - dnsmasq <unfixed> (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35870 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-927.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45951 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in check_ ...) + - dnsmasq <unfixed> (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35868 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-924.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...) + - libredwg <itp> (bug #595191) +CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...) + {DSA-5038-1 DLA-2879-1} + - ghostscript 9.55.0~dfsg-1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703902 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 +CVE-2021-45948 (Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-base ...) + - assimp 5.1.1~ds0-1 + [bullseye] - assimp <not-affected> (Vulnerable code not present) + [buster] - assimp <not-affected> (Vulnerable code not present) + [stretch] - assimp <not-affected> (M3D format support not present) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml + NOTE: https://github.com/assimp/assimp/pull/4146 + NOTE: https://github.com/assimp/assimp/commit/30f17aa2064b86c0096f0ec701b9e8ea9312fef2 (v5.1.0) + NOTE: Introduced by: https://github.com/assimp/assimp/commit/a622e109a0739435e3e2f05bfbedba0e8385282d (v5.1.0.rc1) +CVE-2021-45947 (Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from ...) + NOT-FOR-US: wasm3 +CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...) + NOT-FOR-US: wasm3 +CVE-2021-45945 + REJECTED +CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...) + {DSA-5038-1 DLA-2879-1} + - ghostscript 9.54.0~dfsg-5 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7861fcad13c497728189feafb41cd57b5b50ea25 +CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...) + {DLA-2877-1} + [experimental] - gdal 3.4.1~rc1+dfsg-1~exp1 + - gdal <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993 + NOTE: https://github.com/OSGeo/gdal/pull/4944 + NOTE: https://github.com/OSGeo/gdal/commit/93913a849dc1d217a40dbf9d6e6a3a23c42b61a6 (master) + NOTE: Backport to 3.4: https://github.com/OSGeo/gdal/pull/4947 + NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1) + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml +CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...) + - openexr <unfixed> + [buster] - openexr <no-dsa> (Minor issue) + [stretch] - openexr <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1209 +CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...) + - libbpf <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml + TODO: check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started +CVE-2021-45940 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...) + - libbpf <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40868 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1562.yaml + TODO: check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started +CVE-2021-45939 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + NOT-FOR-US: uWebSockets +CVE-2021-45938 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + NOT-FOR-US: wolfMQTT +CVE-2021-45937 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + NOT-FOR-US: wolfMQTT +CVE-2021-45936 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Di ...) + NOT-FOR-US: wolfMQTT +CVE-2021-45935 (Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K: ...) + - libgrokj2k <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39021 + NOTE: Referenced fix isn't in the upstream repo +CVE-2021-45934 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + NOT-FOR-US: wolfMQTT +CVE-2021-45933 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in Mqt ...) + NOT-FOR-US: wolfMQTT +CVE-2021-45932 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in Mqt ...) + NOT-FOR-US: wolfMQTT +CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t:: ...) + - harfbuzz <undetermined> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml + NOTE: https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81 (2.9.1) + TODO: check correctness of commit, might not affect any Debian released version +CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ...) + {DLA-2895-1 DLA-2885-1} + - qtsvg-opensource-src 5.15.2-4 (bug #1002991) + [bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue) + [buster] - qtsvg-opensource-src <no-dsa> (Minor issue) + - qt4-x11 <removed> + [buster] - qt4-x11 <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml + NOTE: https://bugreports.qt.io/browse/QTBUG-96044 + NOTE: https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620 (dev) + NOTE: https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670 (v6.2.2) + NOTE: https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc (v5.12.12) +CVE-2021-45929 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...) + NOT-FOR-US: wasm3 +CVE-2021-45928 (libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other produ ...) + - jpeg-xl <not-affected> (Vulnerable code not present in a released Debian version; fixed before inital upload to Debian) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456 + NOTE: https://github.com/libjxl/libjxl/issues/360 + NOTE: https://github.com/libjxl/libjxl/pull/365 + NOTE: Introduced by: https://github.com/libjxl/libjxl/pull/205 (v0.6) + NOTE: Fixed by: https://github.com/libjxl/libjxl/commit/1c05e110d69b457696366fb4e762057b6855349b (v0.6) +CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...) + - mdbtools <undetermined> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187 + TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52? +CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...) + - mdbtools <undetermined> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972 + TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52? +CVE-2021-4196 + RESERVED +CVE-2021-4195 + RESERVED +CVE-2021-45732 (Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded cre ...) + NOT-FOR-US: Netgear +CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information ...) + NOT-FOR-US: Netgear +CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw d ...) + NOT-FOR-US: Bitmask Riseup VPN +CVE-2021-4194 (bookstack is vulnerable to Improper Access Control ...) + NOT-FOR-US: bookstack +CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...) + - vim 2:8.2.3995-1 + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0 + NOTE: Fixed by: https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b (v8.2.3950) +CVE-2021-4192 (vim is vulnerable to Use After Free ...) + - vim 2:8.2.3995-1 + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22 + NOTE: Fixed by: https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952 (v8.2.3949) +CVE-2021-4191 + RESERVED +CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient pro ...) + NOT-FOR-US: Netgear +CVE-2021-45919 (Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. ...) + NOT-FOR-US: Studio 42 elFinder +CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...) + - wireshark <unfixed> + [bullseye] - wireshark <no-dsa> (Minor issue) + [buster] - wireshark <no-dsa> (Minor issue) + [stretch] - wireshark <no-dsa> (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811 +CVE-2021-4189 [ftplib should not use the host from the PASV response] + RESERVED + {DLA-2919-1} + - python3.10 <not-affected> (Fixed before initial upload to Debian unstable) + - python3.9 3.9.7-1 + [bullseye] - python3.9 <no-dsa> (Minor issue) + - python3.7 <removed> + [buster] - python3.7 <no-dsa> (Minor issue) + - python3.5 <removed> + [stretch] - python3.5 <no-dsa> (Minor issue) + - python2.7 <unfixed> + [bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support) + [buster] - python2.7 <no-dsa> (Minor issue) + NOTE: https://bugs.python.org/issue43285 + NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master) + NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3) + NOTE: https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11) + NOTE: https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036020 +CVE-2021-45918 + RESERVED +CVE-2021-45917 (The server-request receiver function of Shockwall system has an improp ...) + NOT-FOR-US: Shockwall system +CVE-2021-45916 (The programming function of Shockwall system has an improper input val ...) + NOT-FOR-US: Shockwall system +CVE-2021-45915 + RESERVED +CVE-2021-45914 + RESERVED +CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...) + - mruby <not-affected> (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28 + NOTE: Fixed by: https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8 +CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2. ...) + NOT-FOR-US: ControlUp Real-Time Agent +CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...) + NOT-FOR-US: ControlUp Real-Time Agent +CVE-2021-44775 + RESERVED +CVE-2021-44465 + RESERVED +CVE-2021-4187 (vim is vulnerable to Use After Free ...) + - vim 2:8.2.3995-1 + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <not-affected> (Vulnerable code introduced later) + [stretch] - vim <not-affected> (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e + NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695) + NOTE: Fixed by: https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441 (v8.2.3923) +CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...) + - gif2apng <removed> (bug #1002687) +CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...) + - gif2apng <removed> (bug #1002667) +CVE-2021-45909 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...) + - gif2apng <removed> (bug #1002668) +CVE-2021-45908 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...) + - gif2apng <removed> (bug #1002669; unimportant) + NOTE: Negligible security impact +CVE-2021-45907 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...) + - gif2apng <removed> (bug #1002669; unimportant) + NOTE: Negligible security impact +CVE-2021-45906 (OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. ...) + NOT-FOR-US: OpenWrt +CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. ...) + NOT-FOR-US: OpenWrt +CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. ...) + NOT-FOR-US: OpenWrt +CVE-2021-45903 (A persistent cross-site scripting (XSS) issue in the web interface of ...) + NOT-FOR-US: SuiteCRM +CVE-2021-45902 + RESERVED +CVE-2021-45901 (The password-reset form in ServiceNow Orlando provides different respo ...) + NOT-FOR-US: ServiceNow Orlando +CVE-2021-45900 + RESERVED +CVE-2021-45899 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserializatio ...) + NOT-FOR-US: SuiteCRM +CVE-2021-45898 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusio ...) + NOT-FOR-US: SuiteCRM +CVE-2021-45897 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code executi ...) + NOT-FOR-US: SuiteCRM +CVE-2021-45896 (Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an ...) + NOT-FOR-US: Nokia FastMile 3TG00118ABAD52 devices +CVE-2021-45895 (Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows ...) + NOT-FOR-US: Netgen Tags Bundle +CVE-2021-45894 + RESERVED +CVE-2021-45893 + RESERVED +CVE-2021-45892 + RESERVED +CVE-2021-45891 + RESERVED +CVE-2021-45890 (basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authenti ...) + NOT-FOR-US: AuthGuard +CVE-2021-45889 + RESERVED +CVE-2021-45888 + RESERVED +CVE-2021-45887 + RESERVED +CVE-2021-45886 + RESERVED +CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.2.2 th ...) + NOT-FOR-US: Stormshield Network Security (SNS) +CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...) + - wireshark 3.6.0-1 + [bullseye] - wireshark <no-dsa> (Minor issue) + [buster] - wireshark <no-dsa> (Minor issue) + [stretch] - wireshark <no-dsa> (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737 +CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...) + - wireshark 3.6.2-1 + [bullseye] - wireshark <no-dsa> (Minor issue) + [buster] - wireshark <no-dsa> (Minor issue) + [stretch] - wireshark <no-dsa> (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745 +CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...) + - wireshark 3.6.2-1 + [bullseye] - wireshark <no-dsa> (Minor issue) + [buster] - wireshark <no-dsa> (Minor issue) + [stretch] - wireshark <no-dsa> (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-18.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17754 +CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of se ...) + - wireshark 3.6.2-1 + [bullseye] - wireshark <no-dsa> (Minor issue) + [buster] - wireshark <no-dsa> (Minor issue) + [stretch] - wireshark <no-dsa> (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-19.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755 +CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...) + - wireshark 3.6.2-1 + [bullseye] - wireshark <no-dsa> (Minor issue) + [buster] - wireshark <no-dsa> (Minor issue) + [stretch] - wireshark <no-dsa> (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801 +CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...) + - wireshark 3.6.2-1 + [bullseye] - wireshark <no-dsa> (Minor issue) + [buster] - wireshark <no-dsa> (Minor issue) + [stretch] - wireshark <no-dsa> (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-21.html + NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/5429 +CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based a ...) + - brave-browser <itp> (bug #864795) +CVE-2021-45883 + RESERVED +CVE-2021-45882 + RESERVED +CVE-2021-45881 + RESERVED +CVE-2021-45880 + RESERVED +CVE-2021-45879 + RESERVED +CVE-2021-45878 + RESERVED +CVE-2021-45877 + RESERVED +CVE-2021-45876 + RESERVED +CVE-2021-45875 + RESERVED +CVE-2021-45874 + RESERVED +CVE-2021-45873 + RESERVED +CVE-2021-45872 + RESERVED +CVE-2021-45871 + RESERVED +CVE-2021-45870 + RESERVED +CVE-2021-45869 + RESERVED +CVE-2021-45868 + RESERVED +CVE-2021-45867 + RESERVED +CVE-2021-45866 + RESERVED +CVE-2021-45865 + RESERVED +CVE-2021-45864 + RESERVED +CVE-2021-45863 + RESERVED +CVE-2021-45862 + RESERVED +CVE-2021-45861 + RESERVED +CVE-2021-45860 + RESERVED +CVE-2021-45859 + RESERVED +CVE-2021-45858 + RESERVED +CVE-2021-45857 + RESERVED +CVE-2021-45856 (Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buf ...) + NOT-FOR-US: Accu-Time Systems MAXIMUS +CVE-2021-45855 + RESERVED +CVE-2021-45854 + RESERVED +CVE-2021-45853 + RESERVED +CVE-2021-45852 + RESERVED +CVE-2021-45851 + RESERVED +CVE-2021-45850 + RESERVED +CVE-2021-45849 + RESERVED +CVE-2021-45848 + RESERVED +CVE-2021-45847 (Several missing input validations in the 3MF parser component of Slic3 ...) + - slic3r <unfixed> + NOTE: https://github.com/slic3r/Slic3r/issues/5118 + NOTE: https://github.com/slic3r/Slic3r/issues/5119 + NOTE: https://github.com/slic3r/Slic3r/issues/5120 +CVE-2021-45846 (A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker ...) + - slic3r <unfixed> + NOTE: https://github.com/slic3r/Slic3r/issues/5117 +CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS comma ...) + - freecad <unfixed> + [stretch] - freecad <not-affected> (Vulnerable code introduced in 0.17) + NOTE: https://github.com/FreeCAD/FreeCAD/pull/5306 + NOTE: Fixed by: https://github.com/FreeCAD/FreeCAD/commit/169eb655f30180b95e5923be2eb3bc4de6e02406 + NOTE: https://tracker.freecad.org/view.php?id=4810 +CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter from Fre ...) + - freecad <unfixed> (bug #1005747) + NOTE: https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6 (0.20) + NOTE: https://tracker.freecad.org/view.php?id=4809 +CVE-2021-45843 (glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (X ...) + NOT-FOR-US: glFusion CMS +CVE-2021-45842 + RESERVED +CVE-2021-45841 + RESERVED +CVE-2021-45840 + RESERVED +CVE-2021-45839 + RESERVED +CVE-2021-45838 + RESERVED +CVE-2021-45837 + RESERVED +CVE-2021-45836 + RESERVED +CVE-2021-45835 + RESERVED +CVE-2021-45834 + RESERVED +CVE-2021-45833 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...) + - hdf5 <undetermined> + NOTE: https://github.com/HDFGroup/hdf5/issues/1313 + NOTE: https://github.com/advisories/GHSA-x57p-jwp6-4v79 +CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ...) + - hdf5 <undetermined> + NOTE: https://github.com/HDFGroup/hdf5/issues/1315 + NOTE: https://github.com/advisories/GHSA-hvh7-f5p9-68g8 +CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1990 + NOTE: https://github.com/gpac/gpac/commit/4613a35362e15a6df90453bd632d083645e5a765 +CVE-2021-45830 (A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ...) + - hdf5 <undetermined> + NOTE: https://github.com/HDFGroup/hdf5/issues/1314 + NOTE: https://github.com/advisories/GHSA-5h2h-fjjr-x9m2 +CVE-2021-45829 (HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ...) + - hdf5 <undetermined> + NOTE: https://github.com/HDFGroup/hdf5/issues/1317 + NOTE: https://github.com/advisories/GHSA-23gx-cm6v-952g +CVE-2021-45828 + RESERVED +CVE-2021-45827 + RESERVED +CVE-2021-45826 + RESERVED +CVE-2021-45825 + RESERVED +CVE-2021-45824 + RESERVED +CVE-2021-45823 + RESERVED +CVE-2021-45822 + RESERVED +CVE-2021-45821 + RESERVED +CVE-2021-45820 + RESERVED +CVE-2021-45819 + RESERVED +CVE-2021-45818 (SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability wh ...) + NOT-FOR-US: SAFARI Montage +CVE-2021-45817 + REJECTED +CVE-2021-45816 + RESERVED +CVE-2021-45815 (Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Script ...) + NOT-FOR-US: Quectel UC20 UMTS/HSPA+ UC20 +CVE-2021-45814 (Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attack ...) + NOT-FOR-US: Nettmp NNT +CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vu ...) + NOT-FOR-US: SLICAN WebCTI +CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site ...) + NOT-FOR-US: NUUO Network Video Recorder NVRsolo +CVE-2021-45811 + RESERVED +CVE-2021-45810 + RESERVED +CVE-2021-45809 + RESERVED +CVE-2021-45808 (jpress v4.2.0 allows users to register an account by default. With the ...) + NOT-FOR-US: jpress +CVE-2021-45807 (jpress v4.2.0 is vulnerable to command execution via io.jpress.web.adm ...) + NOT-FOR-US: jpress +CVE-2021-45806 (jpress v4.2.0 admin panel provides a function through which attackers ...) + NOT-FOR-US: jpress +CVE-2021-45805 + RESERVED +CVE-2021-45804 + RESERVED +CVE-2021-45803 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...) + NOT-FOR-US: MartDevelopers iResturant +CVE-2021-45802 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...) + NOT-FOR-US: MartDevelopers iResturant +CVE-2021-45801 + RESERVED +CVE-2021-45800 + RESERVED +CVE-2021-45799 + RESERVED +CVE-2021-45798 + RESERVED +CVE-2021-45797 + RESERVED +CVE-2021-45796 + RESERVED +CVE-2021-45795 + RESERVED +CVE-2021-45794 + RESERVED +CVE-2021-45793 + RESERVED +CVE-2021-45792 + RESERVED +CVE-2021-45791 + RESERVED +CVE-2021-45790 (An arbitrary file upload vulnerability was found in Metersphere v1.15. ...) + NOT-FOR-US: Metersphere +CVE-2021-45789 (An arbitrary file read vulnerability was found in Metersphere v1.15.4, ...) + NOT-FOR-US: Metersphere +CVE-2021-45788 (Time-based SQL Injection vulnerabilities were found in Metersphere v1. ...) + NOT-FOR-US: Metersphere +CVE-2021-45787 + RESERVED +CVE-2021-45786 + RESERVED +CVE-2021-45785 + RESERVED +CVE-2021-45784 + RESERVED +CVE-2021-45783 + RESERVED +CVE-2021-45782 + REJECTED +CVE-2021-45781 + REJECTED +CVE-2021-45780 + REJECTED +CVE-2021-45779 + REJECTED +CVE-2021-45778 + REJECTED +CVE-2021-45777 + RESERVED +CVE-2021-45776 + RESERVED +CVE-2021-45775 + REJECTED +CVE-2021-45774 + REJECTED +CVE-2021-45773 (A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec ...) + NOT-FOR-US: lib60870 +CVE-2021-45772 + RESERVED +CVE-2021-45771 + RESERVED +CVE-2021-45770 + RESERVED +CVE-2021-45769 (A NULL pointer dereference in AcseConnection_parseMessage at src/mms/i ...) + NOT-FOR-US: libiec61850 +CVE-2021-45768 + RESERVED +CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1982 + NOTE: https://github.com/gpac/gpac/commit/830548acd030467e857f4cf0b79af8ebf1e04dde +CVE-2021-45766 + RESERVED +CVE-2021-45765 + RESERVED +CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1971 + NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb +CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1974 + NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec +CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1978 + NOTE: https://github.com/gpac/gpac/commit/6d647f6e458c9b727eae1a8077d27fa433ced788 +CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address derefe ...) + NOT-FOR-US: ROPium +CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1966 + NOTE: https://github.com/gpac/gpac/commit/5041fcbaa904a89d280561905a163171b3828cea +CVE-2021-45759 + RESERVED +CVE-2021-45758 + RESERVED +CVE-2021-45757 + RESERVED +CVE-2021-45756 + RESERVED +CVE-2021-45755 + RESERVED +CVE-2021-45754 + RESERVED +CVE-2021-45753 + RESERVED +CVE-2021-45752 + RESERVED +CVE-2021-45751 + RESERVED +CVE-2021-45750 + RESERVED +CVE-2021-45749 + RESERVED +CVE-2021-45748 + RESERVED +CVE-2021-45747 + RESERVED +CVE-2021-45746 + RESERVED +CVE-2021-45745 (A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.1 ...) + NOT-FOR-US: Bludit +CVE-2021-45744 (A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.1 ...) + NOT-FOR-US: Bludit +CVE-2021-45743 + RESERVED +CVE-2021-45742 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a comm ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45741 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45740 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45739 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45738 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45737 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45736 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45735 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45734 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45733 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2021-4180 + RESERVED + - tripleo-heat-templates <removed> + NOTE: https://bugs.launchpad.net/tripleo/+bug/1955397 +CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + NOT-FOR-US: livehelperchat +CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...) + NOT-FOR-US: Rust crate lru +CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45718 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45717 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45716 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45715 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45714 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45713 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45712 (An issue was discovered in the rust-embed crate before 6.3.0 for Rust. ...) + NOT-FOR-US: Rust crate rust-embed +CVE-2021-45711 (An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 fo ...) + NOT-FOR-US: Rust crate simple_asn1 +CVE-2021-45710 (An issue was discovered in the tokio crate before 1.8.4, and 1.9.x thr ...) + - rust-tokio <unfixed> + [bullseye] - rust-tokio <no-dsa> (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0124.html + NOTE: https://github.com/tokio-rs/tokio/issues/4225 +CVE-2021-45709 (An issue was discovered in the crypto2 crate through 2021-10-08 for Ru ...) + NOT-FOR-US: Rust crate crypto2 +CVE-2021-45708 (An issue was discovered in the abomonation crate through 2021-10-17 fo ...) + NOT-FOR-US: Rust crate abomonation +CVE-2021-45707 (An issue was discovered in the nix crate before 0.20.2, 0.21.x before ...) + - rust-nix 0.23.0-1 + [bullseye] - rust-nix <no-dsa> (Minor issue) + [buster] - rust-nix <not-affected> (Introduced in 0.16) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html +CVE-2021-45706 (An issue was discovered in the zeroize_derive crate before 1.1.1 for R ...) + NOT-FOR-US: Rust crate zeroize_derive +CVE-2021-45705 (An issue was discovered in the nanorand crate before 0.6.1 for Rust. T ...) + NOT-FOR-US: Rust crate nanorand +CVE-2021-45704 (An issue was discovered in the metrics-util crate before 0.7.0 for Rus ...) + NOT-FOR-US: Rust crate metrics-util +CVE-2021-45703 (An issue was discovered in the tectonic_xdv crate before 0.1.12 for Ru ...) + NOT-FOR-US: Rust crate tectonic_xdv +CVE-2021-45702 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...) + NOT-FOR-US: Rust crate tremor-script +CVE-2021-45701 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...) + NOT-FOR-US: Rust crate tremor-script +CVE-2021-45700 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Attac ...) + NOT-FOR-US: Rust crate ckb +CVE-2021-45699 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Remot ...) + NOT-FOR-US: Rust crate ckb +CVE-2021-45698 (An issue was discovered in the ckb crate before 0.40.0 for Rust. A get ...) + NOT-FOR-US: Rust crate ckb +CVE-2021-45697 (An issue was discovered in the molecule crate before 0.7.2 for Rust. A ...) + NOT-FOR-US: Rust crate molecule +CVE-2021-45696 (An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. ...) + - rust-sha2 <not-affected> (Only affetced 0.9.7, never uploaded to the archive) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0100.html +CVE-2021-45695 (An issue was discovered in the mopa crate through 2021-06-01 for Rust. ...) + NOT-FOR-US: Rust crate mopa +CVE-2021-45694 (An issue was discovered in the rdiff crate through 2021-02-03 for Rust ...) + NOT-FOR-US: Rust crate rdiff +CVE-2021-45693 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...) + NOT-FOR-US: Rust crate messagepack-rs +CVE-2021-45692 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...) + NOT-FOR-US: Rust crate messagepack-rs +CVE-2021-45691 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...) + NOT-FOR-US: Rust crate messagepack-rs +CVE-2021-45690 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...) + NOT-FOR-US: Rust crate messagepack-rs +CVE-2021-45689 (An issue was discovered in the gfx-auxil crate through 2021-01-07 for ...) + NOT-FOR-US: Rust crate gfx-auxil +CVE-2021-45688 (An issue was discovered in the ash crate before 0.33.1 for Rust. util: ...) + NOT-FOR-US: Rust crate ash +CVE-2021-45687 (An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. ...) + NOT-FOR-US: Rust crate raw-cpuid +CVE-2021-45686 (An issue was discovered in the csv-sniffer crate through 2021-01-05 fo ...) + NOT-FOR-US: Rust crate csv-sniffer +CVE-2021-45685 (An issue was discovered in the columnar crate through 2021-01-07 for R ...) + NOT-FOR-US: Rust crate columnar +CVE-2021-45684 (An issue was discovered in the flumedb crate through 2021-01-07 for Ru ...) + NOT-FOR-US: Rust crate flumedb +CVE-2021-45683 (An issue was discovered in the binjs_io crate through 2021-01-03 for R ...) + NOT-FOR-US: Rust crate binjs +CVE-2021-45682 (An issue was discovered in the bronzedb-protocol crate through 2021-01 ...) + NOT-FOR-US: Rust crate bronzedb-protocol +CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.2 for ...) + NOT-FOR-US: Rust crate derive-com-impl +CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust. ...) + NOT-FOR-US: Rust crate vec-const +CVE-2021-45111 + RESERVED +CVE-2021-45071 + RESERVED +CVE-2021-44547 + RESERVED +CVE-2021-44476 + RESERVED +CVE-2021-44475 + RESERVED +CVE-2021-44461 + RESERVED +CVE-2021-44460 + RESERVED +CVE-2021-4178 + RESERVED + NOT-FOR-US: fabric8io/kubernetes-client + NOTE: https://github.com/fabric8io/kubernetes-client/issues/3653 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034388 +CVE-2021-4177 (livehelperchat is vulnerable to Generation of Error Message Containing ...) + NOT-FOR-US: livehelperchat +CVE-2021-4176 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + NOT-FOR-US: livehelperchat +CVE-2021-4175 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + NOT-FOR-US: livehelperchat +CVE-2021-26947 + RESERVED +CVE-2021-23186 + RESERVED +CVE-2021-23178 + RESERVED +CVE-2021-23176 + RESERVED +CVE-2021-23166 + RESERVED +CVE-2021-4174 + RESERVED +CVE-2021-4173 (vim is vulnerable to Use After Free ...) + - vim 2:8.2.3995-1 + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <not-affected> (Vulnerable code introduced later) + [stretch] - vim <not-affected> (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766 + NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695) + NOTE: Fixed by: https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04 (v8.2.3902) +CVE-2021-4172 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...) + NOT-FOR-US: ShowDoc +CVE-2021-4171 (calibre-web is vulnerable to Business Logic Errors ...) + NOT-FOR-US: calibre-web +CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. This aff ...) + NOT-FOR-US: Netgear +CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. ...) + NOT-FOR-US: Netgear +CVE-2021-45677 (Certain NETGEAR devices are affected by stored XSS. This affects GS108 ...) + NOT-FOR-US: Netgear +CVE-2021-45676 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...) + NOT-FOR-US: Netgear +CVE-2021-45675 (Certain NETGEAR devices are affected by stored XSS. This affects R6120 ...) + NOT-FOR-US: Netgear +CVE-2021-45674 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...) + NOT-FOR-US: Netgear +CVE-2021-45673 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...) + NOT-FOR-US: Netgear +CVE-2021-45672 (Certain NETGEAR devices are affected by Stored XSS. This affects D6200 ...) + NOT-FOR-US: Netgear +CVE-2021-45671 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...) + NOT-FOR-US: Netgear +CVE-2021-45670 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...) + NOT-FOR-US: Netgear +CVE-2021-45669 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...) + NOT-FOR-US: Netgear +CVE-2021-45668 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...) + NOT-FOR-US: Netgear +CVE-2021-45667 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...) + NOT-FOR-US: Netgear +CVE-2021-45666 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...) + NOT-FOR-US: Netgear +CVE-2021-45665 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...) + NOT-FOR-US: Netgear +CVE-2021-45664 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. ...) + NOT-FOR-US: Netgear +CVE-2021-45663 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. ...) + NOT-FOR-US: Netgear +CVE-2021-45662 (NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS. ...) + NOT-FOR-US: Netgear +CVE-2021-45661 (Certain NETGEAR devices are affected by server-side injection. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45660 (Certain NETGEAR devices are affected by server-side injection. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45659 (Certain NETGEAR devices are affected by server-side injection. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45658 (Certain NETGEAR devices are affected by server-side injection. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45657 (Certain NETGEAR devices are affected by server-side injection. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45656 (Certain NETGEAR devices are affected by server-side injection. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45655 (NETGEAR R6400 devices before 1.0.1.70 are affected by server-side inje ...) + NOT-FOR-US: Netgear +CVE-2021-45654 (NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of s ...) + NOT-FOR-US: Netgear +CVE-2021-45653 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45652 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45651 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45650 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45649 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45648 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45647 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45646 (NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of ...) + NOT-FOR-US: Netgear +CVE-2021-45645 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-45644 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-45643 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-45642 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-45641 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-45640 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-45639 (Certain NETGEAR devices are affected by reflected XSS. This affects CB ...) + NOT-FOR-US: Netgear +CVE-2021-45638 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45637 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45636 (NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based bu ...) + NOT-FOR-US: Netgear +CVE-2021-45635 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45634 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45633 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45632 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45631 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45630 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45629 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45628 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45627 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45626 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45625 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45624 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45623 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45622 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45621 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45620 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45619 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45618 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45617 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45616 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45615 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45614 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45613 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45612 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45611 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45610 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45609 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45608 (Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital d ...) + NOT-FOR-US: D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices +CVE-2021-45607 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45606 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45605 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45604 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45603 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45602 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45601 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45600 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45599 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45598 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45597 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45596 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45595 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45594 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45593 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45592 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45591 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45590 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45589 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45588 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45587 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45586 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45585 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45584 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45583 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45582 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45581 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45580 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45579 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45578 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45577 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45576 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45575 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45574 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45573 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45572 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45571 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45570 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45569 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45568 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45567 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45566 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45565 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45564 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45563 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45562 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45561 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45560 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45559 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45558 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45557 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45556 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45555 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45554 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45553 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45552 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45551 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45550 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45549 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45548 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45547 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45546 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45545 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45544 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45543 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45542 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45541 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45540 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45539 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45538 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45537 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45536 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45535 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45534 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45533 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45532 (NETGEAR R8000 devices before 1.0.4.76 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2021-45531 (NETGEAR D6220 devices before 1.0.0.76 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2021-45530 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45529 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45528 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45527 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45526 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45525 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45524 (NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflo ...) + NOT-FOR-US: Netgear +CVE-2021-45523 (NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflo ...) + NOT-FOR-US: Netgear +CVE-2021-45522 (NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded pas ...) + NOT-FOR-US: Netgear +CVE-2021-45521 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...) + NOT-FOR-US: Netgear +CVE-2021-45520 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...) + NOT-FOR-US: Netgear +CVE-2021-45519 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...) + NOT-FOR-US: Netgear +CVE-2021-45518 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...) + NOT-FOR-US: Netgear +CVE-2021-45517 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...) + NOT-FOR-US: Netgear +CVE-2021-45516 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2021-45515 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2021-45514 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...) + NOT-FOR-US: Netgear +CVE-2021-45513 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...) + NOT-FOR-US: Netgear +CVE-2021-45512 (Certain NETGEAR devices are affected by weak cryptography. This affect ...) + NOT-FOR-US: Netgear +CVE-2021-45511 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45510 (NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication ...) + NOT-FOR-US: Netgear +CVE-2021-45509 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45508 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45507 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45506 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45505 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45504 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45503 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45502 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45501 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45500 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45499 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45498 (NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication ...) + NOT-FOR-US: Netgear +CVE-2021-45497 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...) + NOT-FOR-US: Netgear +CVE-2021-45496 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...) + NOT-FOR-US: Netgear +CVE-2021-45495 (NETGEAR D7000 devices before 1.0.1.68 are affected by authentication b ...) + NOT-FOR-US: Netgear +CVE-2021-45494 (Certain NETGEAR devices are affected by an attacker's ability to read ...) + NOT-FOR-US: Netgear +CVE-2021-45493 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + NOT-FOR-US: Netgear +CVE-2021-4170 (calibre-web is vulnerable to Improper Neutralization of Input During W ...) + NOT-FOR-US: calibre-web +CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + NOT-FOR-US: livehelperchat +CVE-2021-45492 + RESERVED +CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: ShowDoc +CVE-2021-45491 + RESERVED +CVE-2021-45490 + RESERVED +CVE-2021-45489 (In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employ ...) + NOT-FOR-US: NetBSD +CVE-2021-45488 (In NetBSD through 9.2, there is an information leak in the TCP ISN (IS ...) + NOT-FOR-US: NetBSD +CVE-2021-45487 (In NetBSD through 9.2, the IPv4 ID generation algorithm does not use a ...) + NOT-FOR-US: NetBSD +CVE-2021-45486 (In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4 ...) + - linux 5.10.38-1 + [buster] - linux 4.19.208-1 + [stretch] - linux 4.9.290-1 + NOTE: https://arxiv.org/pdf/2112.09604.pdf + NOTE: https://git.kernel.org/linus/aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba (5.13-rc1) +CVE-2021-45485 (In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6 ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + [stretch] - linux 4.9.290-1 + NOTE: https://arxiv.org/pdf/2112.09604.pdf + NOTE: https://git.kernel.org/linus/62f20e068ccc50d6ab66fdb72ba90da2b9418c99 (5.14-rc1) +CVE-2021-45484 (In NetBSD through 9.2, the IPv6 fragment ID generation algorithm emplo ...) + NOT-FOR-US: NetBSD +CVE-2021-45483 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Fram ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.0-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 +CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Cont ...) + {DSA-4976-1 DSA-4975-1} + - webkit2gtk 2.32.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.4-1 +CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.0-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 +CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...) + {DSA-5050-1} + - linux 5.15.15-1 + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0 +CVE-2021-4167 + RESERVED +CVE-2021-45479 + RESERVED +CVE-2021-45478 + RESERVED +CVE-2021-45477 + RESERVED +CVE-2021-45476 + RESERVED +CVE-2021-45475 + RESERVED +CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read ...) + - vim 2:8.2.3995-1 + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035 + NOTE: https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 (v8.2.3884) +CVE-2021-4165 + RESERVED +CVE-2021-4164 (calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: calibre-web +CVE-2021-4163 + RESERVED +CVE-2021-4162 (archivy is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: archivy +CVE-2021-45474 (In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporte ...) + NOT-FOR-US: FileImporter MediaWiki extension + NOTE: https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e + NOTE: https://phabricator.wikimedia.org/T296605 +CVE-2021-45473 (In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which ...) + NOT-FOR-US: WikiBase MediaWiki extension + NOTE: https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d + NOTE: https://phabricator.wikimedia.org/T294693 +CVE-2021-45472 (In MediaWiki through 1.37, XSS can occur in Wikibase because an extern ...) + NOT-FOR-US: WikiBase MediaWiki extension + NOTE: https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd + NOTE: https://phabricator.wikimedia.org/T297570 +CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to edit En ...) + NOT-FOR-US: EntitySchema MediaWiki extension + NOTE: https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9 + NOTE: https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c + NOTE: https://phabricator.wikimedia.org/T296578 +CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular express ...) + NOT-FOR-US: cve-search +CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...) + NOT-FOR-US: Moxa +CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...) + {DSA-5050-1} + - linux 5.15.15-1 + NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235 +CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...) + NOT-FOR-US: Imperva Web Application Firewall +CVE-2021-45467 + RESERVED +CVE-2021-45466 + RESERVED +CVE-2021-45465 + RESERVED +CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro ...) + - openssl 1.1.1m-1 + [bullseye] - openssl <no-dsa> (Minor issue) + [buster] - openssl <no-dsa> (Minor issue) + [stretch] - openssl <ignored> (This is MIPS-specific and we don't support MIPS for stretch-security) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb (OpenSSL_1_1_1m) + NOTE: https://mta.openssl.org/pipermail/openssl-announce/2022-January/000214.html + NOTE: https://www.openssl.org/news/secadv/20220128.txt +CVE-2021-4159 [bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()] + RESERVED + - linux 5.7.6-1 + NOTE: Fixed by: https://git.kernel.org/linus/294f2fc6da27620a506e6c050241655459ccd6bd (5.7-rc1) +CVE-2021-45464 [hypervisor escape and host code execution] + RESERVED + - kvmtool <unfixed> + NOTE: https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/ +CVE-2021-45463 (load_cache in GEGL before 0.4.34 allows shell expansion when a pathnam ...) + - gegl 1:0.4.34-1 (bug #1002661) + [bullseye] - gegl <no-dsa> (Minor issue) + [buster] - gegl <no-dsa> (Minor issue) + [stretch] - gegl <no-dsa> (Minor issue; can be fixed later) + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b (GEGL_0_4_34) + NOTE: Followup: https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb (GEGL_0_4_34) +CVE-2021-45462 (In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. ...) + NOT-FOR-US: Open5GS +CVE-2021-4158 [NULL pointer dereference in pci_write() in hw/acpi/pcihp.c] + RESERVED + - qemu 1:6.2+dfsg-2 + [bullseye] - qemu <not-affected> (Vulnerable code introduced later) + [buster] - qemu <not-affected> (Vulnerable code introduced later) + [stretch] - qemu <not-affected> (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035002 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/770 + NOTE: Introduced in: https://gitlab.com/qemu-project/qemu/-/commit/b32bd763a1ca929677e22ae1c51cb3920921bdce (v6.0.0-rc0) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-12/msg03692.html +CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 1 ...) + NOT-FOR-US: FreePBX +CVE-2021-45460 (A vulnerability has been identified in SICAM PQ Analyzer (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-4157 [pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()] + RESERVED + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + [stretch] - linux 4.9.272-1 + NOTE: https://git.kernel.org/linus/ed34695e15aba74f45247f1ee2cf7e09d449f925 (5.13-rc1) +CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy] + RESERVED + - libsndfile <unfixed> + [bullseye] - libsndfile <no-dsa> (Minor issue) + [buster] - libsndfile <no-dsa> (Minor issue) + [stretch] - libsndfile <no-dsa> (Minor issue) + NOTE: https://github.com/libsndfile/libsndfile/issues/731 + NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1) +CVE-2021-4155 + RESERVED + {DSA-5050-1} + - linux 5.15.15-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813 + NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/1 +CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js ...) + NOT-FOR-US: Node windows +CVE-2021-4154 (A use-after-free flaw was found in cgroup1_parse_param in kernel/cgrou ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux <not-affected> (Vulnerable code not present) + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3b0462726e7ef281c35a7a4ae33e93ee2bc9975b (5.14-rc2) +CVE-2021-4153 + RESERVED +CVE-2021-4152 + RESERVED +CVE-2021-4151 + RESERVED +CVE-2021-45458 (Apache Kylin provides encryption classes PasswordPlaceholderConfigurer ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2021-45457 (In Apache Kylin, Cross-origin requests with credentials are allowed to ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2021-45456 (Apache kylin checks the legitimacy of the project before executing som ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2021-45455 + RESERVED +CVE-2021-45454 + RESERVED +CVE-2021-45453 + RESERVED +CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...) + - python-django 2:3.2.11-1 (bug #1003113) + [bullseye] - python-django <postponed> (Minor issue; fix in next update) + [buster] - python-django <postponed> (Minor issue; fix in next update) + [stretch] - python-django <postponed> (Minor issue; fix in next update) + NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ + NOTE: https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b (3.2.11) + NOTE: https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1 (2.2.26) +CVE-2021-4150 [Block subsystem mishandles reference counts] + RESERVED + - linux 5.15.3-1 + NOTE: https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7) +CVE-2021-4149 [Improper lock operation in btrfs] + RESERVED + - linux 5.14.16-1 + NOTE: https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6) +CVE-2021-4148 [Improper implementation of block_invalidatepage() allows users to crash the kernel] + RESERVED + - linux <unfixed> + NOTE: https://lkml.org/lkml/2021/9/17/1037 + NOTE: https://lkml.org/lkml/2021/9/12/323 +CVE-2021-4147 [deadlock and crash in libxl driver] + RESERVED + - libvirt 7.10.0-2 (bug #1002535) + [bullseye] - libvirt <no-dsa> (Minor issue) + [buster] - libvirt <no-dsa> (Minor issue) + [stretch] - libvirt <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034195 + NOTE: https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8 + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a4e6fba069c0809b8b5dde5e9db62d2efd91b4a0 + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/e4f7589a3ec285489618ca04c8c0230cc31f3d99 + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5 + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340 +CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...) + NOT-FOR-US: pimcore +CVE-2021-4145 (A NULL pointer dereference issue was found in the block mirror layer o ...) + - qemu 1:6.2+dfsg-1 + [bullseye] - qemu <not-affected> (Vulnerable code introduced later) + [buster] - qemu <not-affected> (Vulnerable code introduced later) + [stretch] - qemu <not-affected> (Vulnerable code introduced later) + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/d44dae1a7cf782ec9235746ebb0e6c1a20dd7288 (v6.1.0-rc0) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd (v6.2.0-rc0) +CVE-2021-4144 (TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 2 ...) + NOT-FOR-US: TP-Link +CVE-2021-45451 (In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ...) + - mbedtls <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/ARMmbed/mbedtls/commit/cae590905363747d26fb5617b71bd567541a2f39 (mbedtls-3.1.0) +CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv ...) + - mbedtls <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/ARMmbed/mbedtls/commit/c423acbe0f7957d8ef1e6036c2429c9f79c6f05e (mbedtls-2.28.0) + NOTE: https://github.com/ARMmbed/mbedtls/commit/4c224fe3ccbe527a2b7d55a927f1f09511ff1b83 (mbedtls-2.28.0) +CVE-2021-45449 (Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitiv ...) + NOT-FOR-US: Docker Desktop on Windows +CVE-2021-45448 + RESERVED +CVE-2021-45447 + RESERVED +CVE-2021-45446 + RESERVED +CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...) + NOT-FOR-US: Unisys +CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...) + {DSA-5078-1 DLA-2926-1} + - zsh 5.8.1-1 + NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/ + NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/ + NOTE: https://sourceforge.net/p/zsh/code/ci/bdc4d70a7e033b754e68a8659a037ea0fc5f38de/ +CVE-2021-45443 + RESERVED +CVE-2021-4143 (Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutto ...) + NOT-FOR-US: BigBlueButton +CVE-2021-45442 (A link following denial-of-service vulnerability in Trend Micro Worry- ...) + NOT-FOR-US: Trend Micro +CVE-2021-45441 (A origin validation error vulnerability in Trend Micro Apex One (on-pr ...) + NOT-FOR-US: Trend Micro +CVE-2021-45440 (A unnecessary privilege vulnerability in Trend Micro Apex One and Tren ...) + NOT-FOR-US: Trend Micro +CVE-2021-45439 + RESERVED +CVE-2021-45438 + RESERVED +CVE-2021-45437 + RESERVED +CVE-2021-45436 + RESERVED +CVE-2021-45435 (An SQL Injection vulnerability exists in Sourcecodester Simple Cold St ...) + NOT-FOR-US: Sourcecodester +CVE-2021-45434 + RESERVED +CVE-2021-45433 + RESERVED +CVE-2021-45432 + RESERVED +CVE-2021-45431 + RESERVED +CVE-2021-45430 + RESERVED +CVE-2021-45429 (A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 6 ...) + - yara <unfixed> + [stretch] - yara <no-dsa> (Minor issue) + NOTE: https://github.com/VirusTotal/yara/issues/1616 + NOTE: https://github.com/VirusTotal/yara/commit/a36b497926b141624ea673111a101e9ddd7ac2eb (v4.2.0-rc1) +CVE-2021-45428 (TLR-2005KSH is affected by an incorrect access control vulnerability. ...) + NOT-FOR-US: TLR-2005KSH +CVE-2021-45427 (Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated ar ...) + NOT-FOR-US: Emerson +CVE-2021-45426 + RESERVED +CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 an ...) + NOT-FOR-US: SAFARI Montage +CVE-2021-45424 + RESERVED +CVE-2021-45423 + RESERVED +CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...) + NOT-FOR-US: Reprise License Manager +CVE-2021-45421 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...) + NOT-FOR-US: Emerson +CVE-2021-45420 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...) + NOT-FOR-US: Emerson +CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Validation. ...) + NOT-FOR-US: Nova 360 Cabinet +CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via ...) + NOT-FOR-US: Nova 360 Cabinet +CVE-2021-45417 (AIDE before 0.17.4 allows local users to obtain root privileges via cr ...) + {DSA-5051-1 DLA-2894-1} + - aide 0.17.4-1 + NOTE: https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc (v0.17.4) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3 +CVE-2021-45416 (Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 ...) + NOT-FOR-US: RosarioSIS +CVE-2021-45415 + RESERVED +CVE-2021-45414 + RESERVED +CVE-2021-45413 + RESERVED +CVE-2021-45412 + RESERVED +CVE-2021-45411 (In Sourcecodetester Printable Staff ID Card Creator System 1.0 after c ...) + NOT-FOR-US: Sourcecodetester +CVE-2021-45410 + RESERVED +CVE-2021-45409 + RESERVED +CVE-2021-45408 (Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, ...) + NOT-FOR-US: SeedDMS +CVE-2021-45407 + RESERVED +CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to ...) + NOT-FOR-US: SalonERP +CVE-2021-45405 + RESERVED +CVE-2021-45404 + RESERVED +CVE-2021-45403 + RESERVED +CVE-2021-45402 (The check_alu_op() function in kernel/bpf/verifier.c in the Linux kern ...) + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/3cf2b61eb06765e27fec6799292d9fb46d0b7e60 + NOTE: https://git.kernel.org/linus/b1a7288dedc6caf9023f2676b4f5ed34cf0d4029 + NOTE: https://git.kernel.org/linus/e572ff80f05c33cd0cb4860f864f5c9c044280b6 +CVE-2021-45401 (A Command injection vulnerability exists in Tenda AC10U AC1200 Smart D ...) + NOT-FOR-US: Tenda +CVE-2021-45400 + RESERVED +CVE-2021-45399 + RESERVED +CVE-2021-45398 + RESERVED +CVE-2021-45397 + RESERVED +CVE-2021-45396 + RESERVED +CVE-2021-45395 + RESERVED +CVE-2021-45394 (An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can ...) + NOT-FOR-US: PHP HTML2PDF +CVE-2021-45393 + RESERVED +CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...) + NOT-FOR-US: Tenda +CVE-2021-45391 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...) + NOT-FOR-US: Tenda +CVE-2021-45390 + RESERVED +CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Build 68 ...) + NOT-FOR-US: StarWind +CVE-2021-45388 + REJECTED +CVE-2021-45387 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c ...) + - tcpreplay 4.4.0-1 (unimportant) + NOTE: https://github.com/appneta/tcpreplay/issues/687 + NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0) + NOTE: Crash in CLI tool, no security impact +CVE-2021-45386 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c ...) + - tcpreplay 4.4.0-1 (unimportant) + NOTE: https://github.com/appneta/tcpreplay/issues/687 + NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0) + NOTE: Crash in CLI tool, no security impact +CVE-2021-45385 (A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021 ...) + NOT-FOR-US: ffjpeg +CVE-2021-45384 + RESERVED +CVE-2021-45383 + RESERVED +CVE-2021-45382 (A Remote Command Execution (RCE) vulnerability exists in all series H/ ...) + NOT-FOR-US: D-Link +CVE-2021-45381 + RESERVED +CVE-2021-45380 (AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_h ...) + NOT-FOR-US: AppCMS +CVE-2021-45378 + RESERVED +CVE-2021-45377 + RESERVED +CVE-2021-45376 + RESERVED +CVE-2021-45375 + RESERVED +CVE-2021-45374 + RESERVED +CVE-2021-45373 + RESERVED +CVE-2021-45372 + RESERVED +CVE-2021-45371 + RESERVED +CVE-2021-45370 + RESERVED +CVE-2021-45369 + RESERVED +CVE-2021-45368 + RESERVED +CVE-2021-45367 + RESERVED +CVE-2021-45366 + RESERVED +CVE-2021-45365 + RESERVED +CVE-2021-45364 (** DISPUTED ** A Code Execution vulnerability exists in Statamic Versi ...) + NOT-FOR-US: Statamic +CVE-2021-45363 + RESERVED +CVE-2021-45362 + RESERVED +CVE-2021-45361 + RESERVED +CVE-2021-45360 + RESERVED +CVE-2021-45359 + RESERVED +CVE-2021-45358 + RESERVED +CVE-2021-45357 (Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the ...) + - piwigo <removed> +CVE-2021-45356 + RESERVED +CVE-2021-45355 + RESERVED +CVE-2021-45354 + RESERVED +CVE-2021-45353 + RESERVED +CVE-2021-45352 + RESERVED +CVE-2021-45351 + RESERVED +CVE-2021-45350 + RESERVED +CVE-2021-45349 + RESERVED +CVE-2021-45348 (An Arbitrary File Deletion vulnerability exists in SourceCodester Atte ...) + NOT-FOR-US: SourceCodester +CVE-2021-45347 (An Incorrect Access Control vulnerability exists in zzcms 8.2, which l ...) + NOT-FOR-US: zzcms +CVE-2021-45346 (A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and ...) + - sqlite3 <unfixed> (bug #1005974) + NOTE: https://github.com/guyinatuxedo/sqlite3_record_leaking + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054793 +CVE-2021-45345 + RESERVED +CVE-2021-45344 + RESERVED +CVE-2021-45343 (In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of ...) + {DSA-5077-1 DLA-2908-1} + - librecad 2.1.3-3 (bug #1004518) + NOTE: https://github.com/LibreCAD/LibreCAD/issues/1468 + NOTE: https://github.com/LibreCAD/LibreCAD/pull/1469 + NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/5771425808bd16e78e1c6f28728c0712c47316f7 +CVE-2021-45342 (A buffer overflow vulnerability in CDataList of the jwwlib component o ...) + {DSA-5077-1 DLA-2908-1} + - librecad 2.1.3-3 (bug #1004518) + NOTE: https://github.com/LibreCAD/LibreCAD/issues/1464 + NOTE: https://github.com/LibreCAD/LibreCAD/pull/1465 + NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/4edcbe72679f95cb60979c77a348c1522a20b0f4 +CVE-2021-45341 (A buffer overflow vulnerability in CDataMoji of the jwwlib component o ...) + {DSA-5077-1 DLA-2908-1} + - librecad 2.1.3-3 (bug #1004518) + NOTE: https://github.com/LibreCAD/LibreCAD/issues/1462 + NOTE: https://github.com/LibreCAD/LibreCAD/pull/1463 + NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/f3502963eaf379a429bc9da73c1224c5db649997 +CVE-2021-45340 (In Libsixel prior to and including v1.10.3, a NULL pointer dereference ...) + - libsixel <unfixed> (bug #1004377) + [bullseye] - libsixel <no-dsa> (Minor issue) + [buster] - libsixel <no-dsa> (Minor issue) + [stretch] - libsixel <no-dsa> (Minor issue) + NOTE: https://github.com/libsixel/libsixel/issues/51 + NOTE: Fixed by: https://github.com/libsixel/libsixel/pull/52 +CVE-2021-45339 (Privilege escalation vulnerability in Avast Antivirus prior to 20.4 al ...) + NOT-FOR-US: Avast Antivirus +CVE-2021-45338 (Multiple privilege escalation vulnerabilities in Avast Antivirus prior ...) + NOT-FOR-US: Avast Antivirus +CVE-2021-45337 (Privilege escalation vulnerability in the Self-Defense driver of Avast ...) + NOT-FOR-US: Avast Antivirus +CVE-2021-45336 (Privilege escalation vulnerability in the Sandbox component of Avast A ...) + NOT-FOR-US: Avast Antivirus +CVE-2021-45335 (Sandbox component in Avast Antivirus prior to 20.4 has an insecure per ...) + NOT-FOR-US: Avast Antivirus +CVE-2021-45334 (Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL ...) + NOT-FOR-US: Sourcecodester Online Thesis Archiving System +CVE-2021-45333 + RESERVED +CVE-2021-45332 + RESERVED +CVE-2021-45331 (An Authentication Bypass vulnerability exists in Gitea before 1.5.0, w ...) + - gitea <removed> +CVE-2021-45330 (An issue exsits in Gitea through 1.15.7, which could let a malicious u ...) + - gitea <removed> +CVE-2021-45329 (Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 ...) + - gitea <removed> +CVE-2021-45328 (Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (' ...) + - gitea <removed> +CVE-2021-45327 (Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on ...) + - gitea <removed> +CVE-2021-45326 (Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before ...) + - gitea <removed> +CVE-2021-45325 (Server Side Request Forgery (SSRF) vulneraility exists in Gitea before ...) + - gitea <removed> +CVE-2021-45324 + RESERVED +CVE-2021-45323 + RESERVED +CVE-2021-45322 + RESERVED +CVE-2021-45321 + RESERVED +CVE-2021-45320 + RESERVED +CVE-2021-45319 + RESERVED +CVE-2021-45318 + RESERVED +CVE-2021-45317 + RESERVED +CVE-2021-45316 + RESERVED +CVE-2021-45315 + RESERVED +CVE-2021-45314 + RESERVED +CVE-2021-45313 + RESERVED +CVE-2021-45312 + RESERVED +CVE-2021-45311 + RESERVED +CVE-2021-45310 (Sangoma Technologies Corporation Switchvox Version 102409 is affected ...) + NOT-FOR-US: Sangoma Technologies Corporation Switchvox +CVE-2021-45309 + RESERVED +CVE-2021-45308 + RESERVED +CVE-2021-45307 + RESERVED +CVE-2021-45306 + RESERVED +CVE-2021-45305 + RESERVED +CVE-2021-45304 + RESERVED +CVE-2021-45303 + RESERVED +CVE-2021-45302 + RESERVED +CVE-2021-45301 + RESERVED +CVE-2021-45300 + RESERVED +CVE-2021-45299 + RESERVED +CVE-2021-45298 + RESERVED +CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1973 + NOTE: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770 +CVE-2021-45296 + RESERVED +CVE-2021-45295 + RESERVED +CVE-2021-45294 + RESERVED +CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to an Inv ...) + - binaryen 104-1 (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4384 + NOTE: https://github.com/WebAssembly/binaryen/pull/4388 + NOTE: https://github.com/WebAssembly/binaryen/commit/b1f6298ed8756bdc3336429c04b92ba58d000b49 (version_104) + NOTE: Crash in CLI tool, no security impact +CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1958 + NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6 +CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1955 + NOTE: https://github.com/gpac/gpac/commit/a07c64979af592aad56bc175157b7397e43fa9cc +CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to an asse ...) + - binaryen 104-1 (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4383 + NOTE: https://github.com/WebAssembly/binaryen/pull/4389 + NOTE: https://github.com/WebAssembly/binaryen/commit/62d83d5fcad015ce52f0f3122eab9df1c629cafb (version_104) + NOTE: Crash in CLI tool, no security impact +CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of security-re ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1972 + NOTE: https://github.com/gpac/gpac/commit/5e1f084e0c6ad2736c9913715c4abb57c554209d +CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1956 + NOTE: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3 +CVE-2021-45287 + RESERVED +CVE-2021-45286 (Directory Traversal vulnerability exists in ZZCMS 2021 via the skin pa ...) + NOT-FOR-US: ZZCMS +CVE-2021-45285 + RESERVED +CVE-2021-45284 + RESERVED +CVE-2021-45283 + RESERVED +CVE-2021-45282 + RESERVED +CVE-2021-45281 (QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerabilit ...) + NOT-FOR-US: QuickBox Pro +CVE-2021-45280 + RESERVED +CVE-2021-45279 + RESERVED +CVE-2021-45278 + RESERVED +CVE-2021-45277 + RESERVED +CVE-2021-45276 + RESERVED +CVE-2021-45275 + RESERVED +CVE-2021-45274 + RESERVED +CVE-2021-45273 + RESERVED +CVE-2021-45272 + RESERVED +CVE-2021-45271 + RESERVED +CVE-2021-45270 + RESERVED +CVE-2021-45269 + RESERVED +CVE-2021-45268 (** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability exist ...) + NOT-FOR-US: Backdrop CMS +CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1965 + NOTE: https://github.com/gpac/gpac/commit/29f31f431b18278b94c659452562e8a027436487 +CVE-2021-45266 (A null pointer dereference vulnerability exists in gpac 1.1.0 via the ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1985 + NOTE: https://github.com/gpac/gpac/commit/76b9e3f578a056fee07a4b317f5b36a83d01810e +CVE-2021-45265 + RESERVED +CVE-2021-45264 + RESERVED +CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1975 + NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9 +CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1980 + NOTE: https://github.com/gpac/gpac/commit/ef86a8eba3b166b885dec219066dd3a47501e03a +CVE-2021-45261 (An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anoth ...) + - patch <unfixed> (unimportant) + NOTE: https://savannah.gnu.org/bugs/?61685 + NOTE: Negligible security impact +CVE-2021-45260 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the l ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/1979 + NOTE: https://github.com/gpac/gpac/issues/1977 + NOTE: https://github.com/gpac/gpac/commit/5e5e9c48b1a61e3844e9fbe26292305ab4c06d04 + NOTE: Reported twice upstream, fix is in issue 1977 - identical report in issue 1979 +CVE-2021-45259 (An Invalid pointer reference vulnerability exists in gpac 1.1.0 via th ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/1986 + NOTE: https://github.com/gpac/gpac/commit/654c796482c2609aa736315f9273d6c5912e0a29 +CVE-2021-45258 (A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_de ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/1970 + NOTE: https://github.com/gpac/gpac/commit/47a26a32c9a2cd630c48517c3e6ab2fa5f6a26ad +CVE-2021-45257 (An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ...) + - nasm <unfixed> (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392790 + NOTE: Negligible security impact +CVE-2021-45256 (A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via a ...) + - nasm <unfixed> (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392789 + NOTE: Crash in CLI tool, no security impact +CVE-2021-45255 (The email parameter from ajax.php of Video Sharing Website 1.0 appears ...) + NOT-FOR-US: Video Sharing Website +CVE-2021-45254 + RESERVED +CVE-2021-45253 (The id parameter in view_storage.php from Simple Cold Storage Manageme ...) + NOT-FOR-US: Simple Cold Storage Management System +CVE-2021-45252 (Multiple SQL injection vulnerabilities are found on Simple Forum-Discu ...) + NOT-FOR-US: Simple Forum-Discussion System +CVE-2021-45251 + RESERVED +CVE-2021-45250 + RESERVED +CVE-2021-45249 + RESERVED +CVE-2021-45248 + RESERVED +CVE-2021-45247 + RESERVED +CVE-2021-45246 + RESERVED +CVE-2021-45245 + RESERVED +CVE-2021-45244 + RESERVED +CVE-2021-45243 + RESERVED +CVE-2021-45242 + RESERVED +CVE-2021-45241 + RESERVED +CVE-2021-45240 + RESERVED +CVE-2021-45239 + RESERVED +CVE-2021-45238 + RESERVED +CVE-2021-45237 + RESERVED +CVE-2021-45236 + RESERVED +CVE-2021-45235 + RESERVED +CVE-2021-45234 + RESERVED +CVE-2021-4142 + RESERVED + NOT-FOR-US: Red Hat Satellite / Candlepin +CVE-2021-4141 + RESERVED +CVE-2021-4140 + RESERVED + {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} + - firefox 96.0-1 + - firefox-esr 91.5.0esr-1 + - thunderbird 1:91.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2021-4140 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2021-4140 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2021-4140 +CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) + NOT-FOR-US: Pimcore +CVE-2021-4138 + RESERVED + - geckodriver <itp> (bug #989456) +CVE-2021-45233 + RESERVED +CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses two fra ...) + NOT-FOR-US: Apache APISIX Dashboard +CVE-2021-45231 (A link following privilege escalation vulnerability in Trend Micro Ape ...) + NOT-FOR-US: Trend Micro +CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific case ...) + - airflow <itp> (bug #819700) +CVE-2021-45229 + RESERVED +CVE-2021-45228 + RESERVED +CVE-2021-45227 + RESERVED +CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...) + NOT-FOR-US: COINS Construction Cloud +CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...) + NOT-FOR-US: COINS Construction Cloud +CVE-2021-45224 (An issue was discovered in COINS Construction Cloud 11.12. In several ...) + NOT-FOR-US: COINS Construction Cloud +CVE-2021-45223 (An issue was discovered in COINS Construction Cloud 11.12. Due to insu ...) + NOT-FOR-US: COINS Construction Cloud +CVE-2021-45222 (An issue was discovered in COINS Construction Cloud 11.12. Due to logi ...) + NOT-FOR-US: COINS Construction Cloud +CVE-2021-45221 + RESERVED +CVE-2021-45220 + RESERVED +CVE-2021-45219 + RESERVED +CVE-2021-45218 + RESERVED +CVE-2021-45217 + RESERVED +CVE-2021-45216 + RESERVED +CVE-2021-45215 + RESERVED +CVE-2021-45214 + RESERVED +CVE-2021-45213 + RESERVED +CVE-2021-45212 + RESERVED +CVE-2021-45211 + RESERVED +CVE-2021-45210 + RESERVED +CVE-2021-45209 + RESERVED +CVE-2021-45208 + RESERVED +CVE-2021-45207 + RESERVED +CVE-2021-45206 + RESERVED +CVE-2021-45205 + RESERVED +CVE-2021-45204 + RESERVED +CVE-2021-45203 + RESERVED +CVE-2021-45202 + RESERVED +CVE-2021-45201 + RESERVED +CVE-2021-45200 + RESERVED +CVE-2021-45199 + RESERVED +CVE-2021-45198 + RESERVED +CVE-2021-45197 + RESERVED +CVE-2021-45196 + RESERVED +CVE-2021-45195 + RESERVED +CVE-2021-45194 + RESERVED +CVE-2021-45193 + RESERVED +CVE-2021-45192 + RESERVED +CVE-2021-45191 + RESERVED +CVE-2021-45190 + RESERVED +CVE-2021-45189 + RESERVED +CVE-2021-45188 + RESERVED +CVE-2021-45187 + RESERVED +CVE-2021-45186 + RESERVED +CVE-2021-45185 + RESERVED +CVE-2021-45184 + RESERVED +CVE-2021-45183 + RESERVED +CVE-2021-45182 + RESERVED +CVE-2021-45181 + RESERVED +CVE-2021-45180 + RESERVED +CVE-2021-45179 + RESERVED +CVE-2021-45178 + RESERVED +CVE-2021-45177 + RESERVED +CVE-2021-45176 + RESERVED +CVE-2021-45175 + RESERVED +CVE-2021-45174 + RESERVED +CVE-2021-45173 + RESERVED +CVE-2021-45172 + RESERVED +CVE-2021-45171 + RESERVED +CVE-2021-45170 + RESERVED +CVE-2021-45169 + RESERVED +CVE-2021-45168 + RESERVED +CVE-2021-45167 + RESERVED +CVE-2021-45166 + RESERVED +CVE-2021-45165 + RESERVED +CVE-2021-45164 + RESERVED +CVE-2021-45163 + RESERVED +CVE-2021-45162 + RESERVED +CVE-2021-45161 + RESERVED +CVE-2021-45160 + RESERVED +CVE-2021-45159 + RESERVED +CVE-2021-45158 + RESERVED +CVE-2021-45157 + RESERVED +CVE-2021-45156 + RESERVED +CVE-2021-45155 + RESERVED +CVE-2021-45154 + RESERVED +CVE-2021-45153 + RESERVED +CVE-2021-45152 + RESERVED +CVE-2021-45151 + RESERVED +CVE-2021-45150 + RESERVED +CVE-2021-45149 + RESERVED +CVE-2021-45148 + RESERVED +CVE-2021-45147 + RESERVED +CVE-2021-45146 + RESERVED +CVE-2021-45145 + RESERVED +CVE-2021-45144 + RESERVED +CVE-2021-45143 + RESERVED +CVE-2021-45142 + RESERVED +CVE-2021-45141 + RESERVED +CVE-2021-45140 + RESERVED +CVE-2021-45139 + RESERVED +CVE-2021-45138 + RESERVED +CVE-2021-45137 + RESERVED +CVE-2021-45136 + RESERVED +CVE-2021-45135 + RESERVED +CVE-2021-45134 + RESERVED +CVE-2021-45133 + RESERVED +CVE-2021-45132 + RESERVED +CVE-2021-45131 + RESERVED +CVE-2021-45130 + RESERVED +CVE-2021-45129 + RESERVED +CVE-2021-45128 + RESERVED +CVE-2021-45127 + RESERVED +CVE-2021-45126 + RESERVED +CVE-2021-45125 + RESERVED +CVE-2021-45124 + RESERVED +CVE-2021-45123 + RESERVED +CVE-2021-45122 + RESERVED +CVE-2021-45121 + RESERVED +CVE-2021-45120 + RESERVED +CVE-2021-45119 + RESERVED +CVE-2021-45118 + RESERVED +CVE-2021-45117 + RESERVED +CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...) + - python-django 2:3.2.11-1 (bug #1003113) + [bullseye] - python-django <postponed> (Minor issue; fix in next update) + [buster] - python-django <postponed> (Minor issue; fix in next update) + [stretch] - python-django <postponed> (Minor issue; fix in next update) + NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ + NOTE: https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16 (3.2.11) + NOTE: https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a (2.2.26) +CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...) + - python-django 2:3.2.11-1 (bug #1003113) + [bullseye] - python-django <postponed> (Minor issue; fix in next update) + [buster] - python-django <postponed> (Minor issue; fix in next update) + [stretch] - python-django <postponed> (Minor issue; fix in next update) + NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ + NOTE: https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20 (3.2.11) + NOTE: https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277 (2.2.26) +CVE-2021-45106 (A vulnerability has been identified in SICAM TOOLBOX II (All versions) ...) + NOT-FOR-US: Siemens +CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...) + NOT-FOR-US: Emerson +CVE-2021-44462 + RESERVED +CVE-2021-4137 + RESERVED +CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...) + - vim 2:8.2.3995-1 (bug #1002534) + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <not-affected> (Vulnerable code introduced later) + [stretch] - vim <not-affected> (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938 + NOTE: Introduced by: https://github.com/vim/vim/commit/2949cfdbe4335b9abcfeda1be4dfc52090ee1df6 (v8.2.2257) + NOTE: Fixed by: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (v8.2.3847) +CVE-2021-4135 + RESERVED + - linux 5.15.15-1 (unimportant) + [bullseye] - linux 5.10.92-1 + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6) + NOTE: CONFIG_NETDEVSIM is not set in Debian +CVE-2021-4134 (The Fancy Product Designer WordPress plugin is vulnerable to SQL Injec ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...) + NOT-FOR-US: Keycloak +CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + NOT-FOR-US: livehelperchat +CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: livehelperchat +CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: snipe-it +CVE-2021-4129 + RESERVED +CVE-2021-4128 + RESERVED +CVE-2021-4127 + RESERVED +CVE-2021-4126 + RESERVED + {DSA-5034-1 DLA-2874-1} + - thunderbird 1:91.4.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126 +CVE-2021-26264 (A specially crafted script could cause the DeltaV Distributed Control ...) + NOT-FOR-US: DeltaV Distributed Control System Controllers +CVE-2021-23173 (The affected product is vulnerable to an improper access control, whic ...) + NOT-FOR-US: Philips +CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a he ...) + NOT-FOR-US: WECON LeviStudioU +CVE-2021-23138 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a st ...) + NOT-FOR-US: WECON LeviStudioU +CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access cont ...) + - glewlwyd 2.6.1-1 + [bullseye] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release) + [buster] - glewlwyd <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1) +CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...) + {DSA-5024-1 DLA-2852-1} + - apache-log4j2 2.17.0-1 (bug #1001891) + NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105 + NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230 +CVE-2021-31566 [symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive] + RESERVED + - libarchive 3.5.2-1 (bug #1001990) + [bullseye] - libarchive <no-dsa> (Minor issue) + [buster] - libarchive <no-dsa> (Minor issue) + NOTE: https://github.com/libarchive/libarchive/issues/1566 + NOTE: https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 (v3.5.2) + NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2) +CVE-2021-23177 [extracting a symlink with ACLs modifies ACLs of target] + RESERVED + - libarchive 3.5.2-1 (bug #1001986) + [bullseye] - libarchive <no-dsa> (Minor issue) + [buster] - libarchive <no-dsa> (Minor issue) + NOTE: https://github.com/libarchive/libarchive/issues/1565 + NOTE: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad (v3.5.2) +CVE-2021-45104 + RESERVED +CVE-2021-45103 + RESERVED +CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x befor ...) + - condor <not-affected> (Only affects 9.0.0 and above) + NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/ +CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, ...) + - condor <unfixed> (bug #1002540) + [stretch] - condor <ignored> (Patch is too destructive to backport it; Patch does not apply cleanly. Too many calls in patch, not existed in this version of the software) + NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/ + NOTE: https://github.com/htcondor/htcondor/commit/8b311dee6dee6be518e65381e020fb74848b552b (V8_8_14) +CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistan ...) + NOT-FOR-US: Home Assistant Community Add-on: SSH & Web Terminal +CVE-2021-45098 (An issue was discovered in Suricata before 6.0.4. It is possible to by ...) + - suricata 1:6.0.4-1 + [bullseye] - suricata <no-dsa> (Minor issue) + [buster] - suricata <no-dsa> (Minor issue) + [stretch] - suricata <no-dsa> (Minor issue) + NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 + NOTE: https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df + NOTE: https://redmine.openinfosecfoundation.org/issues/4710 +CVE-2021-45097 (KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in ...) + NOT-FOR-US: NIME Server +CVE-2021-45096 (KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external X ...) + NOT-FOR-US: KNIME Analytics Platform +CVE-2021-45094 + RESERVED +CVE-2021-45093 + RESERVED +CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...) + NOT-FOR-US: Thinfinity VirtualUI +CVE-2021-45091 (Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access ...) + NOT-FOR-US: Stormshield Endpoint Security +CVE-2021-45090 (Stormshield Endpoint Security before 2.1.2 allows remote code executio ...) + NOT-FOR-US: Stormshield Endpoint Security +CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Co ...) + NOT-FOR-US: Stormshield Endpoint Security +CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) + {DSA-5042-1} + - epiphany-browser 41.2-1 + [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch) + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 +CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) + {DSA-5042-1} + - epiphany-browser 41.2-1 + [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch) + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 +CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) + {DSA-5042-1} + - epiphany-browser 41.2-1 + [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch) + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 +CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) + {DSA-5042-1} + - epiphany-browser 41.2-1 + [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch) + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 +CVE-2021-45084 + RESERVED +CVE-2021-45083 (An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler ...) + - cobbler <removed> +CVE-2021-45082 (An issue was discovered in Cobbler before 3.3.1. In the templar.py fil ...) + - cobbler <removed> +CVE-2021-45081 (An issue was discovered in Cobbler through 3.3.1. Routines in several ...) + - cobbler <removed> +CVE-2021-45080 + RESERVED +CVE-2021-45079 (In strongSwan before 5.9.5, a malicious responder can send an EAP-Succ ...) + {DSA-5056-1 DLA-2909-1} + - strongswan 5.9.5-1 + NOTE: https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html + NOTE: Patches: https://download.strongswan.org/security/CVE-2021-45079/ +CVE-2021-45078 (stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows ...) + - binutils 2.37.50.20220106-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28694 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02 + NOTE: binutils not covered by security support +CVE-2021-4125 + RESERVED + NOT-FOR-US: OpenShift metering hive containers +CVE-2021-42550 (In logback version 1.2.7 and prior versions, an attacker with the requ ...) + - logback 1:1.2.8-1 + [bullseye] - logback <no-dsa> (Minor issue) + [buster] - logback <no-dsa> (Minor issue) + [stretch] - logback <no-dsa> (Minor issue) + NOTE: https://jira.qos.ch/browse/LOGBACK-1591 + NOTE: https://github.com/qos-ch/logback/commit/21d772f2bc2ed780b01b4fe108df7e29707763f1 (v_1.2.8) +CVE-2021-44771 + REJECTED +CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input During ...) + - janus <unfixed> (unimportant) + NOTE: https://huntr.dev/bounties/a6ca142e-60aa-4d6f-b231-5d1bcd1b7190 + NOTE: https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d + NOTE: Issues only in janus-demos built from src:janus +CVE-2021-4123 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: livehelperchat +CVE-2021-4122 [decryption through LUKS2 reencryption crash recovery] + RESERVED + {DSA-5070-1} + - cryptsetup 2:2.4.3-1 (bug #1003686) + [buster] - cryptsetup <not-affected> (Vulnerable code not present; does not support online LUKS2 reencryption) + [stretch] - cryptsetup <not-affected> (Vulnerable code not present; does not support LUKS2) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2032401 + NOTE: https://gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356c + NOTE: 2.4 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/de98f011418c62e7b825a8ce3256e8fcdc84756e + NOTE: 2.3 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/60addcffa6794c29dccf33d8db5347f24b75f2fc +CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...) + NOT-FOR-US: yetiforcecrm +CVE-2021-23151 + REJECTED +CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel through 5. ...) + - linux 5.15.15-1 (unimportant) + [bullseye] - linux <not-affected> (Vulnerable code not present) + [buster] - linux <not-affected> (Vulnerable code not present) + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://github.com/cifsd-team/ksmbd/issues/550 + NOTE: https://github.com/cifsd-team/ksmbd/pull/551 + NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2 + NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1. +CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...) + {DSA-5050-1} + - linux 5.15.15-1 + NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/ +CVE-2021-45070 + RESERVED +CVE-2021-45069 + RESERVED +CVE-2021-45068 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45067 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45066 + RESERVED +CVE-2021-45065 + RESERVED +CVE-2021-45064 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45063 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45062 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45061 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45060 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45059 (Adobe InDesign version 16.4 (and earlier) is affected by a use-after-f ...) + NOT-FOR-US: Adobe +CVE-2021-45058 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-45057 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-45056 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...) + NOT-FOR-US: Adobe +CVE-2021-45055 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...) + NOT-FOR-US: Adobe +CVE-2021-45054 (Adobe InCopy version 16.4 (and earlier) is affected by a use-after-fre ...) + NOT-FOR-US: Adobe +CVE-2021-45053 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...) + NOT-FOR-US: Adobe +CVE-2021-45052 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-45051 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-4120 (snapd 2.54.2 fails to perform sufficient validation of snap content in ...) + - snapd <unfixed> + [bullseye] - snapd 2.49-1+deb11u1 + NOTE: https://bugs.launchpad.net/snapd/+bug/1949368 + NOTE: https://www.openwall.com/lists/oss-security/2022/02/18/2 +CVE-2021-45050 + RESERVED +CVE-2021-45049 + RESERVED +CVE-2021-45048 + RESERVED +CVE-2021-45047 + RESERVED +CVE-2021-45046 (It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ...) + {DSA-5022-1} + - apache-log4j2 2.16.0-1 (bug #1001729) + [stretch] - apache-log4j2 <not-affected> (JndiLookup class has been removed) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/4 + NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046 + NOTE: https://issues.apache.org/jira/browse/LOG4J2-3221 + NOTE: https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/ +CVE-2021-45045 + RESERVED +CVE-2021-45044 + RESERVED +CVE-2021-44768 + RESERVED +CVE-2021-44544 (DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-sit ...) + NOT-FOR-US: DIAEnergie +CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...) + NOT-FOR-US: DIAEnergie +CVE-2021-4119 (bookstack is vulnerable to Improper Access Control ...) + NOT-FOR-US: bookstack +CVE-2021-4118 (pytorch-lightning is vulnerable to Deserialization of Untrusted Data ...) + NOT-FOR-US: pytorch-lightning +CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors ...) + NOT-FOR-US: yetiforcecrm +CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...) + NOT-FOR-US: yetiforcecrm +CVE-2021-4115 (There is a flaw in polkit which can allow an unprivileged user to caus ...) + [experimental] - policykit-1 0.120-6 + - policykit-1 0.105-32 (bug #1005784) + [bullseye] - policykit-1 <no-dsa> (Minor issue) + [buster] - policykit-1 <not-affected> (Vulnerable code not present, patch introducing issue not backported) + [stretch] - policykit-1 <not-affected> (Vulnerable code not present, patch introducing issue not backported) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2007534 + NOTE: https://securitylab.github.com/advisories/GHSL-2021-077-polkit/ + NOTE: Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7 + NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/issues/141 + NOTE: Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38 + NOTE: Debian backported 0.113 commits in 0.105-26 +CVE-2021-4114 + REJECTED +CVE-2021-4113 + REJECTED +CVE-2021-4112 + RESERVED + NOT-FOR-US: Ansible Tower +CVE-2021-4111 (yetiforcecrm is vulnerable to Business Logic Errors ...) + NOT-FOR-US: yetiforcecrm +CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...) + NOT-FOR-US: DIAEnergie +CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...) + NOT-FOR-US: DIAEnergie +CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../ directory traver ...) + NOT-FOR-US: HD-Network Real-time Monitoring System +CVE-2021-45042 (In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8 ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-45041 (SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL i ...) + NOT-FOR-US: SuiteCRM +CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference ...) + - mruby 3.0.0-2 (bug #1001768) + [bullseye] - mruby <no-dsa> (Minor issue) + [buster] - mruby <no-dsa> (Minor issue) + [stretch] - mruby <postponed> (revisit when/if fix is complete) + NOTE: https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20 + NOTE: https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34 +CVE-2021-4109 + RESERVED +CVE-2021-4108 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: snipe-it +CVE-2021-45040 + RESERVED +CVE-2021-45039 + RESERVED +CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + {DSA-5021-1} + - mediawiki 1:1.35.5-1 + [buster] - mediawiki <not-affected> (Vulnerable code not present) + [stretch] - mediawiki <not-affected> (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T297574 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ +CVE-2021-45037 + RESERVED +CVE-2021-45036 + RESERVED +CVE-2021-45035 + RESERVED +CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...) + NOT-FOR-US: Siemens +CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...) + NOT-FOR-US: Siemens +CVE-2021-45032 + RESERVED +CVE-2021-45031 + RESERVED +CVE-2021-45030 + RESERVED +CVE-2021-45029 (Groovy Code Injection & SpEL Injection which lead to Remote Code E ...) + NOT-FOR-US: Apache ShenYu +CVE-2021-45028 + RESERVED +CVE-2021-45027 + RESERVED +CVE-2021-45026 + RESERVED +CVE-2021-45025 + RESERVED +CVE-2021-45024 + RESERVED +CVE-2021-45023 + RESERVED +CVE-2021-45022 + RESERVED +CVE-2021-45021 + RESERVED +CVE-2021-45020 + RESERVED +CVE-2021-45019 + RESERVED +CVE-2021-45018 (Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 ...) + NOT-FOR-US: CatFish (not same as src:catfish) +CVE-2021-45017 (Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <= ...) + NOT-FOR-US: CatFish (not same as src:catfish) +CVE-2021-45016 + RESERVED +CVE-2021-45015 (taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\inclu ...) + NOT-FOR-US: taocms +CVE-2021-45014 (There is an upload sql injection vulnerability in the background of ta ...) + NOT-FOR-US: taocms +CVE-2021-45013 + RESERVED +CVE-2021-45012 + RESERVED +CVE-2021-45011 + RESERVED +CVE-2021-45010 + RESERVED +CVE-2021-45009 + RESERVED +CVE-2021-45008 (Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability ...) + NOT-FOR-US: Plesk CMS +CVE-2021-45007 (Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulne ...) + NOT-FOR-US: Plesk +CVE-2021-45006 + RESERVED +CVE-2021-45005 (Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow w ...) + - mujs <unfixed> + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704749 (not public) + NOTE: http://git.ghostscript.com/?p=mujs.git;h=df8559e7bdbc6065276e786217eeee70f28fce66 (1.2.0) +CVE-2021-45004 + RESERVED +CVE-2021-45003 (Laundry Booking Management System 1.0 (Latest) and previous versions a ...) + NOT-FOR-US: Laundry Booking Management System +CVE-2021-45002 + RESERVED +CVE-2021-45001 + RESERVED +CVE-2021-45000 + RESERVED +CVE-2021-44999 + RESERVED +CVE-2021-44998 + RESERVED +CVE-2021-44997 + RESERVED +CVE-2021-44996 + RESERVED +CVE-2021-44995 + RESERVED +CVE-2021-44994 (There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0' ...) + - iotjs <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4894 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4944 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4895 +CVE-2021-44993 (There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at ...) + - iotjs <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4876 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878 +CVE-2021-44992 (There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at ...) + - iotjs <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4875 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4879 +CVE-2021-44991 + RESERVED +CVE-2021-44990 + RESERVED +CVE-2021-44989 + RESERVED +CVE-2021-44988 (Jerryscript v3.0.0 and below was discovered to contain a stack overflo ...) + - iotjs <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4891 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899 +CVE-2021-44987 + RESERVED +CVE-2021-44986 + RESERVED +CVE-2021-44985 + RESERVED +CVE-2021-44984 + RESERVED +CVE-2021-44983 (In taocms 3.0.1 after logging in to the background, there is an Arbitr ...) + NOT-FOR-US: taocms +CVE-2021-44982 + RESERVED +CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a variable w ...) + NOT-FOR-US: QuickBox Pro +CVE-2021-44980 + RESERVED +CVE-2021-44979 + RESERVED +CVE-2021-44978 (iCMS <= 8.0.0 allows users to add and render a comtom template, whi ...) + NOT-FOR-US: iCMS +CVE-2021-44977 (In iCMS <=8.0.0, a directory traversal vulnerability allows an atta ...) + NOT-FOR-US: iCMS +CVE-2021-44976 + RESERVED +CVE-2021-44975 + RESERVED +CVE-2021-44974 + RESERVED +CVE-2021-44973 + RESERVED +CVE-2021-44972 + RESERVED +CVE-2021-44971 (Multiple Tenda devices are affected by authentication bypass, such as ...) + NOT-FOR-US: Tenda +CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) v ...) + NOT-FOR-US: MiniCMS +CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...) + NOT-FOR-US: Taocms +CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 ...) + NOT-FOR-US: IOBit Advanced SystemCare +CVE-2021-44967 + RESERVED +CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...) + NOT-FOR-US: PHPGURUKUL Employee Record Management System +CVE-2021-44965 (Directory traversal vulnerability in /admin/includes/* directory for P ...) + NOT-FOR-US: PHPGURUKUL Employee Record Management System +CVE-2021-44964 + RESERVED +CVE-2021-44963 + RESERVED +CVE-2021-44962 + RESERVED +CVE-2021-44961 + RESERVED +CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the ...) + - svgpp <unfixed> + [bullseye] - svgpp <no-dsa> (Minor issue) + [buster] - svgpp <no-dsa> (Minor issue) + NOTE: https://github.com/svgpp/svgpp/issues/101 +CVE-2021-44959 + RESERVED +CVE-2021-44958 + RESERVED +CVE-2021-44957 (Global buffer overflow vulnerability exist in ffjpeg through 01.01.202 ...) + NOT-FOR-US: ffjpeg +CVE-2021-44956 (Two Heap based buffer overflow vulnerabilities exist in ffjpeg through ...) + NOT-FOR-US: ffjpeg +CVE-2021-44955 + RESERVED +CVE-2021-44954 + RESERVED +CVE-2021-44953 + RESERVED +CVE-2021-44952 + RESERVED +CVE-2021-44951 + RESERVED +CVE-2021-44950 + RESERVED +CVE-2021-44949 (glFusion CMS 1.7.9 is affected by an access control vulnerability via ...) + NOT-FOR-US: glFusion CMS +CVE-2021-44948 + REJECTED +CVE-2021-44947 + RESERVED +CVE-2021-44946 + RESERVED +CVE-2021-44945 + RESERVED +CVE-2021-44944 + RESERVED +CVE-2021-44943 + RESERVED +CVE-2021-44942 (glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) ...) + NOT-FOR-US: glFusion CMS +CVE-2021-44941 + RESERVED +CVE-2021-44940 + RESERVED +CVE-2021-44939 + RESERVED +CVE-2021-44938 + RESERVED +CVE-2021-44937 (glFusion CMS v1.7.9 is affected by an arbitrary user registration vuln ...) + NOT-FOR-US: glFusion CMS +CVE-2021-44936 + RESERVED +CVE-2021-44935 (glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vul ...) + NOT-FOR-US: glFusion CMS +CVE-2021-44934 + RESERVED +CVE-2021-44933 + RESERVED +CVE-2021-44932 + RESERVED +CVE-2021-44931 + RESERVED +CVE-2021-44930 + RESERVED +CVE-2021-44929 + RESERVED +CVE-2021-44928 + RESERVED +CVE-2021-44927 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1960 + NOTE: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92 +CVE-2021-44926 (A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in t ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1961 + NOTE: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e +CVE-2021-44925 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1967 + NOTE: https://github.com/gpac/gpac/commit/a5a8dbcdd95666f763fe59ab65154ae9271a18f2 +CVE-2021-44924 (An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log func ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1959 + NOTE: https://github.com/gpac/gpac/commit/e2acb1511d1e69115141ea3080afd1cce6a15497 +CVE-2021-44923 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1962 + NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 +CVE-2021-44922 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the B ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1969 + NOTE: https://github.com/gpac/gpac/issues/1968 + NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a +CVE-2021-44921 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1964 + NOTE: https://github.com/gpac/gpac/commit/5b4a6417a90223f1ef6c0b41b055716f7bfbbca2 +CVE-2021-44920 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1957 + NOTE: https://github.com/gpac/gpac/commit/339fe399e7c8eab748bab76e9e6a9da7e117eeb4 +CVE-2021-44919 (A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_a ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1963 + NOTE: https://github.com/gpac/gpac/issues/1962 + NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 +CVE-2021-44918 (A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the g ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1968 + NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a +CVE-2021-44917 (A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d ...) + - gnuplot 5.4.2+dfsg2-2 (unimportant; bug #1002539) + NOTE: https://sourceforge.net/p/gnuplot/bugs/2474/ + NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/8938dfc937348f1d4e7b3d6ef6d44209b1d89473/ (master) + NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/acab14de21e323254507fca85f964e471258ac82/ (master) + NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/4cc2a4c83bc95470caa525cda52fba683e95bbb9/ (master) + NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/7285b0c578a067d8d9fe0566ccefaee131f62087/ (branch-5-4-stable) + NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/bac7cf51333242999ecb66883fd6076168ec3441/ (branch-5-4-stable) + NOTE: Crash in CLI tool, negligible security impact +CVE-2021-44916 (Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a ...) + NOT-FOR-US: Open-AudIT +CVE-2021-44915 + RESERVED +CVE-2021-44914 + RESERVED +CVE-2021-44913 + RESERVED +CVE-2021-44912 (In XE 1.116, when uploading the Normal button, there is no restriction ...) + NOT-FOR-US: XE +CVE-2021-44911 (XE before 1.11.6 is vulnerable to Unrestricted file upload via modules ...) + NOT-FOR-US: XE +CVE-2021-44910 + RESERVED +CVE-2021-44909 + RESERVED +CVE-2021-44908 + RESERVED +CVE-2021-44907 + RESERVED +CVE-2021-44906 + RESERVED +CVE-2021-44905 + RESERVED +CVE-2021-44904 + RESERVED +CVE-2021-44903 (Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable ...) + NOT-FOR-US: Micro-Star International (MSI) Center Pro +CVE-2021-44902 + RESERVED +CVE-2021-44901 (Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulner ...) + NOT-FOR-US: Micro-Star International (MSI) Dragon Center +CVE-2021-44900 (Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulner ...) + NOT-FOR-US: Micro-Star International (MSI) App Player +CVE-2021-44899 (Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to ...) + NOT-FOR-US: Micro-Star International (MSI) Center +CVE-2021-44898 + RESERVED +CVE-2021-44897 + RESERVED +CVE-2021-44896 (DMP Roadmap before 3.0.4 allows XSS. ...) + NOT-FOR-US: DMP Roadmap +CVE-2021-44895 + RESERVED +CVE-2021-44894 + RESERVED +CVE-2021-44893 + RESERVED +CVE-2021-44892 (A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x v ...) + NOT-FOR-US: ThinkPHP +CVE-2021-44891 + RESERVED +CVE-2021-44890 + RESERVED +CVE-2021-44889 + RESERVED +CVE-2021-44888 + RESERVED +CVE-2021-44887 + RESERVED +CVE-2021-44886 (In Zammad 5.0.2, agents can configure "out of office" periods and subs ...) + - zammad <itp> (bug #841355) +CVE-2021-44885 + RESERVED +CVE-2021-44884 + RESERVED +CVE-2021-44883 + RESERVED +CVE-2021-44882 (D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a ...) + NOT-FOR-US: D-Link +CVE-2021-44881 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...) + NOT-FOR-US: D-Link +CVE-2021-44880 (D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882 ...) + NOT-FOR-US: D-Link +CVE-2021-44879 (In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, ...) + - linux 5.16.7-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/02/12/1 + NOTE: Fixed by: https://git.kernel.org/linus/9056d6489f5a41cfbb67f719d2c0ce61ead72d9f (5.17-rc1) +CVE-2021-44878 (Pac4j v5.1 and earlier allows (by default) clients to accept and succe ...) + NOT-FOR-US: Pac4j +CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...) + NOT-FOR-US: Dalmark Systems Systeam +CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...) + NOT-FOR-US: Dalmark Systems Systeam +CVE-2021-44875 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...) + NOT-FOR-US: Dalmark Systems Systeam +CVE-2021-44874 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure de ...) + NOT-FOR-US: Dalmark Systems Systeam +CVE-2021-44873 + RESERVED +CVE-2021-44872 + RESERVED +CVE-2021-44871 + RESERVED +CVE-2021-44870 + RESERVED +CVE-2021-44869 + RESERVED +CVE-2021-44868 (A problem was found in ming-soft MCMS v5.1. There is a sql injection v ...) + NOT-FOR-US: ming-soft MCMS +CVE-2021-44867 + RESERVED +CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The ...) + NOT-FOR-US: Online-Movie-Ticket-Booking-System +CVE-2021-44865 + RESERVED +CVE-2021-44864 (TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buff ...) + NOT-FOR-US: TP-Link +CVE-2021-44863 + RESERVED +CVE-2021-44862 + RESERVED +CVE-2021-44861 + RESERVED +CVE-2021-44860 (An out-of-bounds read vulnerability exists when reading a TIF file usi ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44859 (An out-of-bounds read vulnerability exists when reading a TGA file usi ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44858 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + {DSA-5021-1 DLA-2847-1} + - mediawiki 1:1.35.5-1 + [buster] - mediawiki 1:1.31.16-1+deb10u2 + NOTE: https://phabricator.wikimedia.org/T297322 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ +CVE-2021-44857 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + {DSA-5021-1} + - mediawiki 1:1.35.5-1 + [buster] - mediawiki <not-affected> (Vulnerable code not present) + [stretch] - mediawiki <not-affected> (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T297322 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ +CVE-2021-44856 [Title blocked in AbuseFilter can be created via Special:ChangeContentModel] + RESERVED + - mediawiki 1:1.35.5-1 + [bullseye] - mediawiki <postponed> (Minor issue) + [buster] - mediawiki <postponed> (Minor issue) + [stretch] - mediawiki <postponed> (Minor issue) + NOTE: https://phabricator.wikimedia.org/T271037 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ +CVE-2021-44855 [Blind Stored XSS in VisualEditor media dialog] + RESERVED + - mediawiki 1:1.35.5-1 + [bullseye] - mediawiki <postponed> (Minor issue) + [buster] - mediawiki <not-affected> (Vulnerable code not present) + [stretch] - mediawiki <not-affected> (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T293589 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ +CVE-2021-44854 [REST API incorrectly publicly caches autocomplete search results from private wikis] + RESERVED + - mediawiki 1:1.35.5-1 + [bullseye] - mediawiki <postponed> (Minor issue) + [buster] - mediawiki <not-affected> (Vulnerable code not present) + [stretch] - mediawiki <not-affected> (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T292763 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ +CVE-2021-44853 + RESERVED +CVE-2021-44852 (An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1. ...) + NOT-FOR-US: Biostar RACING GT Evo +CVE-2021-44851 + RESERVED +CVE-2021-44850 (On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot i ...) + NOT-FOR-US: Xilinx Zynq-7000 SoC device +CVE-2021-44849 + RESERVED +CVE-2021-44848 (In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns dif ...) + NOT-FOR-US: Cibele Thinfinity VirtualUI +CVE-2021-44847 (A stack-based buffer overflow in handle_request function in DHT.c in t ...) + - libtoxcore 0.2.13-1 (bug #1001711) + [bullseye] - libtoxcore <no-dsa> (Minor issue) + [buster] - libtoxcore <no-dsa> (Minor issue) + NOTE: https://github.com/TokTok/c-toxcore/pull/1718 + NOTE: https://blog.tox.chat/2021/12/stack-based-buffer-overflow-vulnerability-in-udp-packet-handling-in-toxcore-cve-2021-44847/ + NOTE: Introduced by: https://github.com/TokTok/c-toxcore/commit/71260e38e8d12547b0e55916daf6cadd72f52e19 (v0.1.9) + NOTE: Fixed by: https://github.com/TokTok/c-toxcore/commit/1b02bad36864fdfc36694e3f96d2dc6c58a891e4 (v0.2.13) +CVE-2021-44846 + RESERVED +CVE-2021-44845 + RESERVED +CVE-2021-44844 + RESERVED +CVE-2021-44843 + RESERVED +CVE-2021-44842 + RESERVED +CVE-2021-44841 + RESERVED +CVE-2021-44840 (An issue was discovered in Delta RM 1.2. Using an privileged account, ...) + NOT-FOR-US: Delta RM +CVE-2021-44839 (An issue was discovered in Delta RM 1.2. It is possible to request a n ...) + NOT-FOR-US: Delta RM +CVE-2021-44838 (An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax ...) + NOT-FOR-US: Delta RM +CVE-2021-44837 (An issue was discovered in Delta RM 1.2. It is possible for an unprivi ...) + NOT-FOR-US: Delta RM +CVE-2021-44836 (An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/r ...) + NOT-FOR-US: Delta RM +CVE-2021-44835 + RESERVED +CVE-2021-44834 + RESERVED +CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...) + NOT-FOR-US: yetiforcecrm +CVE-2021-4106 (A vulnerability in Snow Inventory Java Scanner allows an attacker to r ...) + NOT-FOR-US: Snow Inventory Java Scanner +CVE-2021-4105 + RESERVED +CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...) + NOT-FOR-US: CLI for Amazon AWS OpenSearch +CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...) + {DLA-2905-1} + - apache-log4j1.2 1.2.17-11 + [bullseye] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default) + [buster] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/1 + NOTE: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 + NOTE: Issue for Log4j 1.2 when specifically configured to use JMSAppender (not the default) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2 +CVE-2021-4103 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...) + NOT-FOR-US: vditor +CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fi ...) + {DLA-2870-1} + - apache-log4j2 2.17.1-1 (bug #1002813) + [bullseye] - apache-log4j2 <no-dsa> (Minor issue; requires attacker with permissions to modify the logging configuration file) + [buster] - apache-log4j2 <no-dsa> (Minor issue; requires attacker with permissions to modify the logging configuration file) + NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832 + NOTE: https://issues.apache.org/jira/browse/LOG4J2-3293 + NOTE: https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 + NOTE: https://github.com/apache/logging-log4j2/commit/05db5f9527254632b59aed2a1d78a32c5ab74f16 (log4j-2.17.1-rc1) + NOTE: Fixed in 2.17.1, 2.12.4 and 2.3.2 +CVE-2021-44831 + RESERVED +CVE-2021-44830 + RESERVED +CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in AFI W ...) + NOT-FOR-US: AFI WebACMS +CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 ...) + NOT-FOR-US: ARM +CVE-2021-44827 + RESERVED +CVE-2021-44826 + RESERVED +CVE-2021-44825 + RESERVED +CVE-2021-44824 + RESERVED +CVE-2021-44823 + RESERVED +CVE-2021-44822 + RESERVED +CVE-2021-44821 + RESERVED +CVE-2021-44820 + RESERVED +CVE-2021-44819 + RESERVED +CVE-2021-44818 + RESERVED +CVE-2021-44817 + RESERVED +CVE-2021-44816 + RESERVED +CVE-2021-44815 + RESERVED +CVE-2021-44814 + RESERVED +CVE-2021-44813 + RESERVED +CVE-2021-44812 + RESERVED +CVE-2021-44811 + RESERVED +CVE-2021-44810 + RESERVED +CVE-2021-44809 + RESERVED +CVE-2021-44808 + RESERVED +CVE-2021-44807 + RESERVED +CVE-2021-44806 + RESERVED +CVE-2021-44805 + RESERVED +CVE-2021-44804 + RESERVED +CVE-2021-44803 + RESERVED +CVE-2021-44802 + RESERVED +CVE-2021-44801 + RESERVED +CVE-2021-44800 + RESERVED +CVE-2021-44799 + RESERVED +CVE-2021-44798 + RESERVED +CVE-2021-44797 + RESERVED +CVE-2021-44796 + RESERVED +CVE-2021-4102 (Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4101 (Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.466 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4100 (Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.11 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4099 (Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4098 (Insufficient data validation in Mojo in Google Chrome prior to 96.0.46 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Sequence ...) + NOT-FOR-US: phpservermon +CVE-2021-4096 + RESERVED +CVE-2021-44795 (Single Connect does not perform an authorization check when using the ...) + NOT-FOR-US: Single Connect +CVE-2021-44794 (Single Connect does not perform an authorization check when using the ...) + NOT-FOR-US: Single Connect +CVE-2021-44793 (Single Connect does not perform an authorization check when using the ...) + NOT-FOR-US: Single Connect +CVE-2021-44792 (Single Connect does not perform an authorization check when using the ...) + NOT-FOR-US: Kron Single Connect +CVE-2021-44791 + RESERVED +CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...) + {DSA-5035-1 DLA-2907-1} + - apache2 2.4.52-1 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790 + NOTE: Fixed by: https://svn.apache.org/r1896039 +CVE-2021-4095 + RESERVED + - linux <unfixed> + NOTE: https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/ + NOTE: https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/ + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2031194 +CVE-2021-4094 + RESERVED +CVE-2021-4093 (A flaw was found in the KVM's AMD code for supporting the Secure Encry ...) + - linux 5.14.16-1 + [bullseye] - linux <not-affected> (Vulnerable code not present) + [buster] - linux <not-affected> (Vulnerable code not present) + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/95e16b4792b0429f1933872f743410f00e590c55 (5.15-rc7) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584 +CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: yetiforcecrm +CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual attribu ...) + - 389-ds-base <unfixed> + [stretch] - 389-ds-base <not-affected> (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307 + NOTE: Introduced by: https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e (389-ds-base-1.3.6.4) +CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in the ...) + - linux 5.15.5-1 + [bullseye] - linux <not-affected> (Vulnerable code introduced later) + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025101 + NOTE: https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2) +CVE-2021-44789 + RESERVED +CVE-2021-44788 + RESERVED +CVE-2021-44787 + RESERVED +CVE-2021-44786 + RESERVED +CVE-2021-44785 + RESERVED +CVE-2021-44784 + RESERVED +CVE-2021-44783 + RESERVED +CVE-2021-44782 + RESERVED +CVE-2021-44781 + RESERVED +CVE-2021-44780 + RESERVED +CVE-2021-44764 + RESERVED +CVE-2021-4089 (snipe-it is vulnerable to Improper Access Control ...) + NOT-FOR-US: snipe-it +CVE-2021-37408 + RESERVED +CVE-2021-31565 + RESERVED +CVE-2021-26261 + RESERVED +CVE-2021-26255 + RESERVED +CVE-2021-23189 + RESERVED +CVE-2021-23175 (NVIDIA GeForce Experience contains a vulnerability in user authorizati ...) + NOT-FOR-US: NVIDIA GeForce Experience +CVE-2021-23171 + RESERVED +CVE-2021-23170 + RESERVED +CVE-2021-23148 + RESERVED +CVE-2021-44759 + RESERVED +CVE-2021-4088 (SQL injection vulnerability in Data Loss Protection (DLP) ePO extensio ...) + NOT-FOR-US: McAfee +CVE-2021-4087 + RESERVED +CVE-2021-4086 + RESERVED +CVE-2021-4085 + RESERVED +CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) + NOT-FOR-US: Pimcore +CVE-2021-4083 (A read-after-free memory flaw was found in the Linux kernel's garbage ...) + - linux 5.15.5-2 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4) +CVE-2021-4082 (pimcore is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: Pimcore +CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) + NOT-FOR-US: Pimcore +CVE-2021-44758 + RESERVED +CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Centr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44756 + RESERVED +CVE-2021-44755 + RESERVED +CVE-2021-44754 + RESERVED +CVE-2021-44753 + RESERVED +CVE-2021-44752 + RESERVED +CVE-2021-44751 + RESERVED +CVE-2021-44750 + RESERVED +CVE-2021-44749 + RESERVED +CVE-2021-44748 + RESERVED +CVE-2021-44747 + RESERVED +CVE-2021-44746 (UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior ...) + NOT-FOR-US: UNIVERGE +CVE-2021-44745 + RESERVED +CVE-2021-44744 + RESERVED +CVE-2021-44743 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44742 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44741 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44740 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...) + NOT-FOR-US: Adobe +CVE-2021-44545 + RESERVED +CVE-2021-44457 + RESERVED +CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...) + NOT-FOR-US: Intel +CVE-2021-43351 + RESERVED +CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...) + NOT-FOR-US: Crater +CVE-2021-26946 + RESERVED +CVE-2021-26254 + RESERVED +CVE-2021-23188 + RESERVED +CVE-2021-23168 + RESERVED +CVE-2021-23152 (Improper access control in the Intel(R) Advisor software before versio ...) + NOT-FOR-US: Intel +CVE-2021-23145 + RESERVED +CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile] + - rainloop 1.14.0-1 (bug #962629) + [buster] - rainloop <no-dsa> (Minor issue) + NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872 +CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...) + NOT-FOR-US: Lexmark +CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...) + NOT-FOR-US: Lexmark +CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...) + NOT-FOR-US: Lexmark +CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...) + NOT-FOR-US: Lexmark +CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...) + NOT-FOR-US: Lexmark +CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...) + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030747 +CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory condi ...) + [experimental] - mbedtls 2.28.0-0.1 + - mbedtls 2.28.0-0.3 (bug #1002631) + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12 + NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12) +CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when ...) + {DSA-5080-1} + - snapd <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2 +CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...) + {DSA-5080-1} + - snapd <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2 +CVE-2021-44729 + RESERVED +CVE-2021-44728 + RESERVED +CVE-2021-44727 + RESERVED +CVE-2021-44726 (KNIME Server before 4.13.4 allows XSS via the old WebPortal login page ...) + NOT-FOR-US: KNIME Server +CVE-2021-44725 (KNIME Server before 4.13.4 allows directory traversal in a request for ...) + NOT-FOR-US: KNIME Server +CVE-2021-44724 + RESERVED +CVE-2021-44723 + RESERVED +CVE-2021-44722 + RESERVED +CVE-2021-44721 + RESERVED +CVE-2021-44720 + RESERVED +CVE-2021-44719 + RESERVED +CVE-2021-44718 + RESERVED +CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operat ...) + {DLA-2892-1 DLA-2891-1} + - golang-1.17 1.17.5-1 + - golang-1.15 1.15.15-5 + [bullseye] - golang-1.15 1.15.15-1~deb11u2 + - golang-1.11 <removed> + [buster] - golang-1.11 <no-dsa> (Minor issue) + - golang-1.8 <removed> + - golang-1.7 <removed> + NOTE: https://github.com/golang/go/issues/50057 + NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ + NOTE: https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee (go1.17.5) + NOTE: https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.16.12) +CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ...) + {DLA-2892-1 DLA-2891-1} + - golang-1.17 1.17.5-1 + - golang-1.15 1.15.15-5 + [bullseye] - golang-1.15 1.15.15-1~deb11u2 + - golang-1.11 <removed> + - golang-1.8 <removed> + - golang-1.7 <removed> + - golang-golang-x-net 1:0.0+git20211209.491a49a+dfsg-1 + - golang-golang-x-net-dev <removed> + [stretch] - golang-golang-x-net-dev <postponed> (Limited support in stretch) + NOTE: https://github.com/golang/go/issues/50058 + NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ + NOTE: https://github.com/golang/go/commit/48d948963c5ce7add72af5665a871caff6c1d35a (go1.17.5) + NOTE: https://github.com/golang/go/commit/d0aebe3e74fe14799f97ddd3f01129697c6a290a (go1.16.12) + NOTE: https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70 +CVE-2021-44715 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44714 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44713 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44712 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44711 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44710 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44709 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44708 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44707 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44706 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44705 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44704 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44703 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44702 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...) + NOT-FOR-US: Adobe +CVE-2021-44701 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44700 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44699 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) + NOT-FOR-US: Adobe +CVE-2021-44698 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) + NOT-FOR-US: Adobe +CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) + NOT-FOR-US: Adobe +CVE-2021-44696 + RESERVED +CVE-2021-44695 + RESERVED +CVE-2021-44694 + RESERVED +CVE-2021-44693 + RESERVED +CVE-2021-4079 (Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4078 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4077 + RESERVED +CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()] + RESERVED + {DSA-5025-1} + - tang 11-1 + [buster] - tang <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/latchset/tang/pull/81 + NOTE: Introduced by: https://github.com/latchset/tang/commit/609050586e4863329d2db9b7cb73da5c09eeea2b (v8) + NOTE: Fixed by: https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 (v11) +CVE-2021-44692 (BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the ...) + NOT-FOR-US: BuddyBoss Platform +CVE-2021-44691 + RESERVED +CVE-2021-44690 + RESERVED +CVE-2021-44689 + RESERVED +CVE-2021-44688 + RESERVED +CVE-2021-44687 + RESERVED +CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is vulnerable ...) + - calibre 5.33.0+dfsg-1 + [bullseye] - calibre <no-dsa> (Minor issue) + [buster] - calibre <no-dsa> (Minor issue) + [stretch] - calibre <no-dsa> (Minor issue) + NOTE: https://bugs.launchpad.net/calibre/+bug/1951979 + NOTE: https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0) +CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches Aren' ...) + NOT-FOR-US: git-it +CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...) + NOT-FOR-US: naholyr github-todos +CVE-2021-44683 + RESERVED +CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault through 1 ...) + NOT-FOR-US: Veritas +CVE-2021-44681 (An issue (5 of 6) was discovered in Veritas Enterprise Vault through 1 ...) + NOT-FOR-US: Veritas +CVE-2021-44680 (An issue (4 of 6) was discovered in Veritas Enterprise Vault through 1 ...) + NOT-FOR-US: Veritas +CVE-2021-44679 (An issue (3 of 6) was discovered in Veritas Enterprise Vault through 1 ...) + NOT-FOR-US: Veritas +CVE-2021-44678 (An issue (2 of 6) was discovered in Veritas Enterprise Vault through 1 ...) + NOT-FOR-US: Veritas +CVE-2021-44677 (An issue (1 of 6) was discovered in Veritas Enterprise Vault through 1 ...) + NOT-FOR-US: Veritas +CVE-2021-44676 (Zoho ManageEngine Access Manager Plus before 4203 allows anyone to vie ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44675 (Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vuln ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) ...) + NOT-FOR-US: snipe-it +CVE-2021-4074 (The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web Page ...) + NOT-FOR-US: elgg +CVE-2021-4071 + RESERVED +CVE-2021-44674 (An information exposure issue has been discovered in Opmantek Open-Aud ...) + NOT-FOR-US: Open-AudIT +CVE-2021-44673 + RESERVED +CVE-2021-44672 + RESERVED +CVE-2021-44671 + RESERVED +CVE-2021-44670 + RESERVED +CVE-2021-44669 + RESERVED +CVE-2021-44668 + RESERVED +CVE-2021-44667 + RESERVED +CVE-2021-44666 + RESERVED +CVE-2021-44665 + RESERVED +CVE-2021-44664 + RESERVED +CVE-2021-44663 + RESERVED +CVE-2021-44662 + RESERVED +CVE-2021-44661 + RESERVED +CVE-2021-44660 + RESERVED +CVE-2021-44659 (Adding a new pipeline in GoCD server version 21.3.0 has a functionalit ...) + NOT-FOR-US: GoCD server +CVE-2021-44658 + RESERVED +CVE-2021-44657 (In StackStorm versions prior to 3.6.0, the jinja interpreter was not r ...) + NOT-FOR-US: StackStorm +CVE-2021-44656 + RESERVED +CVE-2021-44655 (Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQ ...) + NOT-FOR-US: Online Pre-owned/Used Car Showroom Management System +CVE-2021-44654 + RESERVED +CVE-2021-44653 (Online Magazine Management System 1.0 contains a SQL injection authent ...) + NOT-FOR-US: Online Magazine Management System +CVE-2021-44652 (Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote co ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44651 (Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote co ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44650 (Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote co ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44649 (Django CMS 3.7.3 does not validate the plugin_type parameter while gen ...) + - python-django-cms <itp> (bug #516183) +CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulner ...) + - gdk-pixbuf <unfixed> + [buster] - gdk-pixbuf <not-affected> (Vulnerable code introduced later) + [stretch] - gdk-pixbuf <not-affected> (Vulnerable code introduced later) + NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136 + NOTE: https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/ + NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/b88f1ce91a610a4e491a4ad6352183791e78afac (2.39.2) +CVE-2021-44647 (Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcname ...) + - lua5.4 5.4.4-1 (bug #1004189) + NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00195.html + NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00204.html + NOTE: Fixed by: https://github.com/lua/lua/commit/1de95e97ef65632a88e08b6184bd9d1ceba7ec2f + TODO: check older versions if issue is present, reproducer do not crash, but needs inspection of the code yet +CVE-2021-44646 + RESERVED +CVE-2021-44645 + RESERVED +CVE-2021-44644 + RESERVED +CVE-2021-44643 + RESERVED +CVE-2021-44642 + RESERVED +CVE-2021-44641 + RESERVED +CVE-2021-44640 + RESERVED +CVE-2021-44639 + RESERVED +CVE-2021-44638 + RESERVED +CVE-2021-44637 + RESERVED +CVE-2021-44636 + RESERVED +CVE-2021-44635 + RESERVED +CVE-2021-44634 + RESERVED +CVE-2021-44633 + RESERVED +CVE-2021-44632 + RESERVED +CVE-2021-44631 + RESERVED +CVE-2021-44630 + RESERVED +CVE-2021-44629 + RESERVED +CVE-2021-44628 + RESERVED +CVE-2021-44627 + RESERVED +CVE-2021-44626 + RESERVED +CVE-2021-44625 + RESERVED +CVE-2021-44624 + RESERVED +CVE-2021-44623 + RESERVED +CVE-2021-44622 + RESERVED +CVE-2021-44621 + RESERVED +CVE-2021-44620 + RESERVED +CVE-2021-44619 + RESERVED +CVE-2021-44618 + RESERVED +CVE-2021-44617 + RESERVED +CVE-2021-44616 + RESERVED +CVE-2021-44615 + RESERVED +CVE-2021-44614 + RESERVED +CVE-2021-44613 + RESERVED +CVE-2021-44612 + RESERVED +CVE-2021-44611 + RESERVED +CVE-2021-44610 + RESERVED +CVE-2021-44609 + RESERVED +CVE-2021-44608 + RESERVED +CVE-2021-44607 + RESERVED +CVE-2021-44606 + RESERVED +CVE-2021-44605 + RESERVED +CVE-2021-44604 + RESERVED +CVE-2021-44603 + RESERVED +CVE-2021-44602 + RESERVED +CVE-2021-44601 + RESERVED +CVE-2021-44600 (The password parameter on Simple Online Mens Salon Management System ( ...) + NOT-FOR-US: Simple Online Mens Salon Management System (MSMS) +CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 system a ...) + NOT-FOR-US: Online Enrollment Management System +CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scripting ...) + NOT-FOR-US: Attendance Management System +CVE-2021-44597 + RESERVED +CVE-2021-44596 + RESERVED +CVE-2021-44595 + RESERVED +CVE-2021-44594 + RESERVED +CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...) + NOT-FOR-US: Simple College Website +CVE-2021-44592 + RESERVED +CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...) + - ming <removed> + NOTE: https://github.com/libming/libming/issues/235 +CVE-2021-44590 (In libming 0.4.8, a memory exhaustion vulnerability exist in the funct ...) + - ming <removed> + NOTE: https://github.com/libming/libming/issues/236 +CVE-2021-44589 + RESERVED +CVE-2021-44588 + RESERVED +CVE-2021-44587 + RESERVED +CVE-2021-44586 (An issue was discovered in dst-admin v1.3.0. The product has an unauth ...) + NOT-FOR-US: dst-admin +CVE-2021-44585 + RESERVED +CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog version ...) + NOT-FOR-US: emlog +CVE-2021-44583 + RESERVED +CVE-2021-44582 + RESERVED +CVE-2021-44581 + RESERVED +CVE-2021-44580 + RESERVED +CVE-2021-44579 + RESERVED +CVE-2021-44578 + RESERVED +CVE-2021-44577 (Two heap-overflow vulnerabilities exist in openSUSE libsolv through 13 ...) + - libsolv 0.7.17-1 (unimportant) + NOTE: https://github.com/openSUSE/libsolv/issues/428 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) + NOTE: Issue is fixed in the testcase; negligible security impact +CVE-2021-44576 (Two memory vulnerabilities exists in openSUSE libsolv through 13 Dec 2 ...) + - libsolv 0.7.17-1 (unimportant) + NOTE: https://github.com/openSUSE/libsolv/issues/426 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) + NOTE: Issue is fixed in the testcase; negligible security impact +CVE-2021-44575 (Two heap-overflow vulnerabilities exists in openSUSE libsolv through 1 ...) + - libsolv 0.7.17-1 (unimportant) + NOTE: https://github.com/openSUSE/libsolv/issues/427 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) + NOTE: Issue is fixed in the testcase; negligible security impact +CVE-2021-44574 (A heap-overflow vulnerability exists in openSUSE libsolv through 13 De ...) + - libsolv 0.7.17-1 (unimportant) + NOTE: https://github.com/openSUSE/libsolv/issues/429 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) + NOTE: Issue is fixed in the testcase; negligible security impact +CVE-2021-44573 (Two heap overflow vulnerabilities exist in oenSUSE libsolv through 13 ...) + - libsolv 0.7.17-1 (unimportant) + NOTE: https://github.com/openSUSE/libsolv/issues/430 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) + NOTE: Issue is fixed in the testcase; negligible security impact +CVE-2021-44572 + RESERVED +CVE-2021-44571 (A heap overflow vulnerability exisfts in openSUSE libsolv through 13 D ...) + - libsolv 0.7.17-1 (unimportant) + NOTE: https://github.com/openSUSE/libsolv/issues/421 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) + NOTE: Issue is fixed in the testcase; negligible security impact +CVE-2021-44570 (Two heap-overflow vulnerabilities exists in openSUSE/libsolv through 1 ...) + - libsolv 0.7.17-1 (unimportant) + NOTE: https://github.com/openSUSE/libsolv/issues/424 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) + NOTE: Issue is fixed in the testcase; negligible security impact +CVE-2021-44569 (A heap-buffer openSUSE libsolv through 13 Dec 2020 exists in the solve ...) + - libsolv 0.7.17-1 (unimportant) + NOTE: https://github.com/openSUSE/libsolv/issues/423 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) + NOTE: Issue is fixed in the testcase; negligible security impact +CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv th ...) + - libsolv 0.7.17-1 (unimportant) + NOTE: https://github.com/openSUSE/libsolv/issues/425 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) + NOTE: Issue is fixed in the testcase; negligible security impact +CVE-2021-44567 + RESERVED +CVE-2021-44566 + RESERVED +CVE-2021-44565 + RESERVED +CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101 product, ...) + NOT-FOR-US: SYNC2101 +CVE-2021-44563 + RESERVED +CVE-2021-44562 + RESERVED +CVE-2021-44561 + RESERVED +CVE-2021-44560 + RESERVED +CVE-2021-44559 + RESERVED +CVE-2021-44558 + RESERVED +CVE-2021-44557 (National Library of the Netherlands multiNER <= c0440948057afc6e3d6 ...) + NOT-FOR-US: National Library of the Netherlands multiNER +CVE-2021-44556 (National Library of the Netherlands digger < 6697d1269d981e35e11f24 ...) + NOT-FOR-US: National Library of the Netherlands digger +CVE-2021-44555 + RESERVED +CVE-2021-44554 (Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate ...) + NOT-FOR-US: Thinfinity VirtualUI +CVE-2021-44553 + RESERVED +CVE-2021-44552 + RESERVED +CVE-2021-44551 + RESERVED +CVE-2021-44550 + RESERVED +CVE-2021-4070 + RESERVED +CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of ...) + NOT-FOR-US: Apache Sling +CVE-2021-4069 (vim is vulnerable to Use After Free ...) + - vim 2:8.2.3995-1 + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/ + NOTE: https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 (v8.2.3741) +CVE-2021-44548 (An Improper Input Validation vulnerability in DataImportHandler of Apa ...) + - lucene-solr <not-affected> (Issue only affects Windows) + NOTE: https://issues.apache.org/jira/browse/SOLR-15826 +CVE-2021-4068 (Insufficient data validation in new tab page in Google Chrome prior to ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4067 (Use after free in window manager in Google Chrome on ChromeOS prior to ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4066 (Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allo ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4065 (Use after free in autofill in Google Chrome prior to 96.0.4664.93 allo ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4064 (Use after free in screen capture in Google Chrome on ChromeOS prior to ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4063 (Use after free in developer tools in Google Chrome prior to 96.0.4664. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4062 (Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4061 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4060 + RESERVED +CVE-2021-4059 (Insufficient data validation in loader in Google Chrome prior to 96.0. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4058 (Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4057 (Use after free in file API in Google Chrome prior to 96.0.4664.93 allo ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4056 (Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowe ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4055 (Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4054 (Incorrect security UI in autofill in Google Chrome prior to 96.0.4664. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4053 (Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4052 (Use after free in web apps in Google Chrome prior to 96.0.4664.93 allo ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-4051 + RESERVED +CVE-2021-44543 (An XSS vulnerability was found in Privoxy which was fixed in cgi_error ...) + {DLA-2844-1} + - privoxy 3.0.33-1 + [bullseye] - privoxy 3.0.32-2+deb11u1 + [buster] - privoxy <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409cbf4ab8bf2d79be204bd4e81a00d85 (v_3_0_33) +CVE-2021-44542 (A memory leak vulnerability was found in Privoxy when handling errors. ...) + - privoxy 3.0.33-1 + [bullseye] - privoxy 3.0.32-2+deb11u1 + [buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29) + [stretch] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08996116cbcea55cd3fc6c2a558e499a (v_3_0_33) +CVE-2021-44541 (A vulnerability was found in Privoxy which was fixed in process_encryp ...) + - privoxy 3.0.33-1 + [bullseye] - privoxy 3.0.32-2+deb11u1 + [buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29) + [stretch] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0509c58045b26463844188e07c5e87c74ea21044 (v_3_0_33) +CVE-2021-44540 (A vulnerability was found in Privoxy which was fixed in get_url_spec_p ...) + {DLA-2844-1} + - privoxy 3.0.33-1 + [bullseye] - privoxy 3.0.32-2+deb11u1 + [buster] - privoxy <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a (v_3_0_33) +CVE-2021-43353 (The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: WordPress plugin +CVE-2021-41836 (The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + NOT-FOR-US: livehelperchat +CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: livehelperchat +CVE-2021-44539 + RESERVED +CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 is vul ...) + {DSA-5034-1 DLA-2874-1} + - element-web <itp> (bug #866502) + - olm 3.2.8~dfsg-1 (bug #1001664) + [bullseye] - olm <no-dsa> (Minor issue) + [buster] - olm <not-affected> (Vulnerable code introduced later) + - thunderbird 1:91.4.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-44538 + NOTE: https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk/ + NOTE: Introduced by: https://gitlab.matrix.org/matrix-org/olm/-/commit/39a1ee0b18f0fced6d7bc293cc9a46ea70ec9e96 (3.1.4) + NOTE: Fixed by: https://gitlab.matrix.org/matrix-org/olm/-/commit/c23ce70fc66c26db5839ddb5a3b46d4c3d3abed6 (3.2.8) +CVE-2021-44537 (ownCloud owncloud/client before 2.9.2 allows Resource Injection by a s ...) + - owncloud-client <unfixed> + NOTE: https://owncloud.com/security-advisories/cve-2021-44537/ +CVE-2021-44536 + RESERVED +CVE-2021-44535 + RESERVED +CVE-2021-44534 + RESERVED +CVE-2021-44533 [Incorrect handling of certificate subject and issuer fields] + RESERVED + - nodejs <unfixed> (bug #1004177) + [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#incorrect-handling-of-certificate-subject-and-issuer-fields-medium-cve-2021-44533 + NOTE: https://github.com/nodejs/node/commit/8c2db2c86baff110a1d905ed1e0dd4e1c4fd2dd1 (v12.x) +CVE-2021-44532 [Certificate Verification Bypass via String Injection] + RESERVED + - nodejs <unfixed> (bug #1004177) + [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#certificate-verification-bypass-via-string-injection-medium-cve-2021-44532 + NOTE: https://github.com/nodejs/node/commit/19873abfb24dce75ffff042efe76dc5633052677 (v12.x) +CVE-2021-44531 [Improper handling of URI Subject Alternative Names] + RESERVED + - nodejs <unfixed> (bug #1004177) + [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#improper-handling-of-uri-subject-alternative-names-medium-cve-2021-44531 + NOTE: https://github.com/nodejs/node/commit/e0fe6a635e5929a364986a6c39dc3585b9ddcd85 (v12.x) + NOTE: https://github.com/nodejs/node/commit/a5c7843cab6fdb9c845edadc2a7b9b30e02c8bf2 (v12.x) +CVE-2021-44530 (An injection vulnerability exists in a third-party library used in Uni ...) + NOT-FOR-US: UniFi Network +CVE-2021-44529 (A code injection vulnerability in the Ivanti EPM Cloud Services Applia ...) + NOT-FOR-US: Ivanti +CVE-2021-44528 (A open redirect vulnerability exists in Action Pack >= 6.0.0 that c ...) + - rails <unfixed> (bug #1001817) + [buster] - rails <not-affected> (Vulnerable code introduced later) + [stretch] - rails <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/5 + NOTE: https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815 (master) + NOTE: https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107 (v6.1.4.2) + NOTE: https://github.com/rails/rails/commit/fd6a64fef1d0f7f40a8d4b046da882e83163299c (v6.0.4.2) + NOTE: Introduced by: https://github.com/rails/rails/commit/07ec8062e605ba4e9bd153e1d264b02ac4ab8a0f (v6.0.0.beta1) +CVE-2021-44527 (A vulnerability found in UniFi Switch firmware Version 5.43.35 and ear ...) + NOT-FOR-US: UniFi Switch firmware +CVE-2021-44526 (Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44525 (Zoho ManageEngine PAM360 before build 5303 allows attackers to modify ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44524 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...) + NOT-FOR-US: SiPass +CVE-2021-44523 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...) + NOT-FOR-US: SiPass +CVE-2021-44522 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...) + NOT-FOR-US: SiPass +CVE-2021-44477 + RESERVED +CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, an ...) + - lapack 3.10.0-2 (bug #1001902) + [bullseye] - lapack <no-dsa> (Minor issue) + [buster] - lapack <no-dsa> (Minor issue) + [stretch] - lapack <no-dsa> (Minor issue) + - openblas 0.3.18+ds-1 + [bullseye] - openblas <no-dsa> (Minor issue) + [buster] - openblas <no-dsa> (Minor issue) + [stretch] - openblas <no-dsa> (Minor issue) + NOTE: https://github.com/Reference-LAPACK/lapack/pull/625 + NOTE: https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781 + NOTE: https://github.com/JuliaLang/julia/issues/42415 + NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41 (v0.3.18) + NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c (v0.3.18) + NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7 (v0.3.18) + NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7 (v0.3.18) +CVE-2021-4047 + RESERVED + NOT-FOR-US: Red Hat OpenShift 4.9 incomplete fix for CVE-2021-39242 +CVE-2021-23198 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the passw ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-44521 (When running Apache Cassandra with the following configuration: enable ...) + - cassandra <itp> (bug #585905) +CVE-2021-4046 (The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an att ...) + NOT-FOR-US: TCMAN GIM +CVE-2021-4045 + RESERVED +CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...) + [experimental] - openssl 3.0.1-1 + - openssl <not-affected> (Vulnerable code not present) + NOTE: https://www.openssl.org/news/secadv/20211214.txt +CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0 ...) + - gpac <unfixed> + [bullseye] - gpac <no-dsa> (Minor issue) + [buster] - gpac <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/d7a534cb-df7a-48ba-8ce3-46b1551a9c47 + NOTE: https://github.com/gpac/gpac/issues/2092 + NOTE: https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db +CVE-2021-4042 + RESERVED +CVE-2021-4041 [Improper shell escaping in ansible-runner] + RESERVED + - ansible-runner 2.1.1-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028074 + NOTE: https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd (2.1.0) +CVE-2021-4040 + RESERVED + NOT-FOR-US: Red Hat AMQ Broker +CVE-2021-4039 + RESERVED +CVE-2021-44520 + RESERVED +CVE-2021-44519 + RESERVED +CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...) + NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for Android +CVE-2021-44517 + RESERVED +CVE-2021-44516 + RESERVED +CVE-2021-44515 (Zoho ManageEngine Desktop Central is vulnerable to authentication bypa ...) + NOT-FOR-US: ManageEngine +CVE-2021-44514 (OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles a ...) + NOT-FOR-US: ManageEngine +CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server 2.3.0 a ...) + - tmate-ssh-server <unfixed> (bug #1001225) + [bullseye] - tmate-ssh-server <no-dsa> (Minor issue) + NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388 +CVE-2021-44512 (World-writable permissions on the /tmp/tmate/sessions directory in tma ...) + - tmate-ssh-server <unfixed> (bug #1001225) + [bullseye] - tmate-ssh-server <no-dsa> (Minor issue) + NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388 +CVE-2021-44511 + RESERVED +CVE-2021-44510 + RESERVED +CVE-2021-44509 + RESERVED +CVE-2021-44508 + RESERVED +CVE-2021-44507 + RESERVED +CVE-2021-44506 + RESERVED +CVE-2021-44505 + RESERVED +CVE-2021-44504 + RESERVED +CVE-2021-44503 + RESERVED +CVE-2021-44502 + RESERVED +CVE-2021-44501 + RESERVED +CVE-2021-44500 + RESERVED +CVE-2021-44499 + RESERVED +CVE-2021-44498 + RESERVED +CVE-2021-44497 + RESERVED +CVE-2021-44496 + RESERVED +CVE-2021-44495 + RESERVED +CVE-2021-44494 + RESERVED +CVE-2021-44493 + RESERVED +CVE-2021-44492 + RESERVED +CVE-2021-44491 + RESERVED +CVE-2021-44490 + RESERVED +CVE-2021-44489 + RESERVED +CVE-2021-44488 + RESERVED +CVE-2021-44487 + RESERVED +CVE-2021-44486 + RESERVED +CVE-2021-44485 + RESERVED +CVE-2021-44484 + RESERVED +CVE-2021-44483 + RESERVED +CVE-2021-44482 + RESERVED +CVE-2021-44481 + RESERVED +CVE-2021-44480 (Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who ...) + NOT-FOR-US: Wokka Lokka Q50 devices +CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wlength ...) + NOT-FOR-US: NXP Kinetis K82 devices +CVE-2021-44478 + RESERVED +CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...) + NOT-FOR-US: McAfee +CVE-2021-44470 + RESERVED +CVE-2021-4037 [security regression for CVE-2018-13405] + RESERVED + - linux 5.14.6-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027239 + NOTE: https://git.kernel.org/linus/01ea173e103edd5ec41acec65b9261b87e123fc2 (5.12-rc1) +CVE-2021-4036 + RESERVED +CVE-2021-37409 + RESERVED +CVE-2021-37405 + RESERVED +CVE-2021-33847 + RESERVED +CVE-2021-26950 + RESERVED +CVE-2021-26258 + RESERVED +CVE-2021-26257 + RESERVED +CVE-2021-26251 + RESERVED +CVE-2021-23223 + RESERVED +CVE-2021-23179 + RESERVED +CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...) + NOT-FOR-US: Vigilant Software Suite (Mastermed Dashboard) +CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-44451 (Apache Superset up to and including 1.3.2 allowed for registered datab ...) + NOT-FOR-US: Apache Superset +CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44449 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44448 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44447 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44446 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44445 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44444 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44443 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44442 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44441 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44440 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44439 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44438 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44437 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44436 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44435 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44434 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44433 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44432 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) +CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...) + NOT-FOR-US: Fresenius Kabi Agilia Link +CVE-2021-4035 (A stored cross site scripting have been identified at the comments in ...) + NOT-FOR-US: Wocu Monitoring +CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) +CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) +CVE-2021-33843 (Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configur ...) + NOT-FOR-US: Fresenius Kabi Agilia Link +CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 ...) + NOT-FOR-US: Fresenius Kabi Agilia Link +CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device. ...) + NOT-FOR-US: Fresenius Kabi Agilia Link+ +CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can ...) + NOT-FOR-US: Fresenius Kabi Agilia Link +CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...) + NOT-FOR-US: Fresenius Kabi Vigilant MasterMed +CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...) + NOT-FOR-US: Agilia Link+ +CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) +CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...) + NOT-FOR-US: Serva +CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...) + NOT-FOR-US: Pinkie +CVE-2021-44427 (An unauthenticated SQL Injection vulnerability in Rosario Student Info ...) + NOT-FOR-US: Rosario Student Information System +CVE-2021-44426 + RESERVED +CVE-2021-44425 + RESERVED +CVE-2021-44424 + RESERVED +CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP file usi ...) + NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer +CVE-2021-44422 (An Improper Input Validation Vulnerability exists when reading a BMP f ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44421 + RESERVED +CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...) + - python-django 2:3.2.10-1 + [bullseye] - python-django 2:2.2.25-1~deb11u1 + [buster] - python-django <no-dsa> (Minor issue) + [stretch] - python-django <not-affected> (Vulnerable code not present; path converters added later) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1 + NOTE: https://www.djangoproject.com/weblog/2021/dec/07/security-releases/ + NOTE: https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a (3.2.10) + NOTE: https://github.com/django/django/commit/7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7 (2.2.25) +CVE-2021-44419 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44418 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44417 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44416 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44415 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44414 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44413 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44412 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44411 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44410 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44409 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44408 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44407 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44406 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44405 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44404 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44403 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44402 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44401 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44400 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44399 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44398 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44397 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44396 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44395 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44394 + RESERVED +CVE-2021-44393 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44392 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44391 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44390 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44389 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44388 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44387 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44386 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44385 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44384 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44383 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44382 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44381 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44380 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44379 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44378 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44377 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44376 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44375 + RESERVED +CVE-2021-44374 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44373 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44372 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44371 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44370 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44369 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44368 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44367 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44366 + RESERVED +CVE-2021-44365 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44364 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44363 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44362 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44361 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44360 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44359 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44358 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44357 + RESERVED +CVE-2021-44356 + RESERVED +CVE-2021-44355 + RESERVED +CVE-2021-44354 + RESERVED +CVE-2021-4034 (A local privilege escalation vulnerability was found on polkit's pkexe ...) + {DSA-5059-1 DLA-2899-1} + - policykit-1 0.105-31.1 + NOTE: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt + NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/11 +CVE-2021-4033 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: kimai2 +CVE-2021-44353 + RESERVED +CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V ...) + NOT-FOR-US: Tenda +CVE-2021-44351 (An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /na ...) + NOT-FOR-US: NavigateCMS +CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via ...) + NOT-FOR-US: ThinkPHP5 +CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...) + NOT-FOR-US: TuziCMS +CVE-2021-44348 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...) + NOT-FOR-US: TuziCMS +CVE-2021-44347 (SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Con ...) + NOT-FOR-US: TuziCMS +CVE-2021-44346 + RESERVED +CVE-2021-44345 + RESERVED +CVE-2021-44344 + RESERVED +CVE-2021-44343 + RESERVED +CVE-2021-44342 + RESERVED +CVE-2021-44341 + RESERVED +CVE-2021-44340 + RESERVED +CVE-2021-44339 + RESERVED +CVE-2021-44338 + RESERVED +CVE-2021-44337 + RESERVED +CVE-2021-44336 + RESERVED +CVE-2021-44335 + RESERVED +CVE-2021-44334 + RESERVED +CVE-2021-44333 + RESERVED +CVE-2021-44332 + RESERVED +CVE-2021-44331 + RESERVED +CVE-2021-44330 + RESERVED +CVE-2021-44329 + RESERVED +CVE-2021-44328 + RESERVED +CVE-2021-44327 + RESERVED +CVE-2021-44326 + RESERVED +CVE-2021-44325 + RESERVED +CVE-2021-44324 + RESERVED +CVE-2021-44323 + RESERVED +CVE-2021-44322 + RESERVED +CVE-2021-44321 + RESERVED +CVE-2021-44320 + RESERVED +CVE-2021-44319 + RESERVED +CVE-2021-44318 + RESERVED +CVE-2021-44317 (In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us ...) + NOT-FOR-US: Bus Pass Management System +CVE-2021-44316 + RESERVED +CVE-2021-44315 (In Bus Pass Management System v1.0, Directory Listing/Browsing is enab ...) + NOT-FOR-US: Bus Pass Management System +CVE-2021-44314 + RESERVED +CVE-2021-44313 + RESERVED +CVE-2021-44312 + RESERVED +CVE-2021-44311 + RESERVED +CVE-2021-44310 + RESERVED +CVE-2021-44309 + RESERVED +CVE-2021-44308 + RESERVED +CVE-2021-44307 + RESERVED +CVE-2021-44306 + RESERVED +CVE-2021-44305 + RESERVED +CVE-2021-44304 + RESERVED +CVE-2021-44303 + RESERVED +CVE-2021-44302 (BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection v ...) + NOT-FOR-US: BaiCloud-cms +CVE-2021-44301 + RESERVED +CVE-2021-44300 + RESERVED +CVE-2021-44299 (A reflected cross-site scripting (XSS) vulnerability in \lib\packages\ ...) + NOT-FOR-US: Navigate CMS +CVE-2021-44298 + RESERVED +CVE-2021-44297 + RESERVED +CVE-2021-44296 + RESERVED +CVE-2021-44295 + RESERVED +CVE-2021-44294 + RESERVED +CVE-2021-44293 + RESERVED +CVE-2021-44292 + RESERVED +CVE-2021-44291 + RESERVED +CVE-2021-44290 + RESERVED +CVE-2021-44289 + RESERVED +CVE-2021-44288 + RESERVED +CVE-2021-44287 + RESERVED +CVE-2021-44286 + RESERVED +CVE-2021-44285 + RESERVED +CVE-2021-44284 + RESERVED +CVE-2021-44283 + RESERVED +CVE-2021-44282 + RESERVED +CVE-2021-44281 + RESERVED +CVE-2021-44280 (attendance management system 1.0 is affected by a SQL injection vulner ...) + NOT-FOR-US: attendance management system +CVE-2021-44279 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: LibreNMS +CVE-2021-44278 (Librenms 21.11.0 is affected by a path manipulation vulnerability in i ...) + NOT-FOR-US: LibreNMS +CVE-2021-44277 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: LibreNMS +CVE-2021-44276 + RESERVED +CVE-2021-44275 + RESERVED +CVE-2021-44274 + RESERVED +CVE-2021-44273 (e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate ...) + - e2guardian 5.3.5-3 (bug #1003125) + [bullseye] - e2guardian <no-dsa> (Minor issue) + [buster] - e2guardian <no-dsa> (Minor issue) + [stretch] - e2guardian <no-dsa> (Minor issue; can be fixed later) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/23/2 + NOTE: https://github.com/e2guardian/e2guardian/issues/707 + NOTE: Fixed by: https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2 +CVE-2021-44272 + RESERVED +CVE-2021-44271 + RESERVED +CVE-2021-44270 + RESERVED +CVE-2021-44269 + RESERVED +CVE-2021-44268 + RESERVED +CVE-2021-44267 + RESERVED +CVE-2021-44266 + RESERVED +CVE-2021-44265 + RESERVED +CVE-2021-44264 + RESERVED +CVE-2021-44263 (Gurock TestRail before 7.2.4 mishandles HTML escaping. ...) + NOT-FOR-US: Gurock TestRail +CVE-2021-44262 + RESERVED +CVE-2021-44261 + RESERVED +CVE-2021-44260 + RESERVED +CVE-2021-44259 + RESERVED +CVE-2021-44258 + RESERVED +CVE-2021-44257 + RESERVED +CVE-2021-44256 + RESERVED +CVE-2021-44255 (Authenticated remote code execution in MotionEye <= 0.42.1 and Moti ...) + NOT-FOR-US: MotionEye +CVE-2021-44254 + RESERVED +CVE-2021-44253 + RESERVED +CVE-2021-44252 + RESERVED +CVE-2021-44251 + RESERVED +CVE-2021-44250 + RESERVED +CVE-2021-44249 (Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Ti ...) + NOT-FOR-US: Online Motorcycle (Bike) Rental System +CVE-2021-44248 + RESERVED +CVE-2021-44247 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...) + NOT-FOR-US: Totolink +CVE-2021-44246 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...) + NOT-FOR-US: Totolink +CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...) + NOT-FOR-US: Sourcecodester COVID 19 Testing Management System (CTMS) +CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...) + NOT-FOR-US: Sourcecodester Logistic Hub Parcel's Management System +CVE-2021-44243 + RESERVED +CVE-2021-44242 + RESERVED +CVE-2021-44241 + RESERVED +CVE-2021-44240 + RESERVED +CVE-2021-44239 + RESERVED +CVE-2021-44238 + RESERVED +CVE-2021-44237 + RESERVED +CVE-2021-44236 + RESERVED +CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in arch/ ...) + - linux <not-affected> (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7) + NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7) +CVE-2021-4031 + RESERVED +CVE-2021-4030 + RESERVED +CVE-2021-4029 + RESERVED +CVE-2021-4028 [use-after-free in RDMA listen()] + RESERVED + - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux <not-affected> (Vulnerable code not present) + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027201 + NOTE: https://git.kernel.org/linus/bc0bdc5afaa740d782fbf936aaeebd65e5c2921d (5.15-rc4) +CVE-2021-4027 + RESERVED +CVE-2021-4026 (bookstack is vulnerable to Improper Access Control ...) + NOT-FOR-US: bookstack +CVE-2021-4025 + RESERVED +CVE-2021-44235 (Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700 ...) + NOT-FOR-US: SAP +CVE-2021-44234 (SAP Business One - version 10.0, extended log stores information that ...) + NOT-FOR-US: SAP +CVE-2021-44233 (SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, doe ...) + NOT-FOR-US: SAP +CVE-2021-44232 (SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insu ...) + NOT-FOR-US: SAP +CVE-2021-44231 (Internally used text extraction reports allow an attacker to inject co ...) + NOT-FOR-US: SAP +CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows ha ...) + NOT-FOR-US: Burp Suite (different from src:burp) +CVE-2021-44229 + RESERVED +CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2. ...) + {DSA-5020-1 DLA-2842-1} + - apache-log4j2 2.15.0-1 (bug #1001478) + - apache-log4j1.2 <not-affected> (Vulnerable code not present) + NOTE: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q + NOTE: https://github.com/apache/logging-log4j2/pull/608 + NOTE: https://www.lunasec.io/docs/blog/log4j-zero-day/ + NOTE: https://issues.apache.org/jira/browse/LOG4J2-3198 + NOTE: https://github.com/apache/logging-log4j2/commit/c77b3cb39312b83b053d23a2158b99ac7de44dd3 + NOTE: The lookup is performed *after* formatting the message, which includes the user input. Hence + NOTE: the vulnerability can still be triggered using a ParametrizedMessage. +CVE-2021-4024 (A flaw was found in podman. The `podman machine` function (used to cre ...) + - libpod 3.4.3+ds1-1 (bug #1000844) + [bullseye] - libpod <not-affected> (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2026675 + NOTE: https://twitter.com/discordianfish/status/1463462371675066371 + NOTE: https://github.com/containers/podman/pull/12283 + NOTE: Introduced by: https://github.com/containers/podman/commit/7ef3981abe2412727840a2886489a08c03a05299 (v3.3.0-rc1) + NOTE: Fixed by: https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48 (main) + NOTE: Fixed by: https://github.com/containers/podman/commit/57c5e2246efeaf2fef820a482241f1cc43960c7a (v3.4.3) +CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can get a CSR ...) + - mailman <removed> + [buster] - mailman <no-dsa> (Minor issue) + [stretch] - mailman <no-dsa> (Minor issue; can be fixed with the next DLA) + NOTE: https://bugs.launchpad.net/mailman/+bug/1952384 + NOTE: Patch: https://launchpadlibrarian.net/570827498/patch.txt + NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694 + NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt +CVE-2021-44226 + RESERVED +CVE-2021-4023 + RESERVED +CVE-2021-4022 + RESERVED +CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficiently re ...) + - keepalived 1:2.2.4-0.2 + [bullseye] - keepalived 1:2.1.5-0.2+deb11u1 + [buster] - keepalived <no-dsa> (Minor issue) + [stretch] - keepalived <no-dsa> (Minor issue) + NOTE: https://github.com/acassen/keepalived/pull/2063 + NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d +CVE-2021-44224 (A crafted URI sent to httpd configured as a forward proxy (ProxyReques ...) + {DSA-5035-1 DLA-2907-1} + - apache2 2.4.52-1 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224 + NOTE: Fixed by: https://svn.apache.org/r1895955 + NOTE: Fixed by: https://svn.apache.org/r1896044 +CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin header. T ...) + - wordpress 5.8.1+dfsg1-1 + [bullseye] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented) + [buster] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented) + [stretch] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented) + NOTE: WordPress 5.8 introduces a new "Update URI" plugin header. Further mitigation + NOTE: options documented in: + NOTE: https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/ + NOTE: https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/ +CVE-2021-44222 + RESERVED +CVE-2021-44221 + RESERVED +CVE-2021-4021 + RESERVED + - radare2 <unfixed> + NOTE: https://github.com/radareorg/radare2/issues/19436 +CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input During ...) + - janus 0.11.5-4 (unimportant; bug #1000831) + NOTE: https://huntr.dev/bounties/9814baa8-7bdd-4e31-a132-d9d15653409e/ + NOTE: https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd + NOTE: Issues only in janus-demos built from src:janus +CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow ...) + - vim 2:8.2.3995-1 + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92 + NOTE: https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142 (v8.2.3669) +CVE-2021-44220 + RESERVED +CVE-2021-44219 (Gin-Vue-Admin before 2.4.6 mishandles a SQL database. ...) + NOT-FOR-US: Gin-Vue-Admin +CVE-2021-44218 + RESERVED +CVE-2021-44217 (In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting ...) + NOT-FOR-US: Ericsson +CVE-2021-44216 + RESERVED +CVE-2021-44215 + RESERVED +CVE-2021-44214 + RESERVED +CVE-2021-44213 + RESERVED +CVE-2021-44212 + RESERVED +CVE-2021-44211 + RESERVED +CVE-2021-44210 + RESERVED +CVE-2021-44209 + RESERVED +CVE-2021-44208 + RESERVED +CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. ...) + NOT-FOR-US: Acclaim USAHERDS +CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: snipe-it +CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: ShowDoc +CVE-2021-44206 (Local privilege escalation due to DLL hijacking vulnerability in Acron ...) + NOT-FOR-US: Acronis +CVE-2021-44205 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...) + NOT-FOR-US: Acronis +CVE-2021-44204 (Local privilege escalation via named pipe due to improper access contr ...) + NOT-FOR-US: Acronis +CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...) + NOT-FOR-US: Acronis +CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...) + NOT-FOR-US: Acronis +CVE-2021-44201 (Cross-site scripting (XSS) was possible in notification pop-ups. The f ...) + NOT-FOR-US: Acronis +CVE-2021-44200 (Self cross-site scripting (XSS) was possible on devices page. The foll ...) + NOT-FOR-US: Acronis +CVE-2021-44199 (DLL hijacking could lead to denial of service. The following products ...) + NOT-FOR-US: Acronis +CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The following ...) + NOT-FOR-US: Acronis +CVE-2021-44197 + RESERVED +CVE-2021-44196 + RESERVED +CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...) + NOT-FOR-US: Rapid7 Insight Agent +CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: firefly-iii +CVE-2021-4014 + RESERVED +CVE-2021-4013 + RESERVED +CVE-2021-4012 + RESERVED +CVE-2021-44195 + RESERVED +CVE-2021-44194 + RESERVED +CVE-2021-44193 + RESERVED +CVE-2021-44192 + RESERVED +CVE-2021-44191 + RESERVED +CVE-2021-44190 + RESERVED +CVE-2021-44189 + RESERVED +CVE-2021-44188 + RESERVED +CVE-2021-44187 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44186 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44185 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44184 + RESERVED +CVE-2021-44183 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + NOT-FOR-US: Adobe +CVE-2021-44182 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + NOT-FOR-US: Adobe +CVE-2021-44181 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + NOT-FOR-US: Adobe +CVE-2021-44180 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + NOT-FOR-US: Adobe +CVE-2021-44179 (Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory c ...) + NOT-FOR-US: Adobe +CVE-2021-44178 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) + NOT-FOR-US: Adobe +CVE-2021-44177 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) + NOT-FOR-US: Adobe +CVE-2021-44176 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) + NOT-FOR-US: Adobe +CVE-2021-44175 + RESERVED +CVE-2021-44174 + RESERVED +CVE-2021-44173 + RESERVED +CVE-2021-44172 + RESERVED +CVE-2021-44171 + RESERVED +CVE-2021-44170 + RESERVED +CVE-2021-44169 + RESERVED +CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...) + NOT-FOR-US: FortiGuard +CVE-2021-44167 + RESERVED +CVE-2021-44166 + RESERVED +CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) + NOT-FOR-US: Siemens +CVE-2021-44164 (Chain Sea ai chatbot system’s file upload function has insuffici ...) + NOT-FOR-US: Chain Sea +CVE-2021-44163 (Chain Sea ai chatbot backend has improper filtering of special charact ...) + NOT-FOR-US: Chain Sea +CVE-2021-44162 (Chain Sea ai chatbot system’s specific file download function ha ...) + NOT-FOR-US: Chain Sea +CVE-2021-44161 (Changing MOTP (Mobile One Time Password) system’s specific funct ...) + NOT-FOR-US: MOTP (Mobile One Time Password) system& +CVE-2021-44160 (Carinal Tien Hospital Health Report System’s login page has impr ...) + NOT-FOR-US: Carinal Tien Hospital Health Report System& +CVE-2021-44159 (4MOSAn GCB Doctor’s file upload function has improper user privi ...) + NOT-FOR-US: 4MOSAn GCB Doctor +CVE-2021-44158 (ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflo ...) + NOT-FOR-US: ASUS +CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) + {DSA-5027-1 DLA-2869-1} + - xorg-server 2:1.20.13-3 + - xwayland 2:21.1.4-1 + NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e56f61c79fc3cee26d83cda0f84ae56d5979f768 +CVE-2021-4010 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) + {DSA-5027-1} + - xorg-server 2:1.20.13-3 + [stretch] - xorg-server <not-affected> (Vulnerable code introduced later) + - xwayland 2:21.1.4-1 + NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21 +CVE-2021-4009 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) + {DSA-5027-1 DLA-2869-1} + - xorg-server 2:1.20.13-3 + - xwayland 2:21.1.4-1 + NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b5196750099ae6ae582e1f46bd0a6dad29550e02 +CVE-2021-4008 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) + {DSA-5027-1 DLA-2869-1} + - xorg-server 2:1.20.13-3 + - xwayland 2:21.1.4-1 + NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60 +CVE-2021-4007 (Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local ...) + NOT-FOR-US: Rapid7 Insight Agent +CVE-2021-4006 + RESERVED +CVE-2021-4005 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: firefly-iii +CVE-2021-44157 + RESERVED +CVE-2021-44156 + RESERVED +CVE-2021-44155 (An issue was discovered in /goform/login_process in Reprise RLM 14.2. ...) + NOT-FOR-US: Reprise RLM +CVE-2021-44154 (An issue was discovered in Reprise RLM 14.2. By using an admin account ...) + NOT-FOR-US: Reprise RLM +CVE-2021-44153 (An issue was discovered in Reprise RLM 14.2. When editing the license ...) + NOT-FOR-US: Reprise RLM +CVE-2021-44152 (An issue was discovered in Reprise RLM 14.2. Because /goform/change_pa ...) + NOT-FOR-US: Reprise RLM +CVE-2021-44151 (An issue was discovered in Reprise RLM 14.2. As the session cookies ar ...) + NOT-FOR-US: Reprise RLM +CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...) + NOT-FOR-US: tusdotnet +CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through ...) + NOT-FOR-US: Linaro/OP-TEE OP-TEE +CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...) + NOT-FOR-US: GL.iNet +CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...) + NOT-FOR-US: Claris +CVE-2021-44146 + RESERVED +CVE-2021-44145 (In the TransformXML processor of Apache NiFi before 1.15.1 an authenti ...) + NOT-FOR-US: Apache NiFi +CVE-2021-44144 (Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with ...) + NOT-FOR-US: Croatia Control Asterix +CVE-2021-4004 + RESERVED +CVE-2021-4003 + RESERVED +CVE-2021-4002 [hugetlbfs: flush TLBs correctly after huge_pmd_unshare] + RESERVED + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/25/1 + NOTE: https://git.kernel.org/linus/a4a118f2eead1d6c49e00765de89878288d4b890 +CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unc ...) + - isync 1.4.4-1 (bug #999804) + [bullseye] - isync <not-affected> (Vulnerable code introduced later) + [buster] - isync <not-affected> (Vulnerable code introduced later) + [stretch] - isync <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/2 +CVE-2021-44142 (The Samba vfs_fruit module uses extended file attributes (EA, xattr) t ...) + {DSA-5071-1} + - samba <unfixed> (bug #1004693) + NOTE: https://www.samba.org/samba/security/CVE-2021-44142.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14914 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-244/ + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-245/ + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-246/ +CVE-2021-44141 (All versions of Samba prior to 4.15.5 are vulnerable to a malicious cl ...) + - samba <unfixed> (bug #1004692) + [bullseye] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists) + [buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists) + NOTE: https://www.samba.org/samba/security/CVE-2021-44141.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14911 +CVE-2021-44140 (Remote attackers may delete arbitrary files in a system hosting a JSPW ...) + - jspwiki <removed> +CVE-2021-44139 + RESERVED +CVE-2021-44138 + RESERVED +CVE-2021-44137 + RESERVED +CVE-2021-44136 + RESERVED +CVE-2021-44135 + RESERVED +CVE-2021-44134 + RESERVED +CVE-2021-44133 + RESERVED +CVE-2021-44132 + RESERVED +CVE-2021-44131 + RESERVED +CVE-2021-44130 + RESERVED +CVE-2021-44129 + RESERVED +CVE-2021-44128 + RESERVED +CVE-2021-44127 + RESERVED +CVE-2021-44126 + RESERVED +CVE-2021-44125 + RESERVED +CVE-2021-44124 + RESERVED +CVE-2021-44123 (SPIP 4.0.0 is affected by a remote command execution vulnerability. To ...) + {DSA-5028-1 DLA-2867-1} + - spip 3.2.12-1 + NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a (master) + NOTE: https://git.spip.net/spip/spip/commit/97e2888e9c92ad4bd68e8f80079583249714fbfa (v4.0.1) + NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html +CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ...) + {DSA-5028-1 DLA-2867-1} + - spip 3.2.12-1 + NOTE: https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db + NOTE: https://git.spip.net/spip/spip/commit/fea5b5b4507cc9c0b9e91bbfbf34fe40b0bea805 (v3.2.12) + NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html +CVE-2021-44121 + REJECTED +CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...) + {DSA-5028-1 DLA-2867-1} + - spip 3.2.12-1 + NOTE: https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81 + NOTE: https://git.spip.net/spip/spip/commit/361cc26080d1377bc55d2cb80736e5cfaf5fd242 (v3.2.12) + NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html +CVE-2021-44119 + RESERVED +CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. ...) + {DSA-5028-1 DLA-2867-1} + - spip 3.2.12-1 + NOTE: https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba + NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a + NOTE: https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357 + NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html +CVE-2021-44117 + RESERVED +CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12 ...) + NOT-FOR-US: Anchor CMS +CVE-2021-44115 + RESERVED +CVE-2021-44114 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stoc ...) + NOT-FOR-US: Sourcecodester +CVE-2021-44113 + RESERVED +CVE-2021-44112 + RESERVED +CVE-2021-44111 (A Directory Traversal vulnerability exists in S-Cart 6.7 via download ...) + NOT-FOR-US: S-Cart +CVE-2021-44110 + RESERVED +CVE-2021-44109 + RESERVED +CVE-2021-44108 + RESERVED +CVE-2021-44107 + RESERVED +CVE-2021-44106 + RESERVED +CVE-2021-44105 + RESERVED +CVE-2021-44104 + RESERVED +CVE-2021-44103 + RESERVED +CVE-2021-44102 + RESERVED +CVE-2021-44101 + RESERVED +CVE-2021-44100 + RESERVED +CVE-2021-44099 + RESERVED +CVE-2021-44098 + RESERVED +CVE-2021-44097 + RESERVED +CVE-2021-44096 + RESERVED +CVE-2021-44095 + RESERVED +CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plugin dow ...) + NOT-FOR-US: zrlog +CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...) + NOT-FOR-US: zrlog +CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...) + NOT-FOR-US: code-projects Pharmacy Management +CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...) + NOT-FOR-US: Sourcecodester Multi Restaurant Table Reservation System +CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...) + NOT-FOR-US: Sourcecodester Online Reviewer System +CVE-2021-44089 + RESERVED +CVE-2021-44088 + RESERVED +CVE-2021-44087 + RESERVED +CVE-2021-44086 + RESERVED +CVE-2021-44085 + RESERVED +CVE-2021-44084 + RESERVED +CVE-2021-44083 + RESERVED +CVE-2021-44082 + RESERVED +CVE-2021-44081 + RESERVED +CVE-2021-44080 + RESERVED +CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...) + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/353050be4c19e102178ccc05988101887c25ae53 +CVE-2021-4000 (showdoc is vulnerable to URL Redirection to Untrusted Site ...) + NOT-FOR-US: ShowDoc +CVE-2021-3999 [Off-by-one buffer overflow/underflow in getcwd()] + RESERVED + - glibc 2.33-4 + [bullseye] - glibc <no-dsa> (Minor issue) + [buster] - glibc <no-dsa> (Minor issue) + [stretch] - glibc <no-dsa> (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28769 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=472e799a5f2102bc0c3206dbd5a801765fceb39c +CVE-2021-3998 [Unexpected return value from realpath() for too long results] + RESERVED + - glibc 2.33-4 + [bullseye] - glibc <no-dsa> (Minor issue) + [buster] - glibc <no-dsa> (Minor issue) + [stretch] - glibc <no-dsa> (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28770 + NOTE: https://patchwork.sourceware.org/project/glibc/patch/20220113055920.3155918-1-siddhesh@sourceware.org/ + NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ee8d5e33adb284601c00c94687bc907e10aec9bb + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7a79879c0b2bef0dadd6caaaeeb0d26423e04e5 +CVE-2021-3997 [Uncontrolled recursion in systemd's systemd-tmpfiles] + RESERVED + - systemd 250.2-1 (bug #1003467) + [bullseye] - systemd <no-dsa> (Minor issue; can be fixed via point release) + [buster] - systemd <ignored> (Minor issue; not exploitable before upstream commit e535840) + [stretch] - systemd <ignored> (Minor issue; utility segfault; not exploitable before upstream commit e535840, PoC doesn't segfault on stretch) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024639 + NOTE: https://github.com/systemd/systemd/pull/22070 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/2 + NOTE: Exploitable after (but present before): https://github.com/systemd/systemd/commit/e5358401b5df8d395e99815b7a69b8424887472c (v242-rc1) + NOTE: PoC still crashes on jessie/215-17+deb8u14 + NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/3bac86abfa1b1720180840ffb9d06b3d54841c11 + NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/84ced330020c0bae57bd4628f1f44eec91304e69 + NOTE: Fixed by: https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1 +CVE-2021-44079 (In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, ...) + NOT-FOR-US: Wazuh +CVE-2021-3996 + RESERVED + {DSA-5055-1} + - util-linux 2.37.3-1 + [buster] - util-linux <not-affected> (Vulnerable code introduced later) + [stretch] - util-linux <not-affected> (Vulnerable code introduced later) + NOTE: Introduced by: https://github.com/util-linux/util-linux/commit/5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34-rc1) + NOTE: Fixed by: https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b (v2.37.3) + NOTE: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes + NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2 +CVE-2021-3995 + RESERVED + {DSA-5055-1} + - util-linux 2.37.3-1 + [buster] - util-linux <not-affected> (Vulnerable code introduced later) + [stretch] - util-linux <not-affected> (Vulnerable code introduced later) + NOTE: Introduced by: https://github.com/util-linux/util-linux/commit/5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34-rc1) + NOTE: Fixed by: https://github.com/util-linux/util-linux/commit/f3db9bd609494099f0c1b95231c5dfe383346929 (v2.37.3) + NOTE: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes + NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2 +CVE-2021-3994 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...) + NOT-FOR-US: django-helpdesk +CVE-2021-3993 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: ShowDoc +CVE-2021-3992 (kimai2 is vulnerable to Improper Access Control ...) + NOT-FOR-US: kimai2 +CVE-2021-44078 (An issue was discovered in split_region in uc.c in Unicorn Engine befo ...) + NOT-FOR-US: Unicorn Engine +CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-3991 + RESERVED +CVE-2021-3990 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...) + NOT-FOR-US: ShowDoc +CVE-2021-3989 (showdoc is vulnerable to URL Redirection to Untrusted Site ...) + NOT-FOR-US: ShowDoc +CVE-2021-3988 + RESERVED +CVE-2021-3987 + RESERVED +CVE-2021-3986 + RESERVED +CVE-2021-44076 + RESERVED +CVE-2021-44075 + RESERVED +CVE-2021-44074 + RESERVED +CVE-2021-44073 + RESERVED +CVE-2021-44072 + RESERVED +CVE-2021-44071 + RESERVED +CVE-2021-44070 + RESERVED +CVE-2021-44069 + RESERVED +CVE-2021-44068 + RESERVED +CVE-2021-44067 + RESERVED +CVE-2021-44066 + RESERVED +CVE-2021-44065 + RESERVED +CVE-2021-44064 + RESERVED +CVE-2021-44063 + RESERVED +CVE-2021-44062 + RESERVED +CVE-2021-44061 + RESERVED +CVE-2021-44060 + RESERVED +CVE-2021-44059 + RESERVED +CVE-2021-44058 + RESERVED +CVE-2021-44057 + RESERVED +CVE-2021-44056 + RESERVED +CVE-2021-44055 + RESERVED +CVE-2021-44054 + RESERVED +CVE-2021-44053 + RESERVED +CVE-2021-44052 + RESERVED +CVE-2021-44051 + RESERVED +CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...) + NOT-FOR-US: CA Network Flow Analysis (NFA) +CVE-2021-44049 (CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 20 ...) + NOT-FOR-US: CyberArk Endpoint Privilege Manager (EPM) +CVE-2021-44048 (An out-of-bounds write vulnerability exists when reading a TIF file us ...) + NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer +CVE-2021-44047 (A use-after-free vulnerability exists when reading a DWF/DWFX file usi ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44046 (An out-of-bounds write vulnerability exists when reading U3D files in ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44045 (An out-of-bounds write vulnerability exists when reading a DGN file us ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44044 (An out-of-bounds write vulnerability exists when reading a JPG file us ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44043 (An issue was discovered in UiPath App Studio 21.4.4. There is a persis ...) + NOT-FOR-US: UiPath +CVE-2021-44042 (An issue was discovered in UiPath Assistant 21.4.4. User-controlled da ...) + NOT-FOR-US: UiPath +CVE-2021-44041 (UiPath Assistant 21.4.4 will load and execute attacker controlled data ...) + NOT-FOR-US: UiPath +CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...) + NOT-FOR-US: kimai2 +CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...) + - vim 2:8.2.3995-1 (bug #1001896) + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a + NOTE: https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655 (v8.2.3625) +CVE-2021-3983 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...) + NOT-FOR-US: kimai2 +CVE-2021-44040 + RESERVED +CVE-2021-44039 + RESERVED +CVE-2021-44038 (An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod op ...) + - quagga <removed> + [buster] - quagga <no-dsa> (Minor issue) + [stretch] - quagga <postponed> (revisit when/if fixed upstream) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1191890 + NOTE: Debian installed systemd unit files install the problematic redhat/*.service + NOTE: files with the unsafe chmod/chown calls in the Debian packaging. +CVE-2021-44037 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 allo ...) + NOT-FOR-US: Team Password Manager (aka TeamPasswordManager) +CVE-2021-44036 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 has ...) + NOT-FOR-US: Team Password Manager (aka TeamPasswordManager) +CVE-2021-44035 (Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads ...) + NOT-FOR-US: Wolters Kluwer TeamMate AM +CVE-2021-3982 [Distributions using CAP_SYS_NICE in gnome-shell may be exposed to privilege escalation] + RESERVED + - gnome-shell <not-affected> (Debian packaging does not set cap_sys_nice+ep on gnome-shell binary) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024174 + NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/4711 + NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284 +CVE-2021-3981 [Incorrect permission in grub.cfg allow unprivileged user to read the file content] + RESERVED + - grub2 <unfixed> (bug #1001414) + [bullseye] - grub2 <not-affected> (Vulnerable code introduced later) + [buster] - grub2 <not-affected> (Vulnerable code introduced later) + [stretch] - grub2 <not-affected> (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024170 + NOTE: Introduced by: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=ab2e53c8a196a595e50f1c836bf756b9db1ae68d (grub-2.06-rc1) + NOTE: https://lists.gnu.org/archive/html/grub-devel/2021-12/msg00013.html +CVE-2021-3980 (elgg is vulnerable to Exposure of Private Personal Information to an U ...) + - elgg <itp> (bug #526197) +CVE-2021-3979 [ceph: Ceph volume does not honour osd_dmcrypt_key_size] + RESERVED + - ceph <unfixed> + [bullseye] - ceph <no-dsa> (Minor issue) + [buster] - ceph <no-dsa> (Minor issue) + [stretch] - ceph <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/5 +CVE-2021-44034 + RESERVED +CVE-2021-44033 (In Ionic Identity Vault before 5.0.5, the protection mechanism for inv ...) + NOT-FOR-US: Ionic Identity Vault +CVE-2021-44032 + RESERVED +CVE-2021-44031 (An issue was discovered in Quest KACE Desktop Authority before 11.2. / ...) + NOT-FOR-US: Quest KACE Desktop Authority +CVE-2021-44030 (Quest KACE Desktop Authority before 11.2 allows XSS because it does no ...) + NOT-FOR-US: Quest KACE Desktop Authority +CVE-2021-44029 (An issue was discovered in Quest KACE Desktop Authority before 11.2. T ...) + NOT-FOR-US: Quest KACE Desktop Authority +CVE-2021-44028 (XXE can occur in Quest KACE Desktop Authority before 11.2 because the ...) + NOT-FOR-US: Quest KACE Desktop Authority +CVE-2021-44027 + RESERVED +CVE-2021-44024 (A link following denial-of-service vulnerability in Trend Micro Apex O ...) + NOT-FOR-US: Trend Micro +CVE-2021-44023 (A link following denial-of-service (DoS) vulnerability in the Trend Mi ...) + NOT-FOR-US: Trend Micro +CVE-2021-44022 (A reachable assertion vulnerability in Trend Micro Apex One could allo ...) + NOT-FOR-US: Trend Micro +CVE-2021-44021 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...) + NOT-FOR-US: Trend Micro +CVE-2021-44020 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...) + NOT-FOR-US: Trend Micro +CVE-2021-44019 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...) + NOT-FOR-US: Trend Micro +CVE-2021-3978 + RESERVED +CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During ...) + NOT-FOR-US: invoiceninja +CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...) + NOT-FOR-US: JT2Go / Siemens +CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...) + NOT-FOR-US: JT2Go / Siemens +CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44014 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44013 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44012 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44011 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44010 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44009 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44008 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44007 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44006 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44005 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44004 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44003 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: Siemens +CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...) + NOT-FOR-US: JT2Go / Siemens +CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...) + - guacamole-client <unfixed> + [stretch] - guacamole-client <not-affected> (SAML is not supported) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/7 +CVE-2021-3976 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: kimai2 +CVE-2021-3975 [segmentation fault during VM shutdown can lead to vdsm hung] + RESERVED + - libvirt 7.6.0-1 + [bullseye] - libvirt <no-dsa> (Minor issue) + [buster] - libvirt <no-dsa> (Minor issue) + [stretch] - libvirt <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024326 + NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 (v7.1.0-rc2) +CVE-2021-44025 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ...) + {DSA-5013-1 DLA-2840-1} + - roundcube 1.5.0+dfsg.1-1 (bug #1000156) + NOTE: https://github.com/roundcube/roundcubemail/issues/8193 + NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12) + NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17) +CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potentia ...) + {DSA-5013-1 DLA-2840-1} + - roundcube 1.5.0+dfsg.1-1 (bug #1000156) + NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12) + NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17) +CVE-2021-43998 (HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 temp ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-43997 (Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU p ...) + NOT-FOR-US: Amazon FreeRTOS +CVE-2021-43996 (The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Lar ...) + NOT-FOR-US: Laravel Ignition component +CVE-2021-43995 + RESERVED +CVE-2021-43994 + RESERVED +CVE-2021-43993 + RESERVED +CVE-2021-43992 + RESERVED +CVE-2021-43991 (The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable t ...) + NOT-FOR-US: Kentico Xperience CMS +CVE-2021-43990 + RESERVED +CVE-2021-43989 (mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, wh ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-43988 + RESERVED +CVE-2021-43987 (An additional, nondocumented administrative account exists in mySCADA ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-43986 + RESERVED +CVE-2021-43985 (An unauthenticated remote attacker can access mySCADA myPRO Versions 8 ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-43984 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmw ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-43983 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to mult ...) + NOT-FOR-US: WECON LeviStudioU +CVE-2021-43982 (Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to ...) + NOT-FOR-US: Delta +CVE-2021-43981 (mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-43980 + RESERVED +CVE-2021-43979 (** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 ...) + NOT-FOR-US: Styra Open Policy Agent (OPA) Gatekeeper +CVE-2021-43978 (Allegro WIndows 3.3.4152.0, embeds software administrator database cre ...) + NOT-FOR-US: Allegro WIndows +CVE-2021-43977 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows X ...) + NOT-FOR-US: SmarterTools +CVE-2021-43976 (In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wi ...) + - linux 5.15.15-2 + NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/ +CVE-2021-43975 (In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in driver ...) + - linux 5.15.5-2 + [bullseye] - linux 5.10.84-1 + NOTE: https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/ +CVE-2021-43974 (An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg en ...) + NOT-FOR-US: SysAid ITIL +CVE-2021-43973 (An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysA ...) + NOT-FOR-US: SysAid ITIL +CVE-2021-43972 (An unrestricted file copy vulnerability in /UserSelfServiceSettings.js ...) + NOT-FOR-US: SysAid ITIL +CVE-2021-43971 (A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITI ...) + NOT-FOR-US: SysAid ITIL +CVE-2021-43970 + RESERVED +CVE-2021-43969 + RESERVED +CVE-2021-43968 + RESERVED +CVE-2021-43967 + RESERVED +CVE-2021-43966 + RESERVED +CVE-2021-43965 + RESERVED +CVE-2021-43964 + RESERVED +CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. ...) + NOT-FOR-US: Couchbase Sync Gateway +CVE-2021-43962 + RESERVED +CVE-2021-43961 + RESERVED +CVE-2021-43960 (** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an ...) + NOT-FOR-US: Lorensbergs Connect2 +CVE-2021-3974 (vim is vulnerable to Use After Free ...) + - vim 2:8.2.3995-1 (bug #1001897) + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) + [stretch] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4 + NOTE: https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 (v8.2.3612) +CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow ...) + - vim 2:8.2.3995-1 (bug #1001899) + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) + [stretch] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e + NOTE: https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 (v8.2.3611) +CVE-2021-3972 + RESERVED +CVE-2021-3971 + RESERVED +CVE-2021-3970 + RESERVED +CVE-2021-3969 + RESERVED +CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...) + - vim 2:8.2.3995-1 (bug #1001900) + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) + [stretch] - vim <not-affected> (Vulnerable code not present) + NOTE: https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528/ + NOTE: https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69 (v8.2.3610) +CVE-2021-43959 + RESERVED +CVE-2021-43958 + RESERVED +CVE-2021-43957 + RESERVED +CVE-2021-43956 + RESERVED +CVE-2021-43955 + RESERVED +CVE-2021-43954 + RESERVED +CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) + NOT-FOR-US: Atlassian +CVE-2021-43952 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) + NOT-FOR-US: Atlassian +CVE-2021-43951 (Affected versions of Atlassian Jira Service Management Server and Data ...) + NOT-FOR-US: Atlassian +CVE-2021-43950 (Affected versions of Atlassian Jira Service Management Server and Data ...) + NOT-FOR-US: Atlassian +CVE-2021-43949 (Affected versions of Atlassian Jira Service Management Server and Data ...) + NOT-FOR-US: Atlassian +CVE-2021-43948 (Affected versions of Atlassian Jira Service Management Server and Data ...) + NOT-FOR-US: Atlassian +CVE-2021-43947 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) + NOT-FOR-US: Atlassian +CVE-2021-43945 + RESERVED +CVE-2021-43944 + RESERVED +CVE-2021-43943 + RESERVED +CVE-2021-43942 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-43941 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data Center allow ...) + NOT-FOR-US: Atlassian Confluence +CVE-2021-43939 + RESERVED +CVE-2021-43938 + RESERVED +CVE-2021-43937 + RESERVED +CVE-2021-43936 (The software allows the attacker to upload or transfer files of danger ...) + NOT-FOR-US: Distributed Data Systems +CVE-2021-43935 (The impacted products, when configured to use SSO, are affected by an ...) + NOT-FOR-US: Hillrom +CVE-2021-43934 + RESERVED +CVE-2021-43933 + RESERVED +CVE-2021-43932 + RESERVED +CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but the im ...) + NOT-FOR-US: Distributed Data Systems +CVE-2021-43930 + RESERVED +CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...) + NOT-FOR-US: Synology +CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...) + NOT-FOR-US: Synology +CVE-2021-43927 (Improper neutralization of special elements used in an SQL command ('S ...) + NOT-FOR-US: Synology +CVE-2021-43926 (Improper neutralization of special elements used in an SQL command ('S ...) + NOT-FOR-US: Synology +CVE-2021-43925 (Improper neutralization of special elements used in an SQL command ('S ...) + NOT-FOR-US: Synology +CVE-2021-43924 + RESERVED +CVE-2021-43923 + RESERVED +CVE-2021-43922 + RESERVED +CVE-2021-43921 + RESERVED +CVE-2021-43920 + RESERVED +CVE-2021-43919 + RESERVED +CVE-2021-43918 + RESERVED +CVE-2021-43917 + RESERVED +CVE-2021-43916 + RESERVED +CVE-2021-43915 + RESERVED +CVE-2021-43914 + RESERVED +CVE-2021-43913 + RESERVED +CVE-2021-43912 + RESERVED +CVE-2021-43911 + RESERVED +CVE-2021-43910 + RESERVED +CVE-2021-43909 + RESERVED +CVE-2021-43908 (Visual Studio Code Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43907 (Visual Studio Code WSL Extension Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43906 + RESERVED +CVE-2021-43905 (Microsoft Office app Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43904 + RESERVED +CVE-2021-43903 + RESERVED +CVE-2021-43902 + RESERVED +CVE-2021-43901 + RESERVED +CVE-2021-43900 + RESERVED +CVE-2021-43899 (Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2021-43898 + RESERVED +CVE-2021-43897 + RESERVED +CVE-2021-43896 (Microsoft PowerShell Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43895 + RESERVED +CVE-2021-43894 + RESERVED +CVE-2021-43893 (Windows Encrypting File System (EFS) Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2021-43892 (Microsoft BizTalk ESB Toolkit Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43891 (Visual Studio Code Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43890 (Windows AppX Installer Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43889 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-43888 (Microsoft Defender for IoT Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43887 + RESERVED +CVE-2021-43886 + RESERVED +CVE-2021-43885 + RESERVED +CVE-2021-43884 + RESERVED +CVE-2021-43883 (Windows Installer Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43882 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-43881 + RESERVED +CVE-2021-43880 (Windows Mobile Device Management Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43879 + RESERVED +CVE-2021-43878 + RESERVED +CVE-2021-43877 (ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability ...) + NOT-FOR-US: .NET core +CVE-2021-43876 (Microsoft SharePoint Elevation of Privilege Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2021-43875 (Microsoft Office Graphics Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43874 + RESERVED +CVE-2021-43873 + RESERVED +CVE-2021-43872 + RESERVED +CVE-2021-43871 + RESERVED +CVE-2021-43870 + RESERVED +CVE-2021-43869 + RESERVED +CVE-2021-43868 + RESERVED +CVE-2021-43867 + RESERVED +CVE-2021-43866 + RESERVED +CVE-2021-43865 + RESERVED +CVE-2021-43864 + RESERVED +CVE-2021-43863 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...) + NOT-FOR-US: Nextcloud Android app +CVE-2021-43862 (jQuery Terminal Emulator is a plugin for creating command line interpr ...) + NOT-FOR-US: jQuery Terminal Emulator +CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that uses ...) + - node-mermaid 8.13.8+~cs10.4.16-1 + [bullseye] - node-mermaid <no-dsa> (Minor issue) + NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v + NOTE: https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83 +CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution framework. ...) + {DSA-5049-1} + - flatpak 1.12.3-1 + [buster] - flatpak <ignored> (Intrusive and risky to backport) + [stretch] - flatpak <ignored> (Intrusive and risky to backport) + NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j + NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e + NOTE: https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee + NOTE: https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451 + NOTE: https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042 +CVE-2021-43859 (XStream is an open source java library to serialize objects to XML and ...) + {DLA-2924-1} + - libxstream-java <unfixed> + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf + NOTE: https://x-stream.github.io/CVE-2021-43859.html + NOTE: https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846 +CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage. Prior to v ...) + NOT-FOR-US: MinIO +CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy prior to ...) + NOT-FOR-US: Gerapy +CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is ...) + NOT-FOR-US: Wiki.js +CVE-2021-43855 (Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is ...) + NOT-FOR-US: Wiki.js +CVE-2021-43854 (NLTK (Natural Language Toolkit) is a suite of open source Python modul ...) + - nltk 3.6.7-1 (bug #1002623) + [bullseye] - nltk <no-dsa> (Minor issue) + [buster] - nltk <no-dsa> (Minor issue) + [stretch] - nltk <no-dsa> (Minor issue) + NOTE: https://github.com/nltk/nltk/security/advisories/GHSA-f8m6-h2c7-8h9x + NOTE: https://github.com/nltk/nltk/issues/2866 + NOTE: https://github.com/nltk/nltk/pull/2869 + NOTE: https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 (3.6.6) +CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available for Mic ...) + NOT-FOR-US: Ajax.NET Professional +CVE-2021-43852 (OroPlatform is a PHP Business Application Platform. In affected versio ...) + NOT-FOR-US: OroPlatform +CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) + NOT-FOR-US: Anuko Time Tracker +CVE-2021-43850 (Discourse is an open source platform for community discussion. In affe ...) + NOT-FOR-US: Discourse +CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single and simpl ...) + NOT-FOR-US: cordova-plugin-fingerprint-aio +CVE-2021-43848 (h2o is an open source http server. In code prior to the `8c0eca3` comm ...) + - h2o <not-affected> (Vulnerable code not yet uploaded) + NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4 + NOTE: Introduced by: https://github.com/h2o/h2o/commit/93af1383b248e9284ba5f63211b4fbb4c828d060 + NOTE: Fixed by: https://github.com/h2o/h2o/commit/8c0eca3d9bc1f08e7c6bdf57645f3d54aed7d844 +CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prior to H ...) + NOT-FOR-US: HumHub Social Network Kit Enterprise +CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...) + NOT-FOR-US: solidus_frontend +CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...) + - asterisk <unfixed> + - pjproject <removed> + - ring <unfixed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh + NOTE: https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859 + NOTE: https://github.com/pjsip/pjproject/pull/2924 +CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weather, a ...) + NOT-FOR-US: MSEdgeRedirect +CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...) + NOT-FOR-US: jsx-slack +CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...) + NOT-FOR-US: Wiki.js +CVE-2021-43841 (XWiki is a generic wiki platform offering runtime services for applica ...) + NOT-FOR-US: XWiki +CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In ...) + NOT-FOR-US: Discourse Message Bus middleware +CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...) + NOT-FOR-US: Cronos +CVE-2021-43838 (jsx-slack is a library for building JSON objects for Slack Block Kit s ...) + NOT-FOR-US: jsx-slack +CVE-2021-43837 (vault-cli is a configurable command-line interface tool (and python li ...) + NOT-FOR-US: Hashicorp vault-cli +CVE-2021-43836 (Sulu is an open-source PHP content management system based on the Symf ...) + NOT-FOR-US: Sulu +CVE-2021-43835 (Sulu is an open-source PHP content management system based on the Symf ...) + NOT-FOR-US: Sulu +CVE-2021-43834 (eLabFTW is an electronic lab notebook manager for research teams. In v ...) + NOT-FOR-US: eLabFTW +CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research teams. In v ...) + NOT-FOR-US: eLabFTW +CVE-2021-43832 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) + NOT-FOR-US: Spinnaker +CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...) + NOT-FOR-US: gradio +CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...) + NOT-FOR-US: OpenProject +CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating Security ...) + NOT-FOR-US: PatrOwl +CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating Security ...) + NOT-FOR-US: PatrOwl +CVE-2021-43827 (discourse-footnote is a library providing footnotes for posts in Disco ...) + NOT-FOR-US: discourse-footnote +CVE-2021-43826 + RESERVED +CVE-2021-43825 + RESERVED +CVE-2021-43824 + RESERVED +CVE-2021-43823 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...) + NOT-FOR-US: Sourcegraph +CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP Content Reposi ...) + NOT-FOR-US: Jackalope Doctrine-DBAL +CVE-2021-43821 (Opencast is an Open Source Lecture Capture & Video Management for ...) + NOT-FOR-US: Opencast +CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is used i ...) + - seafile-server <itp> (bug #865830) + NOTE: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8 + NOTE: https://github.com/haiwen/seafile-server/pull/520 +CVE-2021-43819 + RESERVED +CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language. ...) + {DSA-5043-1 DLA-2871-1} + - lxml 4.7.1-1 (bug #1001885) + NOTE: https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8 + NOTE: https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a (lxml-4.6.5) + NOTE: https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 (lxml-4.6.5) +CVE-2021-43817 (Collabora Online is a collaborative online office suite based on Libre ...) + NOT-FOR-US: Collabora Online +CVE-2021-43816 (containerd is an open source container runtime. On installations using ...) + - containerd 1.5.9~ds1-1 + [bullseye] - containerd <not-affected> (Vulnerable code introduced in 1.5.0) + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c + NOTE: Fixed by: https://github.com/containerd/containerd/commit/1407cab509ff0d96baa4f0eb6ff9980270e6e620 +CVE-2021-43815 (Grafana is an open-source platform for monitoring and observability. G ...) + - grafana <removed> +CVE-2021-43814 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) + NOT-FOR-US: Rizin +CVE-2021-43813 (Grafana is an open-source platform for monitoring and observability. G ...) + - grafana <removed> +CVE-2021-43812 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...) + NOT-FOR-US: Auth0 Next.js SDK +CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...) + NOT-FOR-US: Sockeye +CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...) + NOT-FOR-US: Admidio +CVE-2021-43809 (`Bundler` is a package for managing application dependencies in Ruby. ...) + - rubygems 3.3.5-1 + NOTE: https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43 + NOTE: https://github.com/rubygems/rubygems/commit/90b1ed8b9f8b636aa8c913f7b5a764a2e03d179c (v3.3.0) + NOTE: https://github.com/rubygems/rubygems/pull/5142 +CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...) + - php-laravel-framework 6.20.14+dfsg-3 (bug #1001333) + [bullseye] - php-laravel-framework <no-dsa> (Minor issue; can be fixed via point release) + NOTE: https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw + NOTE: https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b (v6.20.42) +CVE-2021-43807 (Opencast is an Open Source Lecture Capture & Video Management for ...) + NOT-FOR-US: Opencast +CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceability of ...) + NOT-FOR-US: Tuleap +CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...) + NOT-FOR-US: Solidus +CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...) + - asterisk <unfixed> + - pjproject <removed> + - ring <unfixed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9 + NOTE: https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e +CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...) + NOT-FOR-US: next.js +CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...) + - etherpad-lite <itp> (bug #576998) +CVE-2021-43801 (Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8 ...) + NOT-FOR-US: Mercurius +CVE-2021-43800 (Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, dire ...) + NOT-FOR-US: Wiki.js +CVE-2021-43799 (Zulip is an open-source team collaboration tool. Zulip Server installs ...) + - zulip-server <itp> (bug #800052) +CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...) + - grafana <removed> +CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...) + - netty <unfixed> (bug #1001437) + [bullseye] - netty <no-dsa> (Minor issue) + [buster] - netty <no-dsa> (Minor issue) + [stretch] - netty <no-dsa> (Minor issue) + NOTE: https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq + NOTE: https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 (netty-4.1.71.Final) +CVE-2021-43796 + RESERVED +CVE-2021-43795 (Armeria is an open source microservice framework. In affected versions ...) + NOT-FOR-US: Armeria +CVE-2021-43794 (Discourse is an open source discussion platform. In affected versions ...) + NOT-FOR-US: Discourse +CVE-2021-43793 (Discourse is an open source discussion platform. In affected versions ...) + NOT-FOR-US: Discourse +CVE-2021-43792 (Discourse is an open source discussion platform. In affected versions ...) + NOT-FOR-US: Discourse +CVE-2021-43791 (Zulip is an open source group chat application that combines real-time ...) + - zulip-server <itp> (bug #800052) +CVE-2021-43790 (Lucet is a native WebAssembly compiler and runtime. There is a bug in ...) + NOT-FOR-US: Lucet +CVE-2021-43789 (PrestaShop is an Open Source e-commerce web application. Versions of P ...) + NOT-FOR-US: PrestaShop +CVE-2021-43788 (Nodebb is an open source Node.js based forum software. Prior to v1.18. ...) + NOT-FOR-US: Nodebb +CVE-2021-43787 (Nodebb is an open source Node.js based forum software. In affected ver ...) + NOT-FOR-US: Nodebb +CVE-2021-43786 (Nodebb is an open source Node.js based forum software. In affected ver ...) + NOT-FOR-US: Nodebb +CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker componen ...) + NOT-FOR-US: @joeattardi/emoji-button +CVE-2021-43784 (runc is a CLI tool for spawning and running containers on Linux accord ...) + {DLA-2841-1} + - runc 1.0.3+ds1-1 + [bullseye] - runc <ignored> (Minor issue; not exploitable in 1.0.0) + [buster] - runc <ignored> (Minor issue; not exploitable in 1.0.0) + NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f + NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/1 + NOTE: Fixed by: https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae +CVE-2021-43783 (@backstage/plugin-scaffolder-backend is the backend for the default Ba ...) + NOT-FOR-US: @backstage/plugin-scaffolder-backend +CVE-2021-43782 (Tuleap is a Libre and Open Source tool for end to end traceability of ...) + NOT-FOR-US: Tuleap +CVE-2021-43781 (Invenio-Drafts-Resources is a submission/deposit module for Invenio, a ...) + NOT-FOR-US: Invenio-Drafts-Resources +CVE-2021-43780 (Redash is a package for data visualization and sharing. In versions 10 ...) + NOT-FOR-US: Redash +CVE-2021-43779 (GLPI is an open source IT Asset Management, issue tracking system and ...) + - glpi <removed> (unimportant) + NOTE: https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh + NOTE: Only supported behind an authenticated HTTP zone +CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI inst ...) + NOT-FOR-US: GLPI plugin +CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...) + NOT-FOR-US: Redash +CVE-2021-43776 (Backstage is an open platform for building developer portals. In affec ...) + NOT-FOR-US: Backstage +CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment trackin ...) + NOT-FOR-US: Aim +CVE-2021-3967 + RESERVED +CVE-2021-3966 + RESERVED +CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to unauthenticated HTT ...) + NOT-FOR-US: HP +CVE-2021-43774 + RESERVED +CVE-2021-43773 + RESERVED +CVE-2021-43772 (Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability th ...) + NOT-FOR-US: Trend Micro +CVE-2021-43771 (Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an ...) + NOT-FOR-US: Trend Micro +CVE-2021-3964 (elgg is vulnerable to Authorization Bypass Through User-Controlled Key ...) + - elgg <itp> (bug #526197) +CVE-2021-3963 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: kimai2 +CVE-2021-3962 (A flaw was found in ImageMagick where it did not properly sanitize cer ...) + - imagemagick <not-affected> (Specific to 7.x) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/4446 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/82775af03bbb10a0a1d0e15c0156c75673b4525e +CVE-2021-43770 + RESERVED +CVE-2021-43769 + RESERVED +CVE-2021-43768 + RESERVED +CVE-2021-43767 + RESERVED +CVE-2021-43766 + RESERVED +CVE-2021-43765 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) + NOT-FOR-US: Adobe +CVE-2021-43764 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) + NOT-FOR-US: Adobe +CVE-2021-43763 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + NOT-FOR-US: Adobe +CVE-2021-43762 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) + NOT-FOR-US: Adobe +CVE-2021-43761 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...) + NOT-FOR-US: Adobe +CVE-2021-43760 + RESERVED +CVE-2021-43759 + RESERVED +CVE-2021-43758 + RESERVED +CVE-2021-43757 + RESERVED +CVE-2021-43756 + RESERVED +CVE-2021-43755 + RESERVED +CVE-2021-43754 + RESERVED +CVE-2021-43753 + RESERVED +CVE-2021-43752 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-43751 + RESERVED +CVE-2021-43750 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) + NOT-FOR-US: Adobe +CVE-2021-43749 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) + NOT-FOR-US: Adobe +CVE-2021-43748 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) + NOT-FOR-US: Adobe +CVE-2021-43747 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43746 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...) + NOT-FOR-US: Adobe +CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: snipe-it +CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: Bitdefender +CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...) + NOT-FOR-US: Bitdefender +CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...) + NOT-FOR-US: iPack SCADA Automation +CVE-2021-43745 + RESERVED +CVE-2021-43744 + RESERVED +CVE-2021-43743 + RESERVED +CVE-2021-43742 + RESERVED +CVE-2021-43741 + RESERVED +CVE-2021-43740 + RESERVED +CVE-2021-43739 + RESERVED +CVE-2021-43738 + RESERVED +CVE-2021-43737 + RESERVED +CVE-2021-43736 + RESERVED +CVE-2021-43735 + RESERVED +CVE-2021-43734 (kkFileview v4.0.0 has arbitrary file read through a directory traversa ...) + NOT-FOR-US: kkFileview +CVE-2021-43733 + RESERVED +CVE-2021-43732 + RESERVED +CVE-2021-43731 + RESERVED +CVE-2021-43730 + RESERVED +CVE-2021-43729 + RESERVED +CVE-2021-43728 + RESERVED +CVE-2021-43727 + RESERVED +CVE-2021-43726 + RESERVED +CVE-2021-43725 + RESERVED +CVE-2021-43724 + RESERVED +CVE-2021-43723 + RESERVED +CVE-2021-43722 + RESERVED +CVE-2021-43721 + RESERVED +CVE-2021-43720 + RESERVED +CVE-2021-43719 + RESERVED +CVE-2021-43718 + RESERVED +CVE-2021-43717 + RESERVED +CVE-2021-43716 + RESERVED +CVE-2021-43715 + RESERVED +CVE-2021-43714 + RESERVED +CVE-2021-43713 + RESERVED +CVE-2021-43712 + RESERVED +CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...) + NOT-FOR-US: TOTOLINK +CVE-2021-43710 + RESERVED +CVE-2021-43709 + RESERVED +CVE-2021-43708 + RESERVED +CVE-2021-43707 + RESERVED +CVE-2021-43706 + RESERVED +CVE-2021-43705 + RESERVED +CVE-2021-43704 + RESERVED +CVE-2021-43703 (An Incorrect Access Control vulnerability exists in zzcms less than or ...) + NOT-FOR-US: zzcms +CVE-2021-43702 + RESERVED +CVE-2021-43701 + RESERVED +CVE-2021-43700 + RESERVED +CVE-2021-43699 + RESERVED +CVE-2021-43698 (phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripti ...) + NOT-FOR-US: phpWhois +CVE-2021-43697 (Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a C ...) + NOT-FOR-US: Workerman-ThinkPHP-Redis +CVE-2021-43696 (twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerab ...) + NOT-FOR-US: twmap +CVE-2021-43695 (issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vu ...) + NOT-FOR-US: issabelPBX +CVE-2021-43694 + RESERVED +CVE-2021-43693 (vesta 0.9.8-24 is affected by a file inclusion vulnerability in file w ...) + NOT-FOR-US: Vesta Control Panel +CVE-2021-43692 (youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross ...) + NOT-FOR-US: youtube-php-mirroring +CVE-2021-43691 (tripexpress v1.1 is affected by a path manipulation vulnerability in f ...) + NOT-FOR-US: tripexpress +CVE-2021-43690 (YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: YurunProxy +CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by a Cross Site Scriptin ...) + NOT-FOR-US: thinkphp manage +CVE-2021-43688 + RESERVED +CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerabilit ...) + NOT-FOR-US: nZEDb +CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...) + - libretime <itp> (bug #888687) +CVE-2021-43684 + RESERVED +CVE-2021-43683 (pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerabili ...) + NOT-FOR-US: pictshare +CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site ...) + NOT-FOR-US: ThinkPHP BJY Blog +CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulne ...) + NOT-FOR-US: SakuraPanel +CVE-2021-43680 + RESERVED +CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...) + NOT-FOR-US: ecshop +CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vul ...) + NOT-FOR-US: Wechat-php-sdk +CVE-2021-43677 (Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerabili ...) + NOT-FOR-US: Fluxbb +CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...) + NOT-FOR-US: matyhtf framework +CVE-2021-43675 (Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: Lychee-v3 +CVE-2021-43674 (** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a p ...) + NOT-FOR-US: ThinkUp +CVE-2021-43673 (dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) v ...) + NOT-FOR-US: dzzoffice +CVE-2021-43672 + RESERVED +CVE-2021-43671 + RESERVED +CVE-2021-43670 + RESERVED +CVE-2021-43669 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...) + NOT-FOR-US: HyperLedger +CVE-2021-43668 (Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a s ...) + - golang-github-go-ethereum <itp> (bug #890541) + NOTE: https://github.com/ethereum/go-ethereum/issues/23866 +CVE-2021-43667 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...) + NOT-FOR-US: HyperLedger +CVE-2021-43666 + RESERVED +CVE-2021-43665 + RESERVED +CVE-2021-43664 + RESERVED +CVE-2021-43663 + RESERVED +CVE-2021-43662 + RESERVED +CVE-2021-43661 + RESERVED +CVE-2021-43660 + RESERVED +CVE-2021-43659 + RESERVED +CVE-2021-43658 + RESERVED +CVE-2021-43657 + RESERVED +CVE-2021-43656 + RESERVED +CVE-2021-43655 + RESERVED +CVE-2021-43654 + RESERVED +CVE-2021-43653 + RESERVED +CVE-2021-43652 + RESERVED +CVE-2021-43651 + RESERVED +CVE-2021-43650 + RESERVED +CVE-2021-43649 + RESERVED +CVE-2021-43648 + RESERVED +CVE-2021-43647 + RESERVED +CVE-2021-43646 + RESERVED +CVE-2021-43645 + RESERVED +CVE-2021-43644 + RESERVED +CVE-2021-43643 + RESERVED +CVE-2021-43642 + RESERVED +CVE-2021-43641 + RESERVED +CVE-2021-43640 + RESERVED +CVE-2021-43639 + RESERVED +CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL ...) + NOT-FOR-US: Amazon +CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler ...) + NOT-FOR-US: Amazon +CVE-2021-43636 + RESERVED +CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4. ...) + NOT-FOR-US: Codex +CVE-2021-43634 + RESERVED +CVE-2021-43633 + RESERVED +CVE-2021-43632 + RESERVED +CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...) + NOT-FOR-US: Projectworlds Hospital Management System +CVE-2021-43630 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...) + NOT-FOR-US: Projectworlds Hospital Management System +CVE-2021-43629 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...) + NOT-FOR-US: Projectworlds Hospital Management System +CVE-2021-43628 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...) + NOT-FOR-US: Projectworlds Hospital Management System +CVE-2021-43627 + RESERVED +CVE-2021-43626 + RESERVED +CVE-2021-43625 + RESERVED +CVE-2021-43624 + RESERVED +CVE-2021-43623 + RESERVED +CVE-2021-43622 + RESERVED +CVE-2021-43621 + RESERVED +CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for Rust. Se ...) + NOT-FOR-US: Rust crate fruity +CVE-2021-43619 + RESERVED +CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...) + {DLA-2837-1} + - gmp 2:6.2.1+dfsg-3 (bug #994405) + [bullseye] - gmp 2:6.2.1+dfsg-1+deb11u1 + [buster] - gmp <no-dsa> (Minor issue) + NOTE: https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html + NOTE: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e +CVE-2021-43617 (Laravel Framework through 8.70.2 does not sufficiently block the uploa ...) + - php-laravel-framework 6.20.14+dfsg-3 (bug #1002728) + [bullseye] - php-laravel-framework <no-dsa> (Can be fixed via point release) + NOTE: https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b +CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: kimai2 +CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...) + - npm <unfixed> + [bullseye] - npm <no-dsa> (Minor issue) + [buster] - npm <no-dsa> (Minor issue) + NOTE: https://github.com/npm/cli/issues/2701 +CVE-2021-43615 (An issue was discovered in HddPassword in Insyde InsydeH2O with kernel ...) + NOT-FOR-US: Insyde +CVE-2021-43614 + RESERVED +CVE-2021-43613 + RESERVED +CVE-2021-43612 [crash in SONMP decoder] + RESERVED + - lldpd 1.0.13-1 + [bullseye] - lldpd 1.0.11-1+deb11u1 + [buster] - lldpd <no-dsa> (Minor issue) + [stretch] - lldpd <no-dsa> (Minor issue) + NOTE: https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7 (1.0.13) +CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...) + NOT-FOR-US: Belledonne Belle-sip +CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...) + NOT-FOR-US: Belledonne Belle-sip +CVE-2021-43609 + RESERVED +CVE-2021-43608 (Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of o ...) + - php-doctrine-dbal <not-affected> (Vulnerable code introduced in 3.0.0) + NOTE: Bug was introduced in 3.0.0, and fixed in experimental in 3.1.4+dfsg-1 and + NOTE: only present in experimental suite. + NOTE: https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622 +CVE-2021-43607 + RESERVED +CVE-2021-43606 + RESERVED +CVE-2021-43605 + RESERVED +CVE-2021-43604 + RESERVED +CVE-2021-43603 + RESERVED +CVE-2021-43602 + RESERVED +CVE-2021-43601 + RESERVED +CVE-2021-43600 + RESERVED +CVE-2021-43599 + RESERVED +CVE-2021-43598 + RESERVED +CVE-2021-43597 + RESERVED +CVE-2021-43596 + RESERVED +CVE-2021-43595 + RESERVED +CVE-2021-43594 + RESERVED +CVE-2021-43593 + RESERVED +CVE-2021-43592 + RESERVED +CVE-2021-43591 + RESERVED +CVE-2021-43590 + RESERVED +CVE-2021-43589 (Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior ...) + NOT-FOR-US: EMC +CVE-2021-43588 (Dell EMC Data Protection Central version 19.5 contains an Improper Inp ...) + NOT-FOR-US: EMC +CVE-2021-43587 (Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, ...) + NOT-FOR-US: Dell +CVE-2021-43586 + RESERVED +CVE-2021-43585 + RESERVED +CVE-2021-43584 + RESERVED +CVE-2021-43583 + RESERVED +CVE-2021-3956 + RESERVED +CVE-2021-3955 + RESERVED +CVE-2021-3954 + RESERVED +CVE-2021-3953 + RESERVED +CVE-2021-3952 + RESERVED +CVE-2021-3951 + RESERVED +CVE-2021-43582 (A Use-After-Free Remote Vulnerability exists when reading a DWG file u ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43581 (An Out-of-Bounds Read vulnerability exists when reading a U3D file usi ...) + NOT-FOR-US: Open Design Alliance PRC SDK +CVE-2021-43580 + RESERVED +CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9 ...) + - htmldoc 1.9.13-1 (unimportant) + [bullseye] - htmldoc 1.9.11-4+deb11u1 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b (v1.9.13) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/453 + NOTE: Crash in CLI tool, no security impact +CVE-2021-3950 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...) + NOT-FOR-US: django-helpdesk +CVE-2021-43578 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-43577 (Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not confi ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-43576 (Jenkins pom2config Plugin 1.2 and earlier does not configure its XML p ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-42744 (Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive informatio ...) + NOT-FOR-US: Philips +CVE-2021-26262 (Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorre ...) + NOT-FOR-US: Philips +CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outs ...) + NOT-FOR-US: Philips +CVE-2021-3949 + RESERVED +CVE-2021-3948 (An incorrect default permissions vulnerability was found in the mig-co ...) + NOT-FOR-US: Migration Toolkit for Containers +CVE-2021-3947 (A stack-buffer-overflow was found in QEMU in the NVME component. The f ...) + - qemu 1:6.2+dfsg-1 + [bullseye] - qemu <not-affected> (Vulnerable code introduced later) + [buster] - qemu <not-affected> (Vulnerable code introduced later) + [stretch] - qemu <not-affected> (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2021869 + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/f432fdfa1215bc3a00468b2e711176be279b0fd2 (v6.0.0-rc0) + NOTE: https://lore.kernel.org/qemu-devel/20211111153125.2258176-1-philmd@redhat.com/ + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/e2c57529c9306e4c9aac75d9879f6e7699584a22 (v6.2.0-rc3) +CVE-2021-3946 + RESERVED +CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...) + NOT-FOR-US: django-helpdesk +CVE-2021-3944 (bookstack is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: bookstack +CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) + - moodle <removed> +CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...) + NOT-FOR-US: KNX ETS6 +CVE-2021-43574 (** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 ...) + - atmailopen <removed> +CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...) + NOT-FOR-US: Realtek +CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (aka starkb ...) + NOT-FOR-US: Stark bank libraries +CVE-2021-43571 (The verify function in the Stark Bank Node.js ECDSA library (ecdsa-nod ...) + NOT-FOR-US: Stark bank libraries +CVE-2021-43570 (The verify function in the Stark Bank Java ECDSA library (ecdsa-java) ...) + NOT-FOR-US: Stark bank libraries +CVE-2021-43569 (The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet ...) + NOT-FOR-US: Stark bank libraries +CVE-2021-43568 (The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elix ...) + NOT-FOR-US: Stark bank libraries +CVE-2021-43567 + RESERVED +CVE-2021-43566 (All versions of Samba prior to 4.13.16 are vulnerable to a malicious c ...) + - samba <unfixed> (bug #1004691) + [bullseye] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists) + [buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists) + NOTE: https://www.samba.org/samba/security/CVE-2021-43566.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13979 +CVE-2021-43565 [x/crypto/ssh: empty plaintext packet causes panic] + RESERVED + - golang-go.crypto 1:0.0~git20211202.5770296-1 + [stretch] - golang-go.crypto <postponed> (Limited support in stretch) + NOTE: https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083 + NOTE: https://github.com/golang/go/issues/49932 +CVE-2021-43564 (An issue was discovered in the jobfair (aka Job Fair) extension before ...) + NOT-FOR-US: TYPO3 extension +CVE-2021-43563 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...) + NOT-FOR-US: TYPO3 extension +CVE-2021-43562 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...) + NOT-FOR-US: TYPO3 extension +CVE-2021-43561 (An XSS issue was discovered in the google_for_jobs (aka Google for Job ...) + NOT-FOR-US: TYPO3 extension +CVE-2021-43560 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) + - moodle <removed> +CVE-2021-43559 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) + - moodle <removed> +CVE-2021-43558 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) + - moodle <removed> +CVE-2021-3942 + RESERVED +CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri ...) + NOT-FOR-US: Apache Apisix +CVE-2021-3941 + RESERVED + - openexr <unfixed> + [stretch] - openexr <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019789 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39084 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1153 + NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/a0cfa81153b2464b864c5fe39a53cb03339092ed +CVE-2021-3940 + RESERVED +CVE-2021-43556 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a s ...) + NOT-FOR-US: FATEK WinProladder +CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validat ...) + NOT-FOR-US: mySCADA myDESIGNER +CVE-2021-43554 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an ...) + NOT-FOR-US: FATEK WinProladder +CVE-2021-43553 (PI Vision could disclose information to a user with insufficient privi ...) + NOT-FOR-US: OSIsoft +CVE-2021-43552 (The use of a hard-coded cryptographic key significantly increases the ...) + NOT-FOR-US: Philips +CVE-2021-43551 (A remote attacker with write access to PI Vision could inject code int ...) + NOT-FOR-US: OSIsoft +CVE-2021-43550 (The use of a broken or risky cryptographic algorithm is an unnecessary ...) + NOT-FOR-US: Philips +CVE-2021-43549 (A remote authenticated attacker with write access to a PI Server could ...) + NOT-FOR-US: OSIsoft +CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives ...) + NOT-FOR-US: Philips +CVE-2021-43547 + RESERVED +CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43546 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546 +CVE-2021-43545 (Using the Location API in a loop could have caused severe application ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43545 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43545 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43545 +CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have searche ...) + - firefox <not-affected> (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544 +CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43543 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543 +CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43542 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542 +CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43541 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43541 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43541 +CVE-2021-43540 (WebExtensions with the correct permissions were able to create and ins ...) + - firefox 95.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540 +CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43539 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539 +CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43538 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538 +CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43537 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537 +CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43536 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536 +CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object was r ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 93.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-43535 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535 +CVE-2021-43534 (Mozilla developers and community members reported memory safety bugs p ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43534 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43534 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43534 +CVE-2021-43533 (When parsing internationalized domain names, high bits of the characte ...) + - firefox 94.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43533 +CVE-2021-43532 (The 'Copy Image Link' context menu action would copy the final image U ...) + - firefox 94.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43532 +CVE-2021-43531 (When a user loaded a Web Extensions context menu, the Web Extension co ...) + - firefox 94.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43531 +CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for Android resul ...) + - firefox 94.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530 +CVE-2021-43529 + RESERVED + {DSA-5034-1 DLA-2874-1} + - thunderbird 1:91.3.0-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1738501 +CVE-2021-43528 (Thunderbird unexpectedly enabled JavaScript in the composition area. T ...) + {DSA-5034-1 DLA-2874-1} + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528 +CVE-2021-43527 (NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a ...) + {DSA-5016-1 DLA-2836-1} + - nss 2:3.73-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/4 + NOTE: https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58 (NSS_3_73_BRANCH) + NOTE: https://hg.mozilla.org/projects/nss/rev/dea71cbef9e03636f37c6cb120f8deccce6e17dd (NSS_3_68_1_BRANCH) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/#CVE-2021-43527 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1737470 (not yet public) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2237 + NOTE: https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html +CVE-2021-43526 + RESERVED +CVE-2021-43525 + RESERVED +CVE-2021-43524 + RESERVED +CVE-2021-43523 (In uClibc and uClibc-ng before 1.0.39, incorrect handling of special c ...) + - uclibc <unfixed> (unimportant) + - uclibc-ng <itp> (bug #811275) + NOTE: https://www.openwall.com/lists/oss-security/2021/11/09/1 + NOTE: https://github.com/wbx-github/uclibc-ng/commit/0f822af0445e5348ce7b7bd8ce1204244f31d174 +CVE-2021-43522 (An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 20 ...) + NOT-FOR-US: Insyde +CVE-2021-3939 (Ubuntu-specific modifications to accountsservice (in patch file debian ...) + - accountsservice <not-affected> (Ubuntu specific patch) + NOTE: https://ubuntu.com/security/CVE-2021-3939 +CVE-2021-3938 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: snipe-it +CVE-2021-3937 + RESERVED +CVE-2021-3936 + RESERVED +CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-in-th ...) + {DLA-2922-1} + - pgbouncer 1.16.1-1 + [bullseye] - pgbouncer <no-dsa> (Minor issue; can be fixed via point release) + [buster] - pgbouncer <no-dsa> (Minor issue; can be fixed via point release) + NOTE: https://www.pgbouncer.org/2021/11/pgbouncer-1-16-1 + NOTE: https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_1_16_1 + NOTE: https://github.com/pgbouncer/pgbouncer/commit/e4453c9151a2f5af0a9cb049b302a3f9f9654453 (v1.16.1) +CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Elements u ...) + NOT-FOR-US: ohmyzsh +CVE-2021-3933 + RESERVED + - openexr <unfixed> + [stretch] - openexr <not-affected> (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912 + NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/5a0adf1aba7d41c6b94ba167c0c4308d2eecfd17 +CVE-2021-43521 + RESERVED +CVE-2021-43520 + RESERVED +CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ...) + - lua5.4 5.4.4-1 (bug #1000228) + [bullseye] - lua5.4 <no-dsa> (Minor issue) + - lua5.3 <unfixed> + [bullseye] - lua5.3 <no-dsa> (Minor issue) + [buster] - lua5.3 <no-dsa> (Minor issue) + [stretch] - lua5.3 <no-dsa> (Minor issue) + - lua5.2 <unfixed> + [bullseye] - lua5.2 <no-dsa> (Minor issue) + [buster] - lua5.2 <no-dsa> (Minor issue) + [stretch] - lua5.2 <no-dsa> (Minor issue) + - lua5.1 <unfixed> + [bullseye] - lua5.1 <no-dsa> (Minor issue) + [buster] - lua5.1 <no-dsa> (Minor issue) + [stretch] - lua5.1 <no-dsa> (Minor issue) + - lua50 <not-affected> (Vulnerable code not present) + NOTE: http://lua-users.org/lists/lua-l/2021-10/msg00123.html + NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00015.html + NOTE: Fixed by: https://github.com/lua/lua/commit/74d99057a5146755e737c479850f87fd0e3b6868 +CVE-2021-43518 (Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. ...) + - teeworlds <unfixed> + [bullseye] - teeworlds <no-dsa> (Minor issue) + [buster] - teeworlds <no-dsa> (Minor issue) + NOTE: https://github.com/teeworlds/teeworlds/issues/2981 + NOTE: https://github.com/teeworlds/teeworlds/pull/3018 + NOTE: https://github.com/teeworlds/teeworlds/commit/91e5492d4c210f82f1ca6b43a73417fef5463368 + NOTE: https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/ +CVE-2021-43517 + RESERVED +CVE-2021-43516 + RESERVED +CVE-2021-43515 + RESERVED +CVE-2021-43514 + RESERVED +CVE-2021-43513 + RESERVED +CVE-2021-43512 + RESERVED +CVE-2021-43511 + RESERVED +CVE-2021-43510 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...) + NOT-FOR-US: Sourcecodester +CVE-2021-43509 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...) + NOT-FOR-US: Sourcecodester +CVE-2021-43508 + RESERVED +CVE-2021-43507 + RESERVED +CVE-2021-43506 + RESERVED +CVE-2021-43505 + RESERVED +CVE-2021-43504 + RESERVED +CVE-2021-43503 + RESERVED +CVE-2021-43502 + RESERVED +CVE-2021-43501 + RESERVED +CVE-2021-43500 + RESERVED +CVE-2021-43499 + RESERVED +CVE-2021-43498 + RESERVED +CVE-2021-43497 + RESERVED +CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...) + NOT-FOR-US: Clustering +CVE-2021-43495 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...) + NOT-FOR-US: AlquistManager +CVE-2021-43494 (OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc68 ...) + NOT-FOR-US: OpenCV-REST-API +CVE-2021-43493 (ServerManagement master branch as of commit 49491cc6f94980e6be7791d17b ...) + NOT-FOR-US: ServerManagement +CVE-2021-43492 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...) + NOT-FOR-US: AlquistManager +CVE-2021-43491 + RESERVED +CVE-2021-43490 + RESERVED +CVE-2021-43489 + RESERVED +CVE-2021-43488 + RESERVED +CVE-2021-43487 + RESERVED +CVE-2021-43486 + RESERVED +CVE-2021-43485 + RESERVED +CVE-2021-43484 + RESERVED +CVE-2021-43483 + RESERVED +CVE-2021-43482 + RESERVED +CVE-2021-43481 + RESERVED +CVE-2021-43480 + RESERVED +CVE-2021-43479 + RESERVED +CVE-2021-43478 + RESERVED +CVE-2021-43477 + RESERVED +CVE-2021-43476 + RESERVED +CVE-2021-43475 + RESERVED +CVE-2021-43474 + RESERVED +CVE-2021-43473 + RESERVED +CVE-2021-43472 + RESERVED +CVE-2021-43471 (In Canon LBP223 printers, the System Manager Mode login does not requi ...) + NOT-FOR-US: Canon +CVE-2021-43470 + RESERVED +CVE-2021-43469 (VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulner ...) + NOT-FOR-US: VINGA +CVE-2021-43468 + RESERVED +CVE-2021-43467 + RESERVED +CVE-2021-43466 (In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with spe ...) + NOT-FOR-US: thymeleaf-spring5 +CVE-2021-43465 + RESERVED +CVE-2021-43464 + RESERVED +CVE-2021-43463 + RESERVED +CVE-2021-43462 + RESERVED +CVE-2021-43461 + RESERVED +CVE-2021-43460 + RESERVED +CVE-2021-43459 + RESERVED +CVE-2021-43458 + RESERVED +CVE-2021-43457 + RESERVED +CVE-2021-43456 + RESERVED +CVE-2021-43455 + RESERVED +CVE-2021-43454 + RESERVED +CVE-2021-43453 + RESERVED +CVE-2021-43452 + RESERVED +CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee Record Manag ...) + NOT-FOR-US: PHPGURUKUL +CVE-2021-43450 + RESERVED +CVE-2021-43449 + RESERVED +CVE-2021-43448 + RESERVED +CVE-2021-43447 + RESERVED +CVE-2021-43446 + RESERVED +CVE-2021-43445 + RESERVED +CVE-2021-43444 + RESERVED +CVE-2021-43443 + RESERVED +CVE-2021-43442 + RESERVED +CVE-2021-43441 (An HTML Injection Vulnerability in iOrder 1.0 allows the remote attack ...) + NOT-FOR-US: iOrder +CVE-2021-43440 (Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 a ...) + NOT-FOR-US: iOrder +CVE-2021-43439 (RCE in Add Review Function in iResturant 1.0 Allows remote attacker to ...) + NOT-FOR-US: iResturant +CVE-2021-43438 (Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to ...) + NOT-FOR-US: iResturant +CVE-2021-43437 (In sourcecodetester Engineers Online Portal as of 10-21-21, an attacke ...) + NOT-FOR-US: sourcecodetester Engineers Online Portal +CVE-2021-43436 (MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payl ...) + NOT-FOR-US: MartDevelopers Inc iResturant +CVE-2021-43435 + RESERVED +CVE-2021-43434 + RESERVED +CVE-2021-43433 + RESERVED +CVE-2021-43432 + RESERVED +CVE-2021-43431 + RESERVED +CVE-2021-43430 + RESERVED +CVE-2021-43429 + RESERVED +CVE-2021-43428 + RESERVED +CVE-2021-43427 + RESERVED +CVE-2021-43426 + RESERVED +CVE-2021-43425 + RESERVED +CVE-2021-43424 + RESERVED +CVE-2021-43423 + RESERVED +CVE-2021-43422 + RESERVED +CVE-2021-43421 + RESERVED +CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester Online Paym ...) + NOT-FOR-US: Sourcecodester +CVE-2021-43419 + RESERVED +CVE-2021-43418 + RESERVED +CVE-2021-43417 + RESERVED +CVE-2021-43416 + RESERVED +CVE-2021-43415 (HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, w ...) + - nomad <undetermined> + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288 + TODO: check +CVE-2021-43414 (An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of ...) + - hurd 1:0.9.git20210404-9 +CVE-2021-43413 (An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pa ...) + - hurd 1:0.9.git20210404-9 +CVE-2021-43412 (An issue was discovered in GNU Hurd before 0.9 20210404-9. libports ac ...) + - hurd 1:0.9.git20210404-9 +CVE-2021-43411 (An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying ...) + - hurd 1:0.9.git20210404-9 +CVE-2021-43410 (Apache Airavata Django Portal allows CRLF log injection because of lac ...) + NOT-FOR-US: Apache Airavata +CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: twill +CVE-2021-43409 (The “WPO365 | LOGIN” WordPress plugin (up to and including ...) + NOT-FOR-US: WordPress plugin +CVE-2021-43408 (The "Duplicate Post" WordPress plugin up to and including version 1.1. ...) + NOT-FOR-US: WordPress plugin +CVE-2021-43407 + RESERVED +CVE-2021-43406 (An issue was discovered in FusionPBX before 4.5.30. The fax_post_size ...) + NOT-FOR-US: FusionPBX +CVE-2021-43405 (An issue was discovered in FusionPBX before 4.5.30. The fax_extension ...) + NOT-FOR-US: FusionPBX +CVE-2021-43404 (An issue was discovered in FusionPBX before 4.5.30. The FAX file name ...) + NOT-FOR-US: FusionPBX +CVE-2021-43403 (An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php ...) + NOT-FOR-US: FusionPBX +CVE-2021-43402 + RESERVED +CVE-2021-43401 + RESERVED +CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: snipe-it +CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEMU. It ...) + - qemu 1:6.2+dfsg-1 + [bullseye] - qemu <postponed> (Minor issue) + [buster] - qemu <postponed> (Minor issue) + [stretch] - qemu <postponed> (Fix along with a future DLA) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020588 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/546 + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/b3af7fdf9cc537f8f0dd3e2423d83f5c99a457e8 (v6.2.0-rc0) +CVE-2021-3929 [nvme: DMA reentrancy issue leads to use-after-free] + RESERVED + - qemu <unfixed> + [stretch] - qemu <postponed> (Fix along with a future DLA) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020298 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/556 + NOTE: Proposed patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html + NOTE: No upstream patch as of 2022-01-28 +CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...) + - bluez 5.62-1 (bug #998626) + [bullseye] - bluez <no-dsa> (Minor issue; can be fixed in point release) + [buster] - bluez <no-dsa> (Minor issue; can be fixed in point release) + [stretch] - bluez <ignored> (invasive patch, requires post-stretch revamps) + NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=93b64d9ca8a2bb663e37904d4b2c702c58a36e4f (5.40) + NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8 (5.62) +CVE-2021-43399 (The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-s ...) + NOT-FOR-US: yubihsm-shell +CVE-2021-43398 (** DISPUTED ** Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a ti ...) + - libcrypto++ <unfixed> (unimportant; bug #1000227) + NOTE: https://github.com/weidai11/cryptopp/issues/1080 + NOTE: As per upstream believed to be the expected behaviour: + NOTE: https://github.com/weidai11/cryptopp/issues/1080#issuecomment-996492222 +CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate their priv ...) + NOT-FOR-US: LiquidFiles +CVE-2021-43395 + RESERVED +CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, ...) + NOT-FOR-US: Unisys +CVE-2021-43393 + RESERVED +CVE-2021-43392 + RESERVED +CVE-2021-43396 (** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka ...) + - glibc 2.32-5 (unimportant; bug #998622) + [buster] - glibc <not-affected> (Vulnerable code not present) + [stretch] - glibc <not-affected> (Vulnerable code not present) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28524 + NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d + NOTE: Introduced by the fix for CVE-2021-3326 / BZ#27256: https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888 + NOTE: No security impact per upstream assessment +CVE-2021-43391 (An Out-of-Bounds Read vulnerability exists when reading a DXF file usi ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43390 (An Out-of-Bounds Write vulnerability exists when reading a DGN file us ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15. There is a ...) + {DLA-2843-1} + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/19/1 + NOTE: https://git.kernel.org/linus/1f3e2e97c003f80c4b087092b225c8787ff91e4d +CVE-2021-43388 (Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store ...) + NOT-FOR-US: Unisys Cargo Mobile Application +CVE-2021-43387 + RESERVED +CVE-2021-43386 + RESERVED +CVE-2021-43385 + RESERVED +CVE-2021-43384 + RESERVED +CVE-2021-43383 + RESERVED +CVE-2021-43382 + RESERVED +CVE-2021-43381 + RESERVED +CVE-2021-43380 + RESERVED +CVE-2021-43379 + RESERVED +CVE-2021-43378 + RESERVED +CVE-2021-43377 + RESERVED +CVE-2021-43376 + RESERVED +CVE-2021-43375 + RESERVED +CVE-2021-43374 + RESERVED +CVE-2021-43373 + RESERVED +CVE-2021-43372 + RESERVED +CVE-2021-43371 + RESERVED +CVE-2021-43370 + RESERVED +CVE-2021-43369 + RESERVED +CVE-2021-43368 + RESERVED +CVE-2021-43367 + RESERVED +CVE-2021-43366 + RESERVED +CVE-2021-43365 + RESERVED +CVE-2021-43364 + RESERVED +CVE-2021-43363 + RESERVED +CVE-2021-43362 + RESERVED +CVE-2021-43361 + RESERVED +CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule’s serialization functi ...) + NOT-FOR-US: Sunnet eHRD +CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allows a re ...) + NOT-FOR-US: Sunnet eHRD +CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...) + NOT-FOR-US: Sunnet eHRD +CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...) + - vim 2:8.2.3995-1 + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) + [stretch] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd + NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582) +CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...) + - vim 2:8.2.3995-1 + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) + [stretch] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0 + NOTE: Fixed by: https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e (v8.2.3581) +CVE-2021-43357 + RESERVED +CVE-2021-43350 (An unauthenticated Apache Traffic Control Traffic Ops user can send a ...) + NOT-FOR-US: Apache Traffic Control +CVE-2021-43349 + RESERVED +CVE-2021-43348 + RESERVED +CVE-2021-43347 + RESERVED +CVE-2021-43346 + RESERVED +CVE-2021-43345 + RESERVED +CVE-2021-43344 + RESERVED +CVE-2021-43343 + RESERVED +CVE-2021-43342 + RESERVED +CVE-2021-43341 + RESERVED +CVE-2021-43340 + RESERVED +CVE-2021-43339 (In Ericsson Network Location before 2021-07-31, it is possible for an ...) + NOT-FOR-US: Ericsson +CVE-2021-43338 + REJECTED +CVE-2021-43337 (SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On ...) + - slurm-wlm <not-affected> (Affects only 21.08 series; vulnerable code introduced later) + NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html + NOTE: https://www.schedmd.com/news.php?id=256 +CVE-2021-42743 + RESERVED +CVE-2021-3926 + RESERVED +CVE-2021-3925 + RESERVED +CVE-2021-33845 + RESERVED +CVE-2021-31559 + RESERVED +CVE-2021-26253 + RESERVED +CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF file us ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43335 + RESERVED +CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Grou ...) + NOT-FOR-US: BuddyBoss +CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...) + NOT-FOR-US: Datalogic +CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...) + - mailman <removed> (bug #1000367) + [buster] - mailman <no-dsa> (Minor issue) + [stretch] - mailman <no-dsa> (Minor issue) + NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/ + NOTE: https://bugs.launchpad.net/mailman/+bug/1949403 +CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user ...) + - mailman <removed> (bug #1000367) + [buster] - mailman <no-dsa> (Minor issue) + [stretch] - mailman <no-dsa> (Minor issue) + NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/ + NOTE: https://bugs.launchpad.net/mailman/+bug/1949401 +CVE-2021-43330 + RESERVED +CVE-2021-43329 + RESERVED +CVE-2021-43328 + RESERVED +CVE-2021-43327 (An issue was discovered on Renesas RX65 and RX65N devices. With a VCC ...) + NOT-FOR-US: Renesas +CVE-2021-43326 (Automox Agent before 32 on Windows incorrectly sets permissions on a t ...) + NOT-FOR-US: Automox Agent +CVE-2021-43325 (Automox Agent 33 on Windows incorrectly sets permissions on a temporar ...) + NOT-FOR-US: Automox Agent +CVE-2021-43324 (LibreNMS through 21.10.2 allows XSS via a widget title. ...) + NOT-FOR-US: LibreNMS +CVE-2021-43323 (An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel ...) + NOT-FOR-US: Insyde +CVE-2021-43322 + RESERVED +CVE-2021-43321 + RESERVED +CVE-2021-43320 + REJECTED +CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 is vulne ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-43318 + RESERVED +CVE-2021-43317 + RESERVED +CVE-2021-43316 + RESERVED +CVE-2021-43315 + RESERVED +CVE-2021-43314 + RESERVED +CVE-2021-43313 + RESERVED +CVE-2021-43312 + RESERVED +CVE-2021-43311 + RESERVED +CVE-2021-43310 + RESERVED +CVE-2021-43309 + RESERVED +CVE-2021-43308 + RESERVED +CVE-2021-43307 + RESERVED +CVE-2021-43306 + RESERVED +CVE-2021-43305 + RESERVED +CVE-2021-43304 + RESERVED +CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...) + - asterisk <unfixed> + - pjproject <removed> + - ring <unfixed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 +CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...) + - asterisk <unfixed> + - pjproject <removed> + - ring <unfixed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 +CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...) + - asterisk <unfixed> + - pjproject <removed> + - ring <unfixed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 +CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...) + - asterisk <unfixed> + - pjproject <removed> + - ring <unfixed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 +CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...) + - asterisk <unfixed> + - pjproject <removed> + - ring <unfixed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 +CVE-2021-43298 (The code that performs password matching when using 'Basic' HTTP authe ...) + NOT-FOR-US: GoAhead Web Server +CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 a ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Restricte ...) + NOT-FOR-US: Grav CMS +CVE-2021-23222 + RESERVED + {DSA-5007-1 DSA-5006-1 DLA-2817-1} + - postgresql-14 14.1-1 + - postgresql-13 <unfixed> + - postgresql-11 <removed> + - postgresql-9.6 <removed> + NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d83cdfdca9d918bbbd6bb209139b94c954da7228 (REL9_6_24) +CVE-2021-23214 + RESERVED + {DSA-5007-1 DSA-5006-1 DLA-2817-1} + - postgresql-14 14.1-1 + - postgresql-13 <unfixed> + - postgresql-11 <removed> + - postgresql-9.6 <removed> + NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=046c2c846b741a12e7fd61d8d86bf324a20e3dfc (REL9_6_24) +CVE-2021-43296 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-43295 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-43294 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-43293 (Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote au ...) + NOT-FOR-US: Sonatype +CVE-2021-43292 + RESERVED +CVE-2021-43291 + RESERVED +CVE-2021-43290 + RESERVED +CVE-2021-43289 + RESERVED +CVE-2021-43288 + RESERVED +CVE-2021-43287 + RESERVED +CVE-2021-43286 + RESERVED +CVE-2021-43285 + RESERVED +CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through 1.0.3. The r ...) + NOT-FOR-US: Victure WR1200 devices +CVE-2021-43283 (An issue was discovered on Victure WR1200 devices through 1.0.3. A com ...) + NOT-FOR-US: Victure WR1200 devices +CVE-2021-43282 (An issue was discovered on Victure WR1200 devices through 1.0.3. The d ...) + NOT-FOR-US: Victure WR1200 devices +CVE-2021-43281 (MyBB before 1.8.29 allows Remote Code Injection by an admin with the " ...) + NOT-FOR-US: MyBB +CVE-2021-43280 (A stack-based buffer overflow vulnerability exists in the DWF file rea ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43279 (An out-of-bounds write vulnerability exists in the U3D file reading pr ...) + NOT-FOR-US: Open Design Alliance PRC SDK +CVE-2021-43278 (An Out-of-bounds Read vulnerability exists in the OBJ file reading pro ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43277 (An out-of-bounds read vulnerability exists in the U3D file reading pro ...) + NOT-FOR-US: Open Design Alliance PRC SDK +CVE-2021-43276 (An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA ...) + NOT-FOR-US: Open Design Alliance ODA Viewer +CVE-2021-43275 (A Use After Free vulnerability exists in the DGN file reading procedur ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43274 (A Use After Free Vulnerability exists in the Open Design Alliance Draw ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43273 (An Out-of-bounds Read vulnerability exists in the DGN file reading pro ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43272 (An improper handling of exceptional conditions vulnerability exists in ...) + NOT-FOR-US: Open Design Alliance ODA Viewer +CVE-2021-43271 + RESERVED +CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3. ...) + NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus) +CVE-2021-43269 (In Code42 app before 8.8.0, eval injection allows an attacker to chang ...) + NOT-FOR-US: Code42 app +CVE-2021-43268 (An issue was discovered in VxWorks 6.9 through 7. In the IKE component ...) + NOT-FOR-US: Wind River VxWorks +CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...) + - mahara <removed> +CVE-2021-43265 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag s ...) + - mahara <removed> +CVE-2021-43264 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the ...) + - mahara <removed> +CVE-2021-43263 + RESERVED +CVE-2021-43262 + RESERVED +CVE-2021-43261 + RESERVED +CVE-2021-43260 + RESERVED +CVE-2021-43259 + RESERVED +CVE-2021-43258 + RESERVED +CVE-2021-43257 + RESERVED +CVE-2021-3923 + RESERVED +CVE-2021-3922 + RESERVED +CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...) + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/fa40d9734a57bcbfa79a280189799f76c88f7bb0 (5.15) +CVE-2021-43256 (Microsoft Excel Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43255 (Microsoft Office Trust Center Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43254 + RESERVED +CVE-2021-43253 + RESERVED +CVE-2021-43252 + RESERVED +CVE-2021-43251 + RESERVED +CVE-2021-43250 + RESERVED +CVE-2021-43249 + RESERVED +CVE-2021-43248 (Windows Digital Media Receiver Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43247 (Windows TCP/IP Driver Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43246 (Windows Hyper-V Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43245 (Windows Digital TV Tuner Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43244 (Windows Kernel Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43243 (VP9 Video Extensions Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43242 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-43241 + RESERVED +CVE-2021-43240 (NTFS Set Short Name Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43239 (Windows Recovery Environment Agent Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-43238 (Windows Remote Access Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43237 (Windows Setup Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43236 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-43235 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-43234 (Windows Fax Service Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43233 (Remote Desktop Client Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43232 (Windows Event Tracing Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43231 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2021-43230 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2021-43229 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2021-43228 (SymCrypt Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43227 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-43226 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-43225 (Bot Framework SDK Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43224 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-43223 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-43222 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-43221 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43220 (Microsoft Edge for iOS Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43219 (DirectX Graphics Kernel File Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43218 + RESERVED +CVE-2021-43217 (Windows Encrypting File System (EFS) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-43216 (Microsoft Local Security Authority Server (lsasrv) Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2021-43215 (iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Ex ...) + NOT-FOR-US: Microsoft +CVE-2021-43214 (Web Media Extensions Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-43213 + RESERVED +CVE-2021-43212 + RESERVED +CVE-2021-43211 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-43210 + RESERVED +CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...) + NOT-FOR-US: Microsoft +CVE-2021-43208 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...) + NOT-FOR-US: Microsoft +CVE-2021-43207 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-43206 + RESERVED +CVE-2021-43205 + RESERVED +CVE-2021-43204 (A improper control of a resource through its lifetime in Fortinet Fort ...) + NOT-FOR-US: FortiGuard +CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: firefly-iii +CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of Input Du ...) + NOT-FOR-US: Grav CMS +CVE-2021-3919 + RESERVED +CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...) + NOT-FOR-US: JetBrains Ktor +CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is m ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project could t ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in the Agent ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43199 (In JetBrains TeamCity before 2021.1.2, permission checks in the Create ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43198 (In JetBrains TeamCity before 2021.1.2, stored XSS is possible. ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43197 (In JetBrains TeamCity before 2021.1.2, email notifications could inclu ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43196 (In JetBrains TeamCity before 2021.1, information disclosure via the Do ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43195 (In JetBrains TeamCity before 2021.1.2, some HTTP security headers were ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43194 (In JetBrains TeamCity before 2021.1.2, user enumeration was possible. ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43193 (In JetBrains TeamCity before 2021.1.2, remote code execution via the a ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43192 (In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking i ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43191 (JetBrains YouTrack Mobile before 2021.2, is missing the security scree ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43190 (In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43189 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43188 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43187 (In JetBrains YouTrack Mobile before 2021.2, the client-side cache on i ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43186 (JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS. ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43185 (JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header in ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43184 (In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43183 (In JetBrains Hub before 2021.1.13690, the authentication throttling me ...) + NOT-FOR-US: JetBrains Hub +CVE-2021-43182 (In JetBrains Hub before 2021.1.13415, a DoS via user information is po ...) + NOT-FOR-US: JetBrains Hub +CVE-2021-43181 (In JetBrains Hub before 2021.1.13690, stored XSS is possible. ...) + NOT-FOR-US: JetBrains Hub +CVE-2021-43180 (In JetBrains Hub before 2021.1.13690, information disclosure via avata ...) + NOT-FOR-US: JetBrains Hub +CVE-2021-43179 + RESERVED +CVE-2021-43178 + RESERVED +CVE-2021-43177 + RESERVED +CVE-2021-43176 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...) + NOT-FOR-US: GOautodial API +CVE-2021-43175 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...) + NOT-FOR-US: GOautodial API +CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...) + - node-json-schema 0.4.0+~7.0.9-1 (bug #999765) + [bullseye] - node-json-schema 0.3.0+~7.0.6-1+deb11u1 + [buster] - node-json-schema <no-dsa> (Minor issue) + NOTE: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 (v0.4.0) +CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...) + {DSA-5041-1} + - routinator <itp> (bug #929024) + - cfrpki 1.4.0-1 + NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt + NOTE: https://github.com/NLnetLabs/routinator/pull/667 +CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can be dela ...) + {DSA-5041-1 DSA-5033-1} + - routinator <itp> (bug #929024) + - cfrpki 1.4.0-1 + - fort-validator 1.5.3-1 + - rpki-client 7.5-1 + NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt + NOTE: https://github.com/NLnetLabs/routinator/pull/666 + NOTE: https://github.com/NLnetLabs/routinator/pull/612 +CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRD ...) + - routinator <itp> (bug #929024) + - fort-validator <unfixed> + [bullseye] - fort-validator <postponed> (Minor issue, revisit when fixed upstream) + - cfrpki <unfixed> + [bullseye] - cfrpki <postponed> (Minor issue, revisit when fixed upstream) + - rpki-client 7.5-1 + NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt + NOTE: https://github.com/NLnetLabs/routinator/pull/665 +CVE-2021-3917 + RESERVED + NOT-FOR-US: coreos-installer +CVE-2021-43171 + RESERVED +CVE-2021-43170 + RESERVED +CVE-2021-43169 + RESERVED +CVE-2021-43168 + RESERVED +CVE-2021-43167 + RESERVED +CVE-2021-43166 + RESERVED +CVE-2021-43165 + RESERVED +CVE-2021-43164 + RESERVED +CVE-2021-43163 + RESERVED +CVE-2021-43162 + RESERVED +CVE-2021-43161 + RESERVED +CVE-2021-43160 + RESERVED +CVE-2021-43159 + RESERVED +CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability ...) + NOT-FOR-US: ProjectWorlds Online Shopping System PHP +CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL inj ...) + NOT-FOR-US: ProjectWorlds Online Shopping System PHP +CVE-2021-43156 (In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in adm ...) + NOT-FOR-US: ProjectWorlds Online Book Store PHP +CVE-2021-43155 (Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injecti ...) + NOT-FOR-US: ProjectWorlds Online Book Store PHP +CVE-2021-43154 + RESERVED +CVE-2021-43153 + RESERVED +CVE-2021-43152 + RESERVED +CVE-2021-43151 + RESERVED +CVE-2021-43150 + RESERVED +CVE-2021-43149 + RESERVED +CVE-2021-43148 + RESERVED +CVE-2021-43147 + RESERVED +CVE-2021-43146 + RESERVED +CVE-2021-43145 (With certain LDAP configurations, Zammad 5.0.1 was found to be vulnera ...) + - zammad <itp> (bug #841355) +CVE-2021-43144 + RESERVED +CVE-2021-43143 + RESERVED +CVE-2021-43142 + RESERVED +CVE-2021-43141 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simp ...) + NOT-FOR-US: Sourcecodester +CVE-2021-43140 (SQL Injection vulnerability exists in Sourcecodester. Simple Subscript ...) + NOT-FOR-US: Sourcecodester +CVE-2021-43139 + RESERVED +CVE-2021-43138 + RESERVED +CVE-2021-43137 (Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulne ...) + NOT-FOR-US: hostel management system +CVE-2021-43136 (An authentication bypass issue in FormaLMS <= 2.4.4 allows an attac ...) + NOT-FOR-US: FormaLMS +CVE-2021-43135 + RESERVED +CVE-2021-43134 + RESERVED +CVE-2021-43133 + RESERVED +CVE-2021-43132 + RESERVED +CVE-2021-43131 + RESERVED +CVE-2021-43130 (An SQL Injection vulnerability exists in Sourcecodester Customer Relat ...) + NOT-FOR-US: Sourcecodester +CVE-2021-43129 + RESERVED +CVE-2021-43128 + RESERVED +CVE-2021-43127 + RESERVED +CVE-2021-43126 + RESERVED +CVE-2021-43125 + RESERVED +CVE-2021-43124 + RESERVED +CVE-2021-43123 + RESERVED +CVE-2021-43122 + RESERVED +CVE-2021-43121 + RESERVED +CVE-2021-43120 + RESERVED +CVE-2021-43119 + RESERVED +CVE-2021-43118 + RESERVED +CVE-2021-43117 (fastadmin v1.2.1 is affected by a file upload vulnerability which allo ...) + NOT-FOR-US: fastadmin +CVE-2021-43116 + RESERVED +CVE-2021-43115 + RESERVED +CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publis ...) + {DSA-5033-1} + - fort-validator 1.5.2-1 +CVE-2021-43113 (iTextPDF in iText 7 and up to 7.1.17 allows command injection via a Co ...) + NOT-FOR-US: iText +CVE-2021-43112 + RESERVED +CVE-2021-43111 + RESERVED +CVE-2021-43110 + RESERVED +CVE-2021-43109 + RESERVED +CVE-2021-43108 + RESERVED +CVE-2021-43107 + RESERVED +CVE-2021-43106 (A Header Injection vulnerability exists in Compass Plus TranzWare Onli ...) + NOT-FOR-US: Compass Plus TranzWare +CVE-2021-43105 + RESERVED +CVE-2021-43104 + RESERVED +CVE-2021-43103 + RESERVED +CVE-2021-43102 + RESERVED +CVE-2021-43101 + RESERVED +CVE-2021-43100 + RESERVED +CVE-2021-43099 + RESERVED +CVE-2021-43098 + RESERVED +CVE-2021-43097 + RESERVED +CVE-2021-43096 + RESERVED +CVE-2021-43095 + RESERVED +CVE-2021-43094 + RESERVED +CVE-2021-43093 + RESERVED +CVE-2021-43092 + RESERVED +CVE-2021-43091 + RESERVED +CVE-2021-43090 + RESERVED +CVE-2021-43089 + RESERVED +CVE-2021-43088 + RESERVED +CVE-2021-43087 + RESERVED +CVE-2021-43086 + RESERVED +CVE-2021-43085 + RESERVED +CVE-2021-43084 + RESERVED +CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...) + NOT-FOR-US: bookstack +CVE-2021-43083 (Apache PLC4X - PLC4C (Only the C language implementation was effected) ...) + NOT-FOR-US: Apache PLC4X +CVE-2021-43082 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) + - trafficserver 9.1.1+ds-1 + [bullseye] - trafficserver <not-affected> (Vulnerable code not present, introduced in 9.x) + [buster] - trafficserver <not-affected> (Vulnerable code not present, introduced in 9.x) + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/pull/8475 + NOTE: https://github.com/apache/trafficserver/commit/02b17dbe3cff71ffd31577d872e077531124d207 (master) + NOTE: CVE description is wrong, this doesn't affect 8.1, only 9.x/master: + NOTE: Introduced with https://github.com/apache/trafficserver/commit/5e2385b666b4176be0f64fbadfbfae42094db396 (9.1.0-rc0) +CVE-2021-3915 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...) + NOT-FOR-US: bookstack +CVE-2021-43081 + RESERVED +CVE-2021-43080 + RESERVED +CVE-2021-43079 + RESERVED +CVE-2021-43078 + RESERVED +CVE-2021-43077 + RESERVED +CVE-2021-43076 + RESERVED +CVE-2021-43075 + RESERVED +CVE-2021-43074 + RESERVED +CVE-2021-43073 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: FortiGuard +CVE-2021-43072 + RESERVED +CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6. ...) + NOT-FOR-US: FortiGuard +CVE-2021-43070 + RESERVED +CVE-2021-43069 + RESERVED +CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator version 6.4.0 ...) + NOT-FOR-US: FortiGuard +CVE-2021-43067 (A exposure of sensitive information to an unauthorized actor in Fortin ...) + NOT-FOR-US: FortiGuard +CVE-2021-43066 + RESERVED +CVE-2021-43065 (A incorrect permission assignment for critical resource in Fortinet Fo ...) + NOT-FOR-US: FortiGuard +CVE-2021-43064 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...) + NOT-FOR-US: FortiGuard +CVE-2021-43063 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2021-43062 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2021-43061 + RESERVED +CVE-2021-43060 + RESERVED +CVE-2021-43059 + RESERVED +CVE-2021-43058 (An open redirect vulnerability exists in Replicated Classic versions p ...) + NOT-FOR-US: Replicated +CVE-2021-3914 + RESERVED +CVE-2021-43057 (An issue was discovered in the Linux kernel before 5.14.8. A use-after ...) + - linux 5.14.9-1 + [bullseye] - linux <not-affected> (Vulnerable code introduced later) + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/a3727a8bac0a9e77c70820655fd8715523ba3db7 (5.15-rc3) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2229 +CVE-2021-43055 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...) + NOT-FOR-US: TIBCO +CVE-2021-43054 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...) + NOT-FOR-US: TIBCO +CVE-2021-43053 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...) + NOT-FOR-US: TIBCO +CVE-2021-43052 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...) + NOT-FOR-US: TIBCO +CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire ...) + NOT-FOR-US: Spotfire Server component of TIBCO +CVE-2021-43050 (The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConne ...) + NOT-FOR-US: TIBCO +CVE-2021-43049 (The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect ...) + NOT-FOR-US: TIBCO +CVE-2021-43048 (The Interior Server and Gateway Server components of TIBCO Software In ...) + NOT-FOR-US: TIBCO +CVE-2021-43047 (The Interior Server and Gateway Server components of TIBCO Software In ...) + NOT-FOR-US: TIBCO +CVE-2021-43046 (The Interior Server and Gateway Server components of TIBCO Software In ...) + NOT-FOR-US: TIBCO +CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5.14.15 ...) + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 (5.15-rc6) +CVE-2021-43045 (A vulnerability in the .NET SDK of Apache Avro allows an attacker to a ...) + NOT-FOR-US: Apache Avro +CVE-2021-3913 + RESERVED +CVE-2021-43044 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43043 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43042 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43041 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43040 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43039 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43038 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43037 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43036 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43035 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43034 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43033 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-3912 (OctoRPKI tries to load the entire contents of a repository in memory, ...) + {DSA-5041-1} + - routinator <itp> (bug #929024) + - cfrpki 1.4.0-1 + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g9wh-3vrx-r7hg +CVE-2021-3911 (If the ROA that a repository returns contains too many bits for the IP ...) + {DSA-5041-1} + - cfrpki 1.4.0-1 + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-w6ww-fmfx-2x22 +CVE-2021-3910 (OctoRPKI crashes when encountering a repository that returns an invali ...) + {DSA-5041-1} + - cfrpki 1.4.0-1 + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j +CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing for a slo ...) + {DSA-5041-1 DSA-5033-1} + - routinator <itp> (bug #929024) + - cfrpki 1.4.0-1 + - fort-validator 1.5.3-1 + - rpki-client 7.5-1 + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244 +CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain, allowing for ...) + {DSA-5041-1} + - cfrpki 1.4.0-1 + - routinator <itp> (bug #929024) + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq +CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..", this a ...) + {DSA-5041-1 DSA-5033-1} + - cfrpki 1.4.0-1 + - fort-validator 1.5.3-1 + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh +CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...) + NOT-FOR-US: bookstack +CVE-2021-43032 (In XenForo through 2.2.7, a threat actor with access to the admin pane ...) + NOT-FOR-US: XenForo +CVE-2021-43031 + RESERVED +CVE-2021-43030 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...) + NOT-FOR-US: Adobe +CVE-2021-43029 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43028 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43027 + RESERVED +CVE-2021-43026 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43025 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43024 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43023 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43022 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43021 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43020 + RESERVED +CVE-2021-43019 (Adobe Creative Cloud version 5.5 (and earlier) are affected by a privi ...) + NOT-FOR-US: Adobe +CVE-2021-43018 + RESERVED +CVE-2021-43017 (Adobe Creative Cloud version 5.5 (and earlier) are affected by an Appl ...) + NOT-FOR-US: Adobe +CVE-2021-43016 (Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer ...) + NOT-FOR-US: Adobe +CVE-2021-43015 (Adobe InCopy version 16.4 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-43014 + RESERVED +CVE-2021-43013 (Adobe Media Encoder version 15.4.1 (and earlier) are affected by a mem ...) + NOT-FOR-US: Adobe +CVE-2021-43012 (Adobe Prelude version 10.1 (and earlier) are affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-43011 (Adobe Prelude version 10.1 (and earlier) are affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-3905 [External triggered memory leak in Open vSwitch while processing fragmented packets] + RESERVED + - openvswitch <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/openvswitch/ovs-issues/issues/226 + NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/640d4db788eda96bb904abcfc7de2327107bafe1 (v2.16.0) + NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349 +CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web Page ...) + NOT-FOR-US: Grav CMS +CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...) + - vim 2:8.2.3565-1 + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) + [stretch] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8 + NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43 + NOTE: PoC crashes starting with https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8 (v8.2.0149) +CVE-2021-43010 + RESERVED +CVE-2021-43009 + RESERVED +CVE-2021-43008 + RESERVED +CVE-2021-43007 + RESERVED +CVE-2021-43006 (AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOC ...) + NOT-FOR-US: AmZetta Amzetta zPortal DVM Tools +CVE-2021-43005 + RESERVED +CVE-2021-43004 + RESERVED +CVE-2021-43003 (Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL ...) + NOT-FOR-US: Amzetta +CVE-2021-43002 (Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handle ...) + NOT-FOR-US: Amzetta +CVE-2021-43001 + RESERVED +CVE-2021-43000 (Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL ...) + NOT-FOR-US: Amzetta +CVE-2021-42999 + RESERVED +CVE-2021-42998 + RESERVED +CVE-2021-42997 + RESERVED +CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in th ...) + NOT-FOR-US: Donglify +CVE-2021-42995 + RESERVED +CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...) + NOT-FOR-US: Donglify +CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...) + NOT-FOR-US: FlexiHub For Windows +CVE-2021-42992 + RESERVED +CVE-2021-42991 + RESERVED +CVE-2021-42990 (FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x2 ...) + NOT-FOR-US: FlexiHub For Windows +CVE-2021-42989 + RESERVED +CVE-2021-42988 (Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler ...) + NOT-FOR-US: Eltima USB Network Gate +CVE-2021-42987 (Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler ...) + NOT-FOR-US: Eltima USB Network Gate +CVE-2021-42986 (NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Han ...) + NOT-FOR-US: NoMachine +CVE-2021-42985 + RESERVED +CVE-2021-42984 + RESERVED +CVE-2021-42983 (NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Hand ...) + NOT-FOR-US: NoMachine +CVE-2021-42982 + RESERVED +CVE-2021-42981 + RESERVED +CVE-2021-42980 (NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0 ...) + NOT-FOR-US: NoMachine +CVE-2021-42979 (NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler ...) + NOT-FOR-US: NoMachine +CVE-2021-42978 + RESERVED +CVE-2021-42977 (NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Ha ...) + NOT-FOR-US: NoMachine +CVE-2021-42976 (NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Han ...) + NOT-FOR-US: NoMachine +CVE-2021-42975 + RESERVED +CVE-2021-42974 + RESERVED +CVE-2021-42973 (NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x2200 ...) + NOT-FOR-US: NoMachine +CVE-2021-42972 (NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001 ...) + NOT-FOR-US: NoMachine +CVE-2021-42971 + RESERVED +CVE-2021-42970 + RESERVED +CVE-2021-42969 + RESERVED +CVE-2021-42968 + RESERVED +CVE-2021-42967 + RESERVED +CVE-2021-42966 + RESERVED +CVE-2021-42965 + RESERVED +CVE-2021-42964 + RESERVED +CVE-2021-42963 + RESERVED +CVE-2021-42962 + RESERVED +CVE-2021-42961 + RESERVED +CVE-2021-42960 + RESERVED +CVE-2021-42959 + RESERVED +CVE-2021-42958 + RESERVED +CVE-2021-42957 + RESERVED +CVE-2021-42956 (Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.21 ...) + NOT-FOR-US: Zoho +CVE-2021-42955 (Zoho Remote Access Plus Server Windows Desktop binary fixed in version ...) + NOT-FOR-US: Zoho +CVE-2021-42954 (Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1. ...) + NOT-FOR-US: Zoho +CVE-2021-42953 + RESERVED +CVE-2021-42952 + RESERVED +CVE-2021-42951 + RESERVED +CVE-2021-42950 + RESERVED +CVE-2021-42949 + RESERVED +CVE-2021-42948 + RESERVED +CVE-2021-42947 + RESERVED +CVE-2021-42946 + RESERVED +CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclass ...) + NOT-FOR-US: ZZCMS +CVE-2021-42944 + RESERVED +CVE-2021-42943 + RESERVED +CVE-2021-42942 + RESERVED +CVE-2021-42941 + RESERVED +CVE-2021-42940 (A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 v ...) + NOT-FOR-US: Projeqtor +CVE-2021-42939 + RESERVED +CVE-2021-42938 + RESERVED +CVE-2021-42937 + RESERVED +CVE-2021-42936 + RESERVED +CVE-2021-42935 + RESERVED +CVE-2021-42934 + RESERVED +CVE-2021-42933 + RESERVED +CVE-2021-42932 + RESERVED +CVE-2021-42931 + RESERVED +CVE-2021-42930 + RESERVED +CVE-2021-42929 + RESERVED +CVE-2021-42928 + RESERVED +CVE-2021-42927 + RESERVED +CVE-2021-42926 + RESERVED +CVE-2021-42925 + RESERVED +CVE-2021-42924 + RESERVED +CVE-2021-42923 + RESERVED +CVE-2021-42922 + RESERVED +CVE-2021-42921 + RESERVED +CVE-2021-42920 + RESERVED +CVE-2021-42919 + RESERVED +CVE-2021-42918 + RESERVED +CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attacker ...) + - kodi 2:19.3+dfsg1-1 (bug #998419) + [bullseye] - kodi 2:19.1+dfsg2-2+deb11u1 + [buster] - kodi <no-dsa> (Minor issue) + [stretch] - kodi <postponed> (no point in fixing this when the more severe CVE-2017-5982 is ignored) + - xbmc <removed> + NOTE: https://github.com/xbmc/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237 + NOTE: https://github.com/xbmc/xbmc/issues/20305 + NOTE: https://github.com/xbmc/xbmc/pull/20306 +CVE-2021-42916 + RESERVED +CVE-2021-42915 + RESERVED +CVE-2021-42914 + RESERVED +CVE-2021-42913 (The SyncThru Web Service on Samsung SCX-6x55X printers allows an attac ...) + NOT-FOR-US: SyncThru Web Service on Samsung SCX-6x55X printers +CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command inj ...) + NOT-FOR-US: FiberHome ONU GPON AN5506-04-F RP2617 +CVE-2021-42911 + RESERVED +CVE-2021-42910 + RESERVED +CVE-2021-42909 + RESERVED +CVE-2021-42908 + RESERVED +CVE-2021-42907 + RESERVED +CVE-2021-42906 + RESERVED +CVE-2021-42905 + RESERVED +CVE-2021-42904 + RESERVED +CVE-2021-42903 + RESERVED +CVE-2021-42902 + RESERVED +CVE-2021-42901 + RESERVED +CVE-2021-42900 + RESERVED +CVE-2021-42899 + RESERVED +CVE-2021-42898 + RESERVED +CVE-2021-42897 + RESERVED +CVE-2021-42896 + RESERVED +CVE-2021-42895 + RESERVED +CVE-2021-42894 + RESERVED +CVE-2021-42893 + RESERVED +CVE-2021-42892 + RESERVED +CVE-2021-42891 + RESERVED +CVE-2021-42890 + RESERVED +CVE-2021-42889 + RESERVED +CVE-2021-42888 + RESERVED +CVE-2021-42887 + RESERVED +CVE-2021-42886 + RESERVED +CVE-2021-42885 + RESERVED +CVE-2021-42884 + RESERVED +CVE-2021-42883 + RESERVED +CVE-2021-42882 + RESERVED +CVE-2021-42881 + RESERVED +CVE-2021-42880 + RESERVED +CVE-2021-42879 + RESERVED +CVE-2021-42878 + RESERVED +CVE-2021-42877 + RESERVED +CVE-2021-42876 + RESERVED +CVE-2021-42875 + RESERVED +CVE-2021-42874 + RESERVED +CVE-2021-42873 + RESERVED +CVE-2021-42872 + RESERVED +CVE-2021-42871 + RESERVED +CVE-2021-42870 + RESERVED +CVE-2021-42869 + RESERVED +CVE-2021-42868 + RESERVED +CVE-2021-42867 + RESERVED +CVE-2021-42866 + RESERVED +CVE-2021-42865 + RESERVED +CVE-2021-42864 + RESERVED +CVE-2021-42863 + RESERVED +CVE-2021-42862 + RESERVED +CVE-2021-42861 + RESERVED +CVE-2021-42860 + RESERVED +CVE-2021-42859 + RESERVED +CVE-2021-42858 + RESERVED +CVE-2021-42857 + RESERVED +CVE-2021-42856 + RESERVED +CVE-2021-42855 + RESERVED +CVE-2021-42854 + RESERVED +CVE-2021-42853 + RESERVED +CVE-2021-3902 + RESERVED +CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: firefly-iii +CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: firefly-iii +CVE-2021-42852 + RESERVED +CVE-2021-42851 + RESERVED +CVE-2021-42850 + RESERVED +CVE-2021-42849 + RESERVED +CVE-2021-42848 + RESERVED +CVE-2021-3899 + RESERVED +CVE-2021-3898 + RESERVED +CVE-2021-3897 + RESERVED +CVE-2021-42847 (Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write t ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-42846 + RESERVED +CVE-2021-42845 + RESERVED +CVE-2021-42844 + RESERVED +CVE-2021-42843 + RESERVED +CVE-2021-42842 + RESERVED +CVE-2021-42841 (Insta HMS before 12.4.10 is vulnerable to XSS because of improper vali ...) + NOT-FOR-US: Insta HMS +CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...) + NOT-FOR-US: SuiteCRM +CVE-2021-42839 (Grand Vice info Co. webopac7 file upload function fails to filter spec ...) + NOT-FOR-US: Grand Vice info Co. webopac7 file upload function +CVE-2021-42838 (Grand Vice info Co. webopac7 book search field parameter does not prop ...) + NOT-FOR-US: Grand Vice info Co. webopac7 book search field parameter +CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 7.3-20210930. Af ...) + NOT-FOR-US: Talend Data Catalog +CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...) + - golang-github-tidwall-gjson <unfixed> (bug #1000225) + NOTE: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944 + NOTE: https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96 + NOTE: https://github.com/tidwall/gjson/issues/236 + NOTE: https://github.com/tidwall/gjson/issues/237 +CVE-2021-42835 (An issue was discovered in Plex Media Server through 1.24.4.5081-e362d ...) + NOT-FOR-US: Plex Media Server +CVE-2021-42834 + RESERVED +CVE-2021-42833 (A Use of Hardcoded Credentials vulnerability exists in AquaView versio ...) + NOT-FOR-US: AquaView +CVE-2021-42832 + RESERVED +CVE-2021-42831 + RESERVED +CVE-2021-42830 + RESERVED +CVE-2021-42829 + RESERVED +CVE-2021-42828 + RESERVED +CVE-2021-42827 + RESERVED +CVE-2021-42826 + RESERVED +CVE-2021-42825 + RESERVED +CVE-2021-42824 + RESERVED +CVE-2021-42823 + RESERVED +CVE-2021-42822 + RESERVED +CVE-2021-42821 + RESERVED +CVE-2021-42820 + RESERVED +CVE-2021-42819 + RESERVED +CVE-2021-42818 + RESERVED +CVE-2021-42817 + RESERVED +CVE-2021-42816 + RESERVED +CVE-2021-42815 + RESERVED +CVE-2021-42814 + RESERVED +CVE-2021-42813 + RESERVED +CVE-2021-3896 + REJECTED +CVE-2021-42812 + RESERVED +CVE-2021-42811 + RESERVED +CVE-2021-42810 (A flaw in the previous versions of the product may allow an authentica ...) + NOT-FOR-US: Thales SafeNet Agent +CVE-2021-42809 (Improper Access Control of Dynamically-Managed Code Resources (DLL) in ...) + NOT-FOR-US: ThalesThales Sentinel Protection Installer +CVE-2021-42808 (Improper Access Control in Thales Sentinel Protection Installer could ...) + NOT-FOR-US: Thales Sentinel Protection Installer +CVE-2021-42807 + RESERVED +CVE-2021-42806 + RESERVED +CVE-2021-42805 + RESERVED +CVE-2021-42804 + RESERVED +CVE-2021-42803 + RESERVED +CVE-2021-42802 + RESERVED +CVE-2021-42801 + RESERVED +CVE-2021-42800 + RESERVED +CVE-2021-42799 + RESERVED +CVE-2021-42798 + RESERVED +CVE-2021-42797 + RESERVED +CVE-2021-42796 + RESERVED +CVE-2021-42795 + RESERVED +CVE-2021-42794 + RESERVED +CVE-2021-42793 + RESERVED +CVE-2021-42792 + RESERVED +CVE-2021-42791 (An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP req ...) + NOT-FOR-US: VeridiumID +CVE-2021-42790 + RESERVED +CVE-2021-42789 + RESERVED +CVE-2021-42788 + RESERVED +CVE-2021-42787 + RESERVED +CVE-2021-42786 + RESERVED +CVE-2021-42785 (Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allo ...) + NOT-FOR-US: TightVNC Viewer +CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 ...) + NOT-FOR-US: D-Link +CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in debug_po ...) + NOT-FOR-US: D-Link +CVE-2021-42782 + RESERVED +CVE-2021-42781 + RESERVED +CVE-2021-42780 + RESERVED +CVE-2021-42779 + RESERVED +CVE-2021-42778 + RESERVED +CVE-2021-42777 + RESERVED +CVE-2021-42776 (CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE ...) + NOT-FOR-US: CloverDX Server +CVE-2021-42775 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) + NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager +CVE-2021-42774 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) + NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager +CVE-2021-42773 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) + NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager +CVE-2021-42772 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) + NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager +CVE-2021-42771 (Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary ...) + {DSA-5018-1 DLA-2790-1} + - python-babel 2.8.0+dfsg.1-7 (bug #987824) + NOTE: https://www.tenable.com/security/research/tra-2021-14 + NOTE: https://github.com/python-babel/babel/pull/782 +CVE-2021-42770 (A Cross-site scripting (XSS) vulnerability was discovered in OPNsense ...) + NOT-FOR-US: OPNsense +CVE-2021-42769 + RESERVED +CVE-2021-42768 + RESERVED +CVE-2021-42767 + RESERVED +CVE-2021-42766 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...) + NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol +CVE-2021-42765 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...) + NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol +CVE-2021-42764 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...) + NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol +CVE-2021-42763 (Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive In ...) + NOT-FOR-US: Couchbase Server +CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allow ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=231479 + NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q +CVE-2021-42761 + RESERVED +CVE-2021-42760 (A improper neutralization of special elements used in an sql command ( ...) + NOT-FOR-US: FortiGuard +CVE-2021-42759 (A violation of secure design principles in Fortinet Meru AP version 8. ...) + NOT-FOR-US: FortiGuard +CVE-2021-42758 (An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 a ...) + NOT-FOR-US: FortiGuard +CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of FortiOS befo ...) + NOT-FOR-US: FortiGuard +CVE-2021-42756 + RESERVED +CVE-2021-42755 + RESERVED +CVE-2021-42754 (An improper control of generation of code vulnerability [CWE-94] in Fo ...) + NOT-FOR-US: Fortiguard +CVE-2021-42753 (An improper limitation of a pathname to a restricted directory ('Path ...) + NOT-FOR-US: FortiGuard +CVE-2021-42752 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2021-42751 + RESERVED +CVE-2021-42750 + RESERVED +CVE-2021-42749 (In Beaver Themer, attackers can bypass conditional logic controls (for ...) + NOT-FOR-US: Beaver +CVE-2021-42748 (In Beaver Builder through 2.5.0.3, attackers can bypass the visibility ...) + NOT-FOR-US: Beaver +CVE-2021-42747 + RESERVED +CVE-2021-42745 + RESERVED +CVE-2021-3895 + RESERVED +CVE-2021-23192 [dcerpc requests don't check all fragments against the first auth_state] + RESERVED + {DSA-5003-1} + - samba 2:4.13.14+dfsg-1 + [buster] - samba <not-affected> (Vulnerable code introduced later) + [stretch] - samba <not-affected> (Vulnerable code introduced later) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14875 + NOTE: https://www.samba.org/samba/security/CVE-2021-23192.html +CVE-2021-XXXX [RUSTSEC-2020-0159: Potential segfault in localtime_r invocations] + - rust-chrono <unfixed> (bug #996913) + [bullseye] - rust-chrono <no-dsa> (Minor issue) + [buster] - rust-chrono <no-dsa> (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0159.html + NOTE: https://github.com/chronotope/chrono/issues/499 +CVE-2021-42742 + RESERVED +CVE-2021-42741 + RESERVED +CVE-2021-42740 (The shell-quote package before 1.7.3 for Node.js allows command inject ...) + - node-shell-quote 1.7.3+~1.7.1-1 (bug #998418) + NOTE: https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe (1.7.3) +CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a buffe ...) + {DLA-2843-1} + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://seclists.org/oss-sec/2021/q2/46 + NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ +CVE-2021-42738 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-42737 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-42736 + RESERVED +CVE-2021-42735 + RESERVED +CVE-2021-42734 + RESERVED +CVE-2021-42733 (Adobe Prelude version 10.1 (and earlier) is affected by an improper in ...) + NOT-FOR-US: Adobe +CVE-2021-42732 + RESERVED +CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...) + NOT-FOR-US: Adobe +CVE-2021-42730 + RESERVED +CVE-2021-42729 + RESERVED +CVE-2021-42728 + RESERVED +CVE-2021-42727 (Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected b ...) + NOT-FOR-US: Adobe +CVE-2021-42726 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...) + NOT-FOR-US: Adobe +CVE-2021-42725 (Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2021-42724 + RESERVED +CVE-2021-42723 (Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-42722 + RESERVED +CVE-2021-42721 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...) + NOT-FOR-US: Adobe +CVE-2021-42720 + RESERVED +CVE-2021-42719 + RESERVED +CVE-2021-42718 + RESERVED +CVE-2021-3894 [sctp: local DoS: unprivileged user can cause BUG()] + RESERVED + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014970 +CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...) + {DSA-5023-1} + - modsecurity 3.0.6-1 + [bullseye] - modsecurity <no-dsa> (Minor issue; does not have connector packages in Debian) + [buster] - modsecurity <no-dsa> (Minor issue; does not have connector packages in Debian) + - modsecurity-apache 2.9.5-1 + [stretch] - modsecurity-apache <postponed> (revisit when/if fixed upstream) + NOTE: https://github.com/SpiderLabs/ModSecurity/issues/2647 + NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/ + NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/41918335fa4c74fba46a986771a5a6cb457070c4 (v2.9.5) + NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/ac79c1c29b7e6323e26cc984ad4f76ef62c731cd (v3.0.6) +CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...) + - libstb <unfixed> + [bullseye] - libstb <no-dsa> (Minor issue) + [buster] - libstb <no-dsa> (Minor issue) + NOTE: https://github.com/nothings/stb/issues/1166 + NOTE: https://github.com/nothings/stb/issues/1225 + NOTE: https://github.com/nothings/stb/pull/1223 +CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR ...) + - libstb <unfixed> + [bullseye] - libstb <no-dsa> (Minor issue) + [buster] - libstb <no-dsa> (Minor issue) + NOTE: https://github.com/nothings/stb/issues/1224 + NOTE: https://github.com/nothings/stb/pull/1223 +CVE-2021-42714 (Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a T ...) + NOT-FOR-US: Splashtop Remote Client +CVE-2021-42713 (Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a T ...) + NOT-FOR-US: Splashtop Remote Client +CVE-2021-42712 (Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Direc ...) + NOT-FOR-US: Splashtop Streamer +CVE-2021-42711 (Barracuda Network Access Client before 5.2.2 creates a Temporary File ...) + NOT-FOR-US: Barracuda Network Access Client +CVE-2021-42710 + RESERVED +CVE-2021-42709 + RESERVED +CVE-2021-42708 + RESERVED +CVE-2021-42707 (PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds ...) + NOT-FOR-US: PLC Editor +CVE-2021-42706 (This vulnerability could allow an attacker to disclose information and ...) + NOT-FOR-US: Advantech +CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buf ...) + NOT-FOR-US: PLC Editor +CVE-2021-42704 + RESERVED +CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...) + NOT-FOR-US: Advantech +CVE-2021-42702 + RESERVED +CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...) + NOT-FOR-US: AzeoTech +CVE-2021-42700 + RESERVED +CVE-2021-42699 (The affected product is vulnerable to cookie information being transmi ...) + NOT-FOR-US: AzeoTech +CVE-2021-42698 (Project files are stored memory objects in the form of binary serializ ...) + NOT-FOR-US: AzeoTech +CVE-2021-42697 (Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhausti ...) + NOT-FOR-US: Akka HTTP +CVE-2021-42696 + RESERVED +CVE-2021-42695 + RESERVED +CVE-2021-42694 (An issue was discovered in the character definitions of the Unicode Sp ...) + NOT-FOR-US: Unicode spec +CVE-2021-42693 + RESERVED +CVE-2021-42692 + RESERVED +CVE-2021-42691 + RESERVED +CVE-2021-42690 + RESERVED +CVE-2021-42689 + RESERVED +CVE-2021-42688 (An Integer Overflow vulnerability exists in Accops HyWorks Windows Cli ...) + NOT-FOR-US: Accops HyWorks Windows Client +CVE-2021-42687 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...) + NOT-FOR-US: Accops HyWorks Windows Client +CVE-2021-42686 (An Integer Overflow exists in Accops HyWorks Windows Client prior to v ...) + NOT-FOR-US: Accops HyWorks Windows Client +CVE-2021-42685 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...) + NOT-FOR-US: Accops HyWorks DVM Tools +CVE-2021-42684 + RESERVED +CVE-2021-42683 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...) + NOT-FOR-US: Accops HyWorks Windows Client +CVE-2021-42682 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...) + NOT-FOR-US: Accops HyWorks DVM Tools +CVE-2021-42681 (A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools pri ...) + NOT-FOR-US: Accops HyWorks DVM Tools +CVE-2021-42680 + RESERVED +CVE-2021-42679 + RESERVED +CVE-2021-42678 + RESERVED +CVE-2021-42677 + RESERVED +CVE-2021-42676 + RESERVED +CVE-2021-42675 + RESERVED +CVE-2021-42674 + RESERVED +CVE-2021-42673 + RESERVED +CVE-2021-42672 + RESERVED +CVE-2021-42671 (An incorrect access control vulnerability exists in Sourcecodester Eng ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42670 (A SQL injection vulnerability exists in Sourcecodester Engineers Onlin ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42669 (A file upload vulnerability exists in Sourcecodester Engineers Online ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42668 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42667 (A SQL Injection vulnerability exists in Sourcecodester Online Event Bo ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42666 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42665 (An SQL Injection vulnerability exists in Sourcecodester Engineers Onli ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42664 (A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecod ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42663 (An HTML injection vulnerability exists in Sourcecodester Online Event ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42662 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42661 + RESERVED +CVE-2021-42660 + RESERVED +CVE-2021-42659 + RESERVED +CVE-2021-42658 + RESERVED +CVE-2021-42657 + RESERVED +CVE-2021-42656 + RESERVED +CVE-2021-42655 + RESERVED +CVE-2021-42654 + RESERVED +CVE-2021-42653 + RESERVED +CVE-2021-42652 + RESERVED +CVE-2021-42651 + RESERVED +CVE-2021-42650 (Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9 ...) + NOT-FOR-US: Portainer +CVE-2021-42649 + RESERVED +CVE-2021-42648 + RESERVED +CVE-2021-42647 + RESERVED +CVE-2021-42646 + RESERVED +CVE-2021-42645 + RESERVED +CVE-2021-42644 + RESERVED +CVE-2021-42643 + RESERVED +CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42640 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42639 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42638 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitiz ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42637 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-contr ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42636 + RESERVED +CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcode ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42634 + RESERVED +CVE-2021-42633 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42632 + RESERVED +CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes a ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42630 + RESERVED +CVE-2021-42629 + RESERVED +CVE-2021-42628 + RESERVED +CVE-2021-42627 + RESERVED +CVE-2021-42626 + RESERVED +CVE-2021-42625 + RESERVED +CVE-2021-42624 (A local buffer overflow vulnerability exists in the latest version of ...) + NOT-FOR-US: Miniftpd +CVE-2021-42623 + RESERVED +CVE-2021-42622 + RESERVED +CVE-2021-42621 + RESERVED +CVE-2021-42620 + RESERVED +CVE-2021-42619 + RESERVED +CVE-2021-42618 + RESERVED +CVE-2021-42617 + RESERVED +CVE-2021-42616 + RESERVED +CVE-2021-42615 + RESERVED +CVE-2021-42614 + RESERVED +CVE-2021-42613 + RESERVED +CVE-2021-42612 + RESERVED +CVE-2021-42611 + RESERVED +CVE-2021-42610 + RESERVED +CVE-2021-42609 + RESERVED +CVE-2021-42608 + RESERVED +CVE-2021-42607 + RESERVED +CVE-2021-42606 + RESERVED +CVE-2021-42605 + RESERVED +CVE-2021-42604 + RESERVED +CVE-2021-42603 + RESERVED +CVE-2021-42602 + RESERVED +CVE-2021-42601 + RESERVED +CVE-2021-42600 + RESERVED +CVE-2021-42599 + RESERVED +CVE-2021-42598 + RESERVED +CVE-2021-42597 + RESERVED +CVE-2021-42596 + RESERVED +CVE-2021-42595 + RESERVED +CVE-2021-42594 + RESERVED +CVE-2021-42593 + RESERVED +CVE-2021-42592 + RESERVED +CVE-2021-42591 + RESERVED +CVE-2021-42590 + RESERVED +CVE-2021-42589 + RESERVED +CVE-2021-42588 + RESERVED +CVE-2021-42587 + RESERVED +CVE-2021-42586 + RESERVED +CVE-2021-42585 + RESERVED +CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before ...) + NOT-FOR-US: Convos-Chat +CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy ...) + NOT-FOR-US: Max Mazurov Maddy +CVE-2021-42582 + RESERVED +CVE-2021-42581 + RESERVED +CVE-2021-42580 (Sourcecodester Online Learning System 2.0 is vunlerable to sql injecti ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42579 + RESERVED +CVE-2021-42578 + RESERVED +CVE-2021-42577 + RESERVED +CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Py ...) + - golang-github-microcosm-cc-bluemonday 1.0.16-1 + [bullseye] - golang-github-microcosm-cc-bluemonday <no-dsa> (Minor issue) + NOTE: https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/ +CVE-2021-42575 (The OWASP Java HTML Sanitizer before 20211018.1 does not properly enfo ...) + NOT-FOR-US: OWASP HTML Sanitizer +CVE-2021-42574 (An issue was discovered in the Bidirectional Algorithm in the Unicode ...) + - rustc <unfixed> + [bullseye] - rustc <no-dsa> (Minor issue) + [buster] - rustc <no-dsa> (Minor issue) + [stretch] - rustc <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/11/01/1 + NOTE: https://github.com/rust-lang/rust/commit/dd61274930ec0cd17711fab52d2bc9ad3e9053de (1.56.1) +CVE-2021-42573 + RESERVED +CVE-2021-42572 + RESERVED +CVE-2021-42571 + RESERVED +CVE-2021-42570 + RESERVED +CVE-2021-42569 + RESERVED +CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers ...) + NOT-FOR-US: Sonatype +CVE-2021-42567 (Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST ...) + NOT-FOR-US: Apereo CAS +CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. ...) + NOT-FOR-US: myfactory.FMS +CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...) + NOT-FOR-US: myfactory.FMS +CVE-2021-42564 (An open redirect through HTML injection in confidential messages in Cr ...) + NOT-FOR-US: Cryptshare Server +CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...) + NOT-FOR-US: NI Service Locator +CVE-2021-3893 + RESERVED +CVE-2021-42562 (An issue was discovered in CALDERA 2.8.1. It does not properly segrega ...) + NOT-FOR-US: CALDERA +CVE-2021-42561 (An issue was discovered in CALDERA 2.8.1. When activated, the Human pl ...) + NOT-FOR-US: CALDERA +CVE-2021-42560 (An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives ...) + NOT-FOR-US: CALDERA +CVE-2021-42559 (An issue was discovered in CALDERA 2.8.1. It contains multiple startup ...) + NOT-FOR-US: CALDERA +CVE-2021-42558 (An issue was discovered in CALDERA 2.8.1. It contains multiple reflect ...) + NOT-FOR-US: CALDERA +CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...) + NOT-FOR-US: Jeedom +CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...) + NOT-FOR-US: Rasa X +CVE-2021-42555 (Pexip Infinity before 26.2 allows temporary remote Denial of Service ( ...) + NOT-FOR-US: Pexip Infinity +CVE-2021-42554 (An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05. ...) + NOT-FOR-US: Insyde +CVE-2021-3892 + REJECTED +CVE-2021-26247 (As an unauthenticated remote user, visit "http://<CACTI_SERVER>/ ...) + - cacti 0.8.7i-1 + NOTE: Fixed by: https://github.com/Cacti/cacti/commit/d94dbd985054ef1ba14278a932c67e3145ebb14b (0.8.7h) + NOTE: Addressed again as a side-note in the same issue and fix for CVE-2021-3816 + NOTE: https://github.com/Cacti/cacti/issues/1882 + NOTE: Fixed by: https://github.com/Cacti/cacti/commit/2b8097c06030ab72c5b3bdadb23dceb5332f0e94 (1.2.0-beta1) +CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management permissio ...) + - cacti 1.2.1+ds1-1 + [stretch] - cacti <postponed> (Minor issue; stored XSS requires prior admin access) + NOTE: https://github.com/Cacti/cacti/issues/1882 +CVE-2021-42553 + RESERVED +CVE-2021-42552 + RESERVED +CVE-2021-42551 (Cross-site Scripting (XSS) vulnerability in the search functionality o ...) + NOT-FOR-US: AlCoda NetBiblio WebOPAC +CVE-2021-42549 (Insufficient Input Validation in the search functionality of Wordpress ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-42548 (Insufficient Input Validation in the search functionality of Wordpress ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-42547 (Insufficient Input Validation in the search functionality of Wordpress ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-42546 (Insufficient Input Validation in the search functionality of Wordpress ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-42545 (An insufficient session expiration vulnerability exists in Business-DN ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on Business-DNA So ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42543 (The affected application uses specific functions that could be abused ...) + NOT-FOR-US: AzeoTech +CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...) + NOT-FOR-US: Emerson +CVE-2021-42541 + RESERVED +CVE-2021-42540 (The affected product is vulnerable to a unsanitized extract folder for ...) + NOT-FOR-US: Emerson +CVE-2021-42539 (The affected product is vulnerable to a missing permission validation ...) + NOT-FOR-US: Emerson +CVE-2021-42538 (The affected product is vulnerable to a parameter injection via passph ...) + NOT-FOR-US: Emerson +CVE-2021-42537 + RESERVED +CVE-2021-42536 (The affected product is vulnerable to a disclosure of peer username an ...) + NOT-FOR-US: Emerson +CVE-2021-42535 + RESERVED +CVE-2021-42534 (The affected product’s web application does not properly neutral ...) + NOT-FOR-US: Trane +CVE-2021-42533 + RESERVED +CVE-2021-42532 + RESERVED +CVE-2021-42531 + RESERVED +CVE-2021-42530 + RESERVED +CVE-2021-42529 + RESERVED +CVE-2021-42528 + RESERVED +CVE-2021-42527 + RESERVED +CVE-2021-42526 + RESERVED +CVE-2021-42525 (Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2021-42524 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2021-3891 + RESERVED +CVE-2021-3890 + RESERVED +CVE-2021-3889 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...) + - libmobi <not-affected> (Fixed before initial upload to Debian) + NOTE: https://huntr.dev/bounties/efb3e261-3f7d-4a45-8114-e0ace6b21516/ + NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8) +CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...) + - libmobi <not-affected> (Fixed before initial upload to Debian) + NOTE: https://huntr.dev/bounties/722b3acb-792b-4429-a98d-bb80efb8938d/ + NOTE: https://github.com/bfabiszewski/libmobi/commit/c78e186739b50d156cb3da5d08d70294f0490853 (v0.8) +CVE-2021-3887 + RESERVED +CVE-2021-42523 + RESERVED +CVE-2021-42522 + RESERVED +CVE-2021-42521 + RESERVED +CVE-2021-42520 + RESERVED +CVE-2021-42519 + RESERVED +CVE-2021-42518 + RESERVED +CVE-2021-42517 + RESERVED +CVE-2021-42516 + RESERVED +CVE-2021-42515 + RESERVED +CVE-2021-42514 + RESERVED +CVE-2021-42513 + RESERVED +CVE-2021-42512 + RESERVED +CVE-2021-42511 + RESERVED +CVE-2021-42510 + RESERVED +CVE-2021-42509 + RESERVED +CVE-2021-42508 + RESERVED +CVE-2021-42507 + RESERVED +CVE-2021-42506 + RESERVED +CVE-2021-42505 + RESERVED +CVE-2021-42504 + RESERVED +CVE-2021-42503 + RESERVED +CVE-2021-42502 + RESERVED +CVE-2021-42501 + RESERVED +CVE-2021-42500 + RESERVED +CVE-2021-42499 + RESERVED +CVE-2021-42498 + RESERVED +CVE-2021-42497 + RESERVED +CVE-2021-42496 + RESERVED +CVE-2021-42495 + RESERVED +CVE-2021-42494 + RESERVED +CVE-2021-42493 + RESERVED +CVE-2021-42492 + RESERVED +CVE-2021-42491 + RESERVED +CVE-2021-42490 + RESERVED +CVE-2021-42489 + RESERVED +CVE-2021-42488 + RESERVED +CVE-2021-42487 + RESERVED +CVE-2021-42486 + RESERVED +CVE-2021-42485 + RESERVED +CVE-2021-42484 + RESERVED +CVE-2021-42483 + RESERVED +CVE-2021-42482 + RESERVED +CVE-2021-42481 + RESERVED +CVE-2021-42480 + RESERVED +CVE-2021-42479 + RESERVED +CVE-2021-42478 + RESERVED +CVE-2021-42477 + RESERVED +CVE-2021-42476 + RESERVED +CVE-2021-42475 + RESERVED +CVE-2021-42474 + RESERVED +CVE-2021-42473 + RESERVED +CVE-2021-42472 + RESERVED +CVE-2021-42471 + RESERVED +CVE-2021-42470 + RESERVED +CVE-2021-42469 + RESERVED +CVE-2021-42468 + RESERVED +CVE-2021-42467 + RESERVED +CVE-2021-42466 + RESERVED +CVE-2021-42465 + RESERVED +CVE-2021-42464 + RESERVED +CVE-2021-42463 + RESERVED +CVE-2021-42462 + RESERVED +CVE-2021-42461 + RESERVED +CVE-2021-42460 + RESERVED +CVE-2021-42459 + RESERVED +CVE-2021-42458 + RESERVED +CVE-2021-42457 + RESERVED +CVE-2021-42456 + RESERVED +CVE-2021-42455 + RESERVED +CVE-2021-42454 + RESERVED +CVE-2021-42453 + RESERVED +CVE-2021-42452 + RESERVED +CVE-2021-42451 + RESERVED +CVE-2021-42450 + RESERVED +CVE-2021-42449 + RESERVED +CVE-2021-42448 + RESERVED +CVE-2021-42447 + RESERVED +CVE-2021-42446 + RESERVED +CVE-2021-42445 + RESERVED +CVE-2021-42444 + RESERVED +CVE-2021-42443 + RESERVED +CVE-2021-42442 + RESERVED +CVE-2021-42441 + RESERVED +CVE-2021-42440 + RESERVED +CVE-2021-42439 + RESERVED +CVE-2021-42438 + RESERVED +CVE-2021-42437 + RESERVED +CVE-2021-42436 + RESERVED +CVE-2021-42435 + RESERVED +CVE-2021-42434 + RESERVED +CVE-2021-42433 + RESERVED +CVE-2021-42432 + RESERVED +CVE-2021-42431 + RESERVED +CVE-2021-42430 + RESERVED +CVE-2021-42429 + RESERVED +CVE-2021-42428 + RESERVED +CVE-2021-42427 + RESERVED +CVE-2021-42426 + RESERVED +CVE-2021-42425 + RESERVED +CVE-2021-42424 + RESERVED +CVE-2021-42423 + RESERVED +CVE-2021-42422 + RESERVED +CVE-2021-42421 + RESERVED +CVE-2021-42420 + RESERVED +CVE-2021-42419 + RESERVED +CVE-2021-42418 + RESERVED +CVE-2021-42417 + RESERVED +CVE-2021-42416 + RESERVED +CVE-2021-42415 + RESERVED +CVE-2021-42414 + RESERVED +CVE-2021-42413 + RESERVED +CVE-2021-42412 + RESERVED +CVE-2021-42411 + RESERVED +CVE-2021-42410 + RESERVED +CVE-2021-42409 + RESERVED +CVE-2021-42408 + RESERVED +CVE-2021-42407 + RESERVED +CVE-2021-42406 + RESERVED +CVE-2021-42405 + RESERVED +CVE-2021-42404 + RESERVED +CVE-2021-42403 + RESERVED +CVE-2021-42402 + RESERVED +CVE-2021-42401 + RESERVED +CVE-2021-42400 + RESERVED +CVE-2021-42399 + RESERVED +CVE-2021-42398 + RESERVED +CVE-2021-42397 + RESERVED +CVE-2021-42396 + RESERVED +CVE-2021-42395 + RESERVED +CVE-2021-42394 + RESERVED +CVE-2021-42393 + RESERVED +CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...) + {DSA-5076-1 DLA-2923-1} + - h2database 2.1.210-1 (bug #1003894) + NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6 + NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ + NOTE: Fixed by https://github.com/h2database/h2database/commit/41dd2a4cf89da9dd18239debbf73f88da6184ec7 + NOTE: https://github.com/h2database/h2database/commit/956c6241868332c5b440f5d55ea8fdc1e51ae4fd +CVE-2021-42391 + RESERVED +CVE-2021-42390 + RESERVED +CVE-2021-42389 + RESERVED +CVE-2021-42388 + RESERVED +CVE-2021-42387 + RESERVED +CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox <unfixed> (bug #999567) + [bullseye] - busybox <no-dsa> (Minor issue) + [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42385 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox <unfixed> (bug #999567) + [bullseye] - busybox <no-dsa> (Minor issue) + [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42384 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox <unfixed> (bug #999567) + [bullseye] - busybox <no-dsa> (Minor issue) + [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42383 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox <unfixed> (bug #999567) + [bullseye] - busybox <no-dsa> (Minor issue) + [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42382 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox <unfixed> (bug #999567) + [bullseye] - busybox <no-dsa> (Minor issue) + [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42381 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox <unfixed> (bug #999567) + [bullseye] - busybox <no-dsa> (Minor issue) + [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42380 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox <unfixed> (bug #999567) + [bullseye] - busybox <no-dsa> (Minor issue) + [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42379 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox <unfixed> (bug #999567) + [bullseye] - busybox <no-dsa> (Minor issue) + [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42378 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox <unfixed> (bug #999567) + [bullseye] - busybox <no-dsa> (Minor issue) + [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42377 (An attacker-controlled pointer free in Busybox's hush applet leads to ...) + - busybox <unfixed> (bug #999567) + [bullseye] - busybox <no-dsa> (Minor issue) + [buster] - busybox <no-dsa> (Minor issue) + [stretch] - busybox <not-affected> (CONFIG_HUSH is not set) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42376 (A NULL pointer dereference in Busybox's hush applet leads to denial of ...) + - busybox <unfixed> (unimportant; bug #999567) + [stretch] - busybox <not-affected> (CONFIG_HUSH is not set) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ + NOTE: Crash in CLI tool, no security impact +CVE-2021-42375 (An incorrect handling of a special element in Busybox's ash applet lea ...) + - busybox <unfixed> (unimportant; bug #999567) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ + NOTE: Crash in CLI tool, no security impact +CVE-2021-42374 (An out-of-bounds heap read in Busybox's unlzma applet leads to informa ...) + - busybox <unfixed> (unimportant; bug #999567) + [stretch] - busybox <not-affected> (Vulnerable code introduced later) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ + NOTE: Crash in CLI tool with information leak + NOTE: Introduced by https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 (1_27_0) + NOTE: https://git.busybox.net/busybox/commit/?id=04f052c56ded5ab6a904e3a264a73dc0412b2e78 +CVE-2021-42373 (A NULL pointer dereference in Busybox's man applet leads to denial of ...) + - busybox <unfixed> (unimportant; bug #999567) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ + NOTE: Crash in CLI tool, no security impact +CVE-2021-42372 (A shell command injection in the HW Events SNMP community in XoruX LPA ...) + NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD +CVE-2021-42371 (lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD ...) + NOT-FOR-US: XoruX LPAR2RRD +CVE-2021-42370 (A password mismanagement situation exists in XoruX LPAR2RRD and STOR2R ...) + NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD +CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows ...) + NOT-FOR-US: Imagicle Application Suite +CVE-2021-42368 + RESERVED +CVE-2021-42367 (The Variation Swatches for WooCommerce WordPress plugin is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42366 + RESERVED +CVE-2021-42365 (The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42364 (The Stetic WordPress plugin is vulnerable to Cross-Site Request Forger ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42363 (The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42362 (The WordPress Popular Posts WordPress plugin is vulnerable to arbitrar ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42361 (The Contact Form Email WordPress plugin is vulnerable to Stored Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42360 (On sites that also had the Elementor plugin for WordPress installed, i ...) + NOT-FOR-US: Elementor plugin for WordPress +CVE-2021-42359 (WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-di ...) + NOT-FOR-US: WP DSGVO Tools (GDPR) +CVE-2021-42358 (The Contact Form With Captcha WordPress plugin is vulnerable to Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42357 (When using Apache Knox SSO prior to 1.6.1, a request could be crafted ...) + NOT-FOR-US: Apache Knox +CVE-2021-42356 + RESERVED +CVE-2021-42355 + RESERVED +CVE-2021-42354 + RESERVED +CVE-2021-42353 + RESERVED +CVE-2021-42352 + RESERVED +CVE-2021-42351 + RESERVED +CVE-2021-42350 + RESERVED +CVE-2021-42349 + RESERVED +CVE-2021-42348 + RESERVED +CVE-2021-42347 + RESERVED +CVE-2021-42346 + RESERVED +CVE-2021-42345 + RESERVED +CVE-2021-42344 + RESERVED +CVE-2021-42343 (An issue was discovered in the Dask distributed package before 2021.10 ...) + - dask.distributed 2021.09.1+ds.1-2 + [bullseye] - dask.distributed <no-dsa> (Minor issue; can be fixed via point release) + [buster] - dask.distributed <no-dsa> (Minor issue; can be fixed via point release) + NOTE: https://github.com/dask/distributed/pull/5427 + NOTE: https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr +CVE-2021-42342 (An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the fi ...) + NOT-FOR-US: Embedthis GoAhead +CVE-2021-42341 (checkpath in OpenRC before 0.44.7 uses the direct output of strlen() t ...) + - openrc <not-affected> (Introduced in 0.44) + NOTE: https://github.com/OpenRC/openrc/issues/459 + NOTE: https://github.com/OpenRC/openrc/pull/462 + NOTE: https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204 +CVE-2021-3886 + RESERVED +CVE-2021-3885 + RESERVED +CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...) + {DSA-5009-1} + - tomcat9 9.0.54-1 + [buster] - tomcat9 <not-affected> (Vulnerable code introduced later) + - tomcat8 <removed> + [stretch] - tomcat8 <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/1 + NOTE: https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47 (9.0.54) + NOTE: https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a (8.5.72) + NOTE: Fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63362 introduced the memory leak. +CVE-2021-3884 + RESERVED +CVE-2021-3883 + RESERVED +CVE-2021-42339 + RESERVED +CVE-2021-42338 (4MOSAn GCB Doctor’s login page has improper validation of Cookie ...) + NOT-FOR-US: 4MOSAn GCB Doctor +CVE-2021-42337 (The permission control of AIFU cashier management salary query functio ...) + NOT-FOR-US: AIFU cashier management salary +CVE-2021-42336 (The learning history page of the Easytest is vulnerable by permission ...) + NOT-FOR-US: Easytest +CVE-2021-42335 (Easytest bulletin board management function of online learning platfor ...) + NOT-FOR-US: Easytest +CVE-2021-42334 (The Easytest contains SQL injection vulnerabilities. After obtaining a ...) + NOT-FOR-US: Easytest +CVE-2021-42333 (The Easytest contains SQL injection vulnerabilities. After obtaining u ...) + NOT-FOR-US: Easytest +CVE-2021-42332 (The “List View” function of ShinHer StudyOnline System is ...) + NOT-FOR-US: ShinHer StudyOnline System +CVE-2021-42331 (The “Study Edit” function of ShinHer StudyOnline System do ...) + NOT-FOR-US: ShinHer StudyOnline System +CVE-2021-42330 (The “Teacher Edit” function of ShinHer StudyOnline System ...) + NOT-FOR-US: ShinHer StudyOnline System +CVE-2021-42329 (The “List_Add” function of message board of ShinHer StudyO ...) + NOT-FOR-US: ShinHer StudyOnline System +CVE-2021-42328 + RESERVED +CVE-2021-42327 (dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu ...) + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux <not-affected> (Vulnerability introduced later) + [stretch] - linux <not-affected> (Vulnerability introduced later) + NOTE: https://lists.freedesktop.org/archives/amd-gfx/2021-October/070170.html +CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of ...) + {DLA-2787-1} + - redmine <unfixed> (bug #998417) + NOTE: https://www.redmine.org/news/133 + NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10 + NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10 + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/21209 +CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbM ...) + NOT-FOR-US: Froxlor +CVE-2021-42324 + RESERVED +CVE-2021-42323 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-42322 (Visual Studio Code Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42321 (Microsoft Exchange Server Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42320 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-42319 (Visual Studio Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42318 + RESERVED +CVE-2021-42317 + RESERVED +CVE-2021-42316 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-42315 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-42314 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-42313 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-42312 (Microsoft Defender for IOT Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42311 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-42310 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-42309 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42307 + RESERVED +CVE-2021-42306 (Azure Active Directory Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-42304 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-42303 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-42302 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-42301 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-42300 (Azure Sphere Tampering Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42299 (Microsoft Surface Pro 3 Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42298 (Microsoft Defender Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-42296 (Microsoft Word Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42295 (Visual Basic for Applications Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42294 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-42293 (Microsoft Jet Red Database Engine and Access Connectivity Engine Eleva ...) + NOT-FOR-US: Microsoft +CVE-2021-42292 (Microsoft Excel Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42291 (Active Directory Domain Services Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42290 + RESERVED +CVE-2021-42289 + RESERVED +CVE-2021-42288 (Windows Hello Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42287 (Active Directory Domain Services Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42286 (Windows Core Shell SI Host Extension Framework for Composable Shell El ...) + NOT-FOR-US: Microsoft +CVE-2021-42285 (Windows Kernel Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42284 (Windows Hyper-V Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42283 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...) + NOT-FOR-US: Microsoft +CVE-2021-42282 (Active Directory Domain Services Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42281 + RESERVED +CVE-2021-42280 (Windows Feedback Hub Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42279 (Chakra Scripting Engine Memory Corruption Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42278 (Active Directory Domain Services Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42277 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-42276 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42275 (Microsoft COM for Windows Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42274 (Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vul ...) + NOT-FOR-US: Microsoft +CVE-2021-42273 + RESERVED +CVE-2021-42272 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2021-42271 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2021-42270 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2021-42269 (Adobe Animate version 21.0.9 (and earlier) are affected by a use-after ...) + NOT-FOR-US: Adobe +CVE-2021-42268 (Adobe Animate version 21.0.9 (and earlier) is affected by a Null point ...) + NOT-FOR-US: Adobe +CVE-2021-42267 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...) + NOT-FOR-US: Adobe +CVE-2021-42266 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...) + NOT-FOR-US: Adobe +CVE-2021-42265 + RESERVED +CVE-2021-42264 + RESERVED +CVE-2021-42263 + RESERVED +CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session authoriza ...) + - ledgersmb <not-affected> (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d/ + NOTE: https://ledgersmb.org/content/security-advisory-cve-2021-3882-non-secure-session-cookie +CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...) + - libmobi <not-affected> (Fixed before initial upload to Debian) + NOTE: https://huntr.dev/bounties/540fd115-7de4-4e19-a918-5ee61f5157c1/ + NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8) +CVE-2021-3880 + RESERVED +CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: snipe-it +CVE-2021-42262 + RESERVED +CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...) + NOT-FOR-US: Revisor Video Management System (VMS) +CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...) + - tinyxml 2.6.2-6 + [bullseye] - tinyxml <no-dsa> (Minor issue) + [buster] - tinyxml <no-dsa> (Minor issue) + [stretch] - tinyxml <no-dsa> (Minor issue; can be fixed with the next DLA) + NOTE: https://sourceforge.net/p/tinyxml/bugs/141/ + NOTE: https://sourceforge.net/p/tinyxml/git/merge-requests/1/ +CVE-2021-42259 + RESERVED +CVE-2021-42258 (BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL i ...) + NOT-FOR-US: BQE BillQuick Web Suite +CVE-2021-42257 (check_smart before 6.9.1 allows unintended drive access by an unprivil ...) + NOT-FOR-US: check_smart Icinga plugin +CVE-2021-42256 + RESERVED +CVE-2021-3878 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) + NOT-FOR-US: CoreNLP +CVE-2021-42255 + RESERVED +CVE-2021-42254 (BeyondTrust Privilege Management prior to version 21.6 creates a Tempo ...) + NOT-FOR-US: BeyondTrust Privilege Management +CVE-2021-42253 + RESERVED +CVE-2021-42252 (An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/ ...) + {DLA-2785-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/b49a0e69a7b1a68c8d3f64097d06dabb770fec96 (5.15-rc1) +CVE-2021-42251 + RESERVED +CVE-2021-42250 (Improper output neutralization for Logs. A specific Apache Superset HT ...) + NOT-FOR-US: Apache Superset +CVE-2021-42249 + RESERVED +CVE-2021-42248 + RESERVED +CVE-2021-42247 + RESERVED +CVE-2021-42246 + RESERVED +CVE-2021-42245 + RESERVED +CVE-2021-42244 + RESERVED +CVE-2021-42243 + RESERVED +CVE-2021-42242 + RESERVED +CVE-2021-42241 + RESERVED +CVE-2021-42240 + RESERVED +CVE-2021-42239 + RESERVED +CVE-2021-42238 + RESERVED +CVE-2021-42237 (Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnera ...) + NOT-FOR-US: Sitecore +CVE-2021-42236 + RESERVED +CVE-2021-42235 + RESERVED +CVE-2021-42234 + RESERVED +CVE-2021-42233 + RESERVED +CVE-2021-42232 + RESERVED +CVE-2021-42231 + RESERVED +CVE-2021-42230 + RESERVED +CVE-2021-42229 + RESERVED +CVE-2021-42228 (A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor ...) + NOT-FOR-US: KindEditor +CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...) + NOT-FOR-US: KindEditor +CVE-2021-42226 + RESERVED +CVE-2021-42225 + RESERVED +CVE-2021-42224 (SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via ...) + NOT-FOR-US: IFSC Code Finder Project +CVE-2021-42223 (Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking M ...) + NOT-FOR-US: Online DJ Booking Management System +CVE-2021-42222 + RESERVED +CVE-2021-42221 + RESERVED +CVE-2021-42220 (A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 1 ...) + - dolibarr <removed> +CVE-2021-42219 + RESERVED +CVE-2021-42218 + RESERVED +CVE-2021-42217 + RESERVED +CVE-2021-42216 (A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via ...) + NOT-FOR-US: AnonAddy +CVE-2021-42215 + RESERVED +CVE-2021-42214 + RESERVED +CVE-2021-42213 + RESERVED +CVE-2021-42212 + RESERVED +CVE-2021-42211 + RESERVED +CVE-2021-42210 + RESERVED +CVE-2021-42209 + RESERVED +CVE-2021-42208 + RESERVED +CVE-2021-42207 + RESERVED +CVE-2021-42206 + RESERVED +CVE-2021-42205 + RESERVED +CVE-2021-42204 + RESERVED +CVE-2021-42203 + RESERVED +CVE-2021-42202 + RESERVED +CVE-2021-42201 + RESERVED +CVE-2021-42200 + RESERVED +CVE-2021-42199 + RESERVED +CVE-2021-42198 + RESERVED +CVE-2021-42197 + RESERVED +CVE-2021-42196 + RESERVED +CVE-2021-42195 + RESERVED +CVE-2021-42194 + RESERVED +CVE-2021-42193 + RESERVED +CVE-2021-42192 + RESERVED +CVE-2021-42191 + RESERVED +CVE-2021-42190 + RESERVED +CVE-2021-42189 + RESERVED +CVE-2021-42188 + RESERVED +CVE-2021-42187 + RESERVED +CVE-2021-42186 + RESERVED +CVE-2021-42185 + RESERVED +CVE-2021-42184 + RESERVED +CVE-2021-42183 + RESERVED +CVE-2021-42182 + RESERVED +CVE-2021-42181 + RESERVED +CVE-2021-42180 + RESERVED +CVE-2021-42179 + RESERVED +CVE-2021-42178 + RESERVED +CVE-2021-42177 + RESERVED +CVE-2021-42176 + RESERVED +CVE-2021-42175 + RESERVED +CVE-2021-42174 + RESERVED +CVE-2021-42173 + RESERVED +CVE-2021-42172 + RESERVED +CVE-2021-42171 + RESERVED +CVE-2021-42170 + RESERVED +CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite ...) + NOT-FOR-US: Dynamic Tax Bracket in PHP using SQLite Free Source Code +CVE-2021-42168 (Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sha ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42167 + RESERVED +CVE-2021-42166 + RESERVED +CVE-2021-42165 + RESERVED +CVE-2021-42164 + RESERVED +CVE-2021-42163 + RESERVED +CVE-2021-42162 + RESERVED +CVE-2021-42161 + RESERVED +CVE-2021-42160 + RESERVED +CVE-2021-42159 + RESERVED +CVE-2021-42158 + RESERVED +CVE-2021-42157 + RESERVED +CVE-2021-42156 + RESERVED +CVE-2021-42155 + RESERVED +CVE-2021-42154 + RESERVED +CVE-2021-42153 + RESERVED +CVE-2021-42152 + RESERVED +CVE-2021-42151 + RESERVED +CVE-2021-42150 + RESERVED +CVE-2021-42149 + RESERVED +CVE-2021-42148 + RESERVED +CVE-2021-3877 + RESERVED +CVE-2021-42147 + RESERVED +CVE-2021-42146 + RESERVED +CVE-2021-42145 + RESERVED +CVE-2021-42144 + RESERVED +CVE-2021-42143 + RESERVED +CVE-2021-42142 + RESERVED +CVE-2021-42141 + RESERVED +CVE-2021-42140 + RESERVED +CVE-2021-42139 (Deno Standard Modules before 0.107.0 allows Code Injection via an untr ...) + NOT-FOR-US: Deno +CVE-2021-42138 (A user of a machine protected by SafeNet Agent for Windows Logon may l ...) + NOT-FOR-US: SafeNet +CVE-2021-42137 (An issue was discovered in Zammad before 5.0.1. In some cases, there i ...) + - zammad <itp> (bug #841355) +CVE-2021-42136 + RESERVED +CVE-2021-42135 (HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an u ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via a compon ...) + NOT-FOR-US: Django Unicorn, different from src:unicorn +CVE-2021-3876 + RESERVED +CVE-2021-3875 (vim is vulnerable to Heap-based Buffer Overflow ...) + - vim 2:8.2.3565-1 (bug #996593) + [bullseye] - vim <not-affected> (Vulnerable feature and code introduced later) + [buster] - vim <not-affected> (Vulnerable feature and code introduced later) + [stretch] - vim <not-affected> (Vulnerable feature and code introduced later) + NOTE: https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53/ + NOTE: Search from cursor position introduced in: https://github.com/vim/vim/commit/04db26b36000a4677b95403ec94bd11f6cc73975 (v8.2.3110) + NOTE: Fixed by: https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f (v8.2.3489) +CVE-2021-42133 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...) + NOT-FOR-US: Ivanti +CVE-2021-42132 (A command Injection vulnerability exists in Ivanti Avalanche before 6. ...) + NOT-FOR-US: Ivanti +CVE-2021-42131 (A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 a ...) + NOT-FOR-US: Ivanti +CVE-2021-42130 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...) + NOT-FOR-US: Ivanti +CVE-2021-42129 (A command injection vulnerability exists in Ivanti Avalanche before 6. ...) + NOT-FOR-US: Ivanti +CVE-2021-42128 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...) + NOT-FOR-US: Ivanti +CVE-2021-42127 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...) + NOT-FOR-US: Ivanti +CVE-2021-42126 (An improper authorization control vulnerability exists in Ivanti Avala ...) + NOT-FOR-US: Ivanti +CVE-2021-42125 (An unrestricted file upload vulnerability exists in Ivanti Avalanche b ...) + NOT-FOR-US: Ivanti +CVE-2021-42124 (An improper access control vulnerability exists in Ivanti Avalanche be ...) + NOT-FOR-US: Ivanti +CVE-2021-42123 (Unrestricted File Upload in Web Applications operating on Business-DNA ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42122 (Insufficient Input Validation in Web Applications operating on Busines ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42121 (Insufficient Input Validation in Web Applications operating on Busines ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42120 (Insufficient Input Validation in Web Applications operating on Busines ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42119 (Persistent Cross Site Scripting in Web Applications operating on Busin ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42118 (Persistent Cross Site Scripting in Web Applications operating on Busin ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42117 (Insufficient Input Validation in Web Applications operating on Busines ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42116 (Incorrect Access Control in Web Applications operating on Business-DNA ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42115 (Missing HTTPOnly flag in Web Applications operating on Business-DNA So ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability ...) + NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith) + NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf + NOTE: https://comsec.ethz.ch/research/dram/blacksmith/ +CVE-2021-42113 (An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH ...) + NOT-FOR-US: Insyde +CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...) + - limesurvey <itp> (bug #472802) +CVE-2021-42111 (An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 fo ...) + NOT-FOR-US: RCDevs OpenOTP app +CVE-2021-42110 (An issue was discovered in Allegro Windows (formerly Popsy Windows) be ...) + NOT-FOR-US: Allegro Windows +CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...) + NOT-FOR-US: bookstack +CVE-2021-3873 + RESERVED +CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...) + NOT-FOR-US: VITEC Exterity IPTV products +CVE-2021-42108 (Unnecessary privilege vulnerabilities in the Web Console of Trend Micr ...) + NOT-FOR-US: Trend Micro +CVE-2021-42107 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...) + NOT-FOR-US: Trend Micro +CVE-2021-42106 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...) + NOT-FOR-US: Trend Micro +CVE-2021-42105 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...) + NOT-FOR-US: Trend Micro +CVE-2021-42104 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...) + NOT-FOR-US: Trend Micro +CVE-2021-42103 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...) + NOT-FOR-US: Trend Micro +CVE-2021-42102 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...) + NOT-FOR-US: Trend Micro +CVE-2021-42101 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...) + NOT-FOR-US: Trend Micro +CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...) + - vim 2:8.2.3565-1 + [bullseye] - vim <no-dsa> (Minor issue) + [buster] - vim <no-dsa> (Minor issue) + [stretch] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8 + NOTE: https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b +CVE-2021-3871 + RESERVED +CVE-2021-3870 + RESERVED +CVE-2021-41133 (Flatpak is a system for building, distributing, and running sandboxed ...) + {DSA-4984-1} + - flatpak 1.12.1-1 (bug #995935) + [buster] - flatpak <ignored> (Not exploitable with Debian buster kernel, intrusive to backport; requires updated libseccomp) + [stretch] - flatpak <ignored> (Difficult to exploit) + NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q + NOTE: Sourcewise fixed in 1.12.0-1 already, but 1.12.1-1 adds stricter dependency + NOTE: to libseccomp 2.5.2 so that CVE-2021-41133 is fully prevented. + NOTE: https://github.com/flatpak/flatpak/commit/e26ac7586c392b5eb35ff4609fe232c52523b2cf + NOTE: https://github.com/flatpak/flatpak/commit/89ae9fe74c6d445bb1b3a40e568d77cf5de47e48 + NOTE: https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca + NOTE: https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330 + NOTE: https://github.com/flatpak/flatpak/commit/9766ee05b1425db397d2cf23afd24c7f6146a69f + NOTE: https://github.com/flatpak/flatpak/commit/4c34815784e9ffda5733225c7d95824f96375e36 + NOTE: https://github.com/flatpak/flatpak/commit/1330662f33a55e88bfe18e76de28b7922d91a999 + NOTE: https://github.com/flatpak/flatpak/commit/462fca2c666e0cd2b60d6d2593a7216a83047aaf + NOTE: Regression followups: + NOTE: https://github.com/flatpak/flatpak/commit/d419fa67038370e4f4c3ce8c3b5f672d4876cfc8 + NOTE: https://github.com/flatpak/flatpak/commit/3fc8c672676ae016f8e7cc90481b2feecbad9861 +CVE-2021-42100 + RESERVED +CVE-2021-42099 (Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file- ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-42098 (An incomplete permission check on entries in Devolutions Remote Deskto ...) + NOT-FOR-US: Devolutions +CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...) + {DSA-4991-1 DLA-2791-1} + - mailman <removed> + NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873 + NOTE: https://bugs.launchpad.net/mailman/+bug/1947640 + NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ + NOTE: https://www.openwall.com/lists/oss-security/2021/10/21/4 + NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694 + NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt +CVE-2021-42096 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A cer ...) + {DSA-4991-1 DLA-2791-1} + - mailman <removed> + NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873 + NOTE: https://bugs.launchpad.net/mailman/+bug/1947639 + NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ + NOTE: https://www.openwall.com/lists/oss-security/2021/10/21/4 +CVE-2021-42095 (Xshell before 7.0.0.76 allows attackers to cause a crash by triggering ...) + NOT-FOR-US: NetSarang Xshell +CVE-2021-42094 (An issue was discovered in Zammad before 4.1.1. Command Injection can ...) + - zammad <itp> (bug #841355) +CVE-2021-42093 (An issue was discovered in Zammad before 4.1.1. An admin can execute c ...) + - zammad <itp> (bug #841355) +CVE-2021-42092 (An issue was discovered in Zammad before 4.1.1. Stored XSS may occur v ...) + - zammad <itp> (bug #841355) +CVE-2021-42091 (An issue was discovered in Zammad before 4.1.1. SSRF can occur via Git ...) + - zammad <itp> (bug #841355) +CVE-2021-42090 (An issue was discovered in Zammad before 4.1.1. The Form functionality ...) + - zammad <itp> (bug #841355) +CVE-2021-42089 (An issue was discovered in Zammad before 4.1.1. The REST API discloses ...) + - zammad <itp> (bug #841355) +CVE-2021-42088 (An issue was discovered in Zammad before 4.1.1. The Chat functionality ...) + - zammad <itp> (bug #841355) +CVE-2021-42087 (An issue was discovered in Zammad before 4.1.1. An admin can discover ...) + - zammad <itp> (bug #841355) +CVE-2021-42086 (An issue was discovered in Zammad before 4.1.1. An Agent account can m ...) + - zammad <itp> (bug #841355) +CVE-2021-42085 (An issue was discovered in Zammad before 4.1.1. There is stored XSS vi ...) + - zammad <itp> (bug #841355) +CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker with valid ...) + - zammad <itp> (bug #841355) +CVE-2021-3869 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) + NOT-FOR-US: CoreNLP +CVE-2021-42083 + RESERVED +CVE-2021-42082 + RESERVED +CVE-2021-42081 + RESERVED +CVE-2021-42080 + RESERVED +CVE-2021-42079 + RESERVED +CVE-2021-42078 (PHP Event Calendar through 2021-11-04 allows persistent cross-site scr ...) + NOT-FOR-US: PHP Event Calendar +CVE-2021-42077 (PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstr ...) + NOT-FOR-US: PHP Event Calendar +CVE-2021-42076 (An issue was discovered in Barrier before 2.3.4. An attacker can cause ...) + NOT-FOR-US: Barrier +CVE-2021-42075 (An issue was discovered in Barrier before 2.3.4. The barriers componen ...) + NOT-FOR-US: Barrier +CVE-2021-42074 (An issue was discovered in Barrier before 2.3.4. An unauthenticated at ...) + NOT-FOR-US: Barrier +CVE-2021-42073 (An issue was discovered in Barrier before 2.4.0. An attacker can enter ...) + NOT-FOR-US: Barrier +CVE-2021-42072 (An issue was discovered in Barrier before 2.4.0. The barriers componen ...) + NOT-FOR-US: Barrier +CVE-2021-42071 (In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can ach ...) + NOT-FOR-US: Visual Tools DVR VX16 +CVE-2021-42070 (When a user opens manipulated Jupiter Tessellation (.jt) file received ...) + NOT-FOR-US: SAP +CVE-2021-42069 (When a user opens manipulated Tagged Image File Format (.tif) file rec ...) + NOT-FOR-US: SAP +CVE-2021-42068 (When a user opens a manipulated GIF (.gif) file received from untruste ...) + NOT-FOR-US: SAP +CVE-2021-42067 (In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 71 ...) + NOT-FOR-US: SAP +CVE-2021-42066 (SAP Business One - version 10.0, allows an admin user to view DB passw ...) + NOT-FOR-US: SAP +CVE-2021-42065 + RESERVED +CVE-2021-42064 (If configured to use an Oracle database and if a query is created usin ...) + NOT-FOR-US: SAP +CVE-2021-42063 (A security vulnerability has been discovered in the SAP Knowledge Ware ...) + NOT-FOR-US: SAP +CVE-2021-42062 (SAP ERP HCM Portugal does not perform necessary authorization checks f ...) + NOT-FOR-US: SAP +CVE-2021-42061 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ...) + NOT-FOR-US: SAP +CVE-2021-3868 + RESERVED +CVE-2021-3867 + RESERVED +CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip m ...) + - zulip-server <itp> (bug #800052) + NOTE: https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6 +CVE-2021-42060 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.4 ...) + NOT-FOR-US: Insyde +CVE-2021-42059 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41 ...) + NOT-FOR-US: Insyde +CVE-2021-42058 + RESERVED +CVE-2021-42057 (Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The ev ...) + NOT-FOR-US: Obsidian Dataview +CVE-2021-42056 + RESERVED +CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insec ...) + NOT-FOR-US: ASUSTek ZenBook Pro Due 15 UX582 laptop firmware +CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule ...) + NOT-FOR-US: ACCEL-PPP +CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via compone ...) + NOT-FOR-US: Django Unicorn, different from src:unicorn +CVE-2021-42052 + RESERVED +CVE-2021-42051 (An issue was discovered in AbanteCart before 1.3.2. Any low-privileged ...) + NOT-FOR-US: AbanteCart +CVE-2021-42050 (An issue was discovered in AbanteCart before 1.3.2. It allows DOM Base ...) + NOT-FOR-US: AbanteCart +CVE-2021-42049 (An issue was discovered in the Translate extension in MediaWiki throug ...) + NOT-FOR-US: Translate MediaWiki extension +CVE-2021-42048 (An issue was discovered in the Growth extension in MediaWiki through 1 ...) + NOT-FOR-US: Growth MediaWiki extension +CVE-2021-42047 (An issue was discovered in the Growth extension in MediaWiki through 1 ...) + NOT-FOR-US: Growth MediaWiki extension +CVE-2021-42046 (An issue was discovered in the GlobalWatchlist extension in MediaWiki ...) + NOT-FOR-US: GlobalWatchlist MediaWiki extension +CVE-2021-42045 (An issue was discovered in SecurePoll in the Growth extension in Media ...) + NOT-FOR-US: SecurePoll MediaWiki extension +CVE-2021-42044 (An issue was discovered in the Mentor dashboard in the GrowthExperimen ...) + NOT-FOR-US: GrowthExperiments MediaWiki extension +CVE-2021-42043 (An issue was discovered in Special:MediaSearch in the MediaSearch exte ...) + NOT-FOR-US: MediaSearch MediaWiki extension +CVE-2021-42042 (An issue was discovered in SpecialEditGrowthConfig in the GrowthExperi ...) + NOT-FOR-US: GrowthExperiments MediaWiki extension +CVE-2021-42041 (An issue was discovered in CentralAuth in MediaWiki through 1.36.2. Th ...) + NOT-FOR-US: CentralAuth MediaWiki extension +CVE-2021-42040 (An issue was discovered in MediaWiki through 1.36.2. A parser function ...) + NOT-FOR-US: Loops MediaWiki extension +CVE-2021-3865 + RESERVED +CVE-2021-42039 + RESERVED +CVE-2021-42038 + RESERVED +CVE-2021-42037 + RESERVED +CVE-2021-42036 + RESERVED +CVE-2021-42035 + RESERVED +CVE-2021-42034 + RESERVED +CVE-2021-42033 + RESERVED +CVE-2021-42032 + RESERVED +CVE-2021-42031 + RESERVED +CVE-2021-42030 + RESERVED +CVE-2021-42029 + RESERVED +CVE-2021-42028 + RESERVED +CVE-2021-42027 (A vulnerability has been identified in SINUMERIK Edge (All versions &l ...) + NOT-FOR-US: Siemens +CVE-2021-42026 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Siemens +CVE-2021-42025 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Siemens +CVE-2021-42024 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2021-42023 (A vulnerability has been identified in ModelSim Simulation (All versio ...) + NOT-FOR-US: Siemens +CVE-2021-42022 (A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Packa ...) + NOT-FOR-US: Siemens +CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA Server ( ...) + NOT-FOR-US: Siemens +CVE-2021-42020 + RESERVED +CVE-2021-42019 + RESERVED +CVE-2021-42018 + RESERVED +CVE-2021-42017 + RESERVED +CVE-2021-42016 + RESERVED +CVE-2021-42015 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Siemens +CVE-2021-42014 + RESERVED +CVE-2021-42013 (It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4 ...) + - apache2 2.4.51-1 + [bullseye] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49/2.4.50) + [buster] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49/2.4.50) + [stretch] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49/2.4.50) + NOTE: https://www.openwall.com/lists/oss-security/2021/10/07/6 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1 +CVE-2021-3864 [descendant's dumpable setting with certain SUID binaries] + RESERVED + - linux <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2021/10/20/2 +CVE-2021-42012 (A stack-based buffer overflow vulnerability in Trend Micro Apex One, A ...) + NOT-FOR-US: Trend Micro +CVE-2021-42011 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...) + NOT-FOR-US: Trend Micro +CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: snipe-it +CVE-2021-42010 + RESERVED +CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...) + NOT-FOR-US: Apache Traffic Control +CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: icecoder +CVE-2021-3861 (The RNDIS USB device class includes a buffer overflow vulnerability. Z ...) + NOT-FOR-US: zephyr-rtos +CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...) + NOT-FOR-US: JFrog Artifactory +CVE-2021-3859 + RESERVED + - undertow <undetermined> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2010378 + TODO: check details +CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/19d1532a187669ce86d5a2696eb7275310070793 (5.14-rc7) +CVE-2021-42007 + RESERVED +CVE-2021-42006 (An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 ...) + - libgclib 0.12.7+ds-2 (bug #996591) + [bullseye] - libgclib <no-dsa> (Minor issue) + NOTE: https://github.com/gpertea/gclib/issues/11 +CVE-2021-42005 + RESERVED +CVE-2021-42004 + RESERVED +CVE-2021-42003 + RESERVED +CVE-2021-42002 (Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-42001 + RESERVED +CVE-2021-42000 (When a password reset or password change flow with an authentication p ...) + NOT-FOR-US: pingidentity +CVE-2021-41999 + RESERVED +CVE-2021-41998 + RESERVED +CVE-2021-41997 + RESERVED +CVE-2021-41996 + RESERVED +CVE-2021-41995 + RESERVED +CVE-2021-41994 + RESERVED +CVE-2021-41993 + RESERVED +CVE-2021-41992 + RESERVED +CVE-2021-41991 (The in-memory certificate cache in strongSwan before 5.9.4 has a remot ...) + {DSA-4989-1 DLA-2788-1} + - strongswan 5.9.4-1 + NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html +CVE-2021-41990 (The gmp plugin in strongSwan before 5.9.4 has a remote integer overflo ...) + {DSA-4989-1} + - strongswan 5.9.4-1 + [stretch] - strongswan <not-affected> (The vulnerable code was introduced later in version 5.6.1) + NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html +CVE-2021-41989 + RESERVED +CVE-2021-41988 + RESERVED +CVE-2021-41987 + RESERVED +CVE-2021-41986 + RESERVED +CVE-2021-41985 + RESERVED +CVE-2021-41984 + RESERVED +CVE-2021-41983 + RESERVED +CVE-2021-41982 + RESERVED +CVE-2021-41981 + RESERVED +CVE-2021-41980 + RESERVED +CVE-2021-41979 + RESERVED +CVE-2021-41978 + RESERVED +CVE-2021-41977 + RESERVED +CVE-2021-41976 (Tad Uploader edit book list function is vulnerable to authorization by ...) + NOT-FOR-US: Tad Uploader +CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thus remo ...) + NOT-FOR-US: TadTools +CVE-2021-41974 (Tad Book3 editing book page does not perform identity verification. Re ...) + NOT-FOR-US: Tad Book3 +CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: snipe-it +CVE-2021-3857 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...) + NOT-FOR-US: chaskiq +CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...) + NOT-FOR-US: Apache MINA +CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...) + NOT-FOR-US: Apache Superset +CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...) + NOT-FOR-US: Apache Superset +CVE-2021-3856 + RESERVED + NOT-FOR-US: Keycloak +CVE-2021-3855 + RESERVED +CVE-2021-3854 + RESERVED +CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist] + - rust-nix 0.19.0-2 (bug #995562) + [bullseye] - rust-nix <no-dsa> (Minor issue) + [buster] - rust-nix <no-dsa> (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html + NOTE: https://github.com/nix-rust/nix/issues/1541 +CVE-2021-41970 + RESERVED +CVE-2021-41969 + RESERVED +CVE-2021-41968 + RESERVED +CVE-2021-41967 + RESERVED +CVE-2021-41966 + RESERVED +CVE-2021-41965 + RESERVED +CVE-2021-41964 + RESERVED +CVE-2021-41963 + RESERVED +CVE-2021-41962 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehi ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41961 + RESERVED +CVE-2021-41960 + RESERVED +CVE-2021-41959 + RESERVED +CVE-2021-41958 + RESERVED +CVE-2021-41957 + RESERVED +CVE-2021-41956 + RESERVED +CVE-2021-41955 + RESERVED +CVE-2021-41954 + RESERVED +CVE-2021-41953 + RESERVED +CVE-2021-41952 + RESERVED +CVE-2021-41951 (ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Si ...) + NOT-FOR-US: ResourceSpace +CVE-2021-41950 (A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 ...) + NOT-FOR-US: ResourceSpace +CVE-2021-41949 + RESERVED +CVE-2021-41948 + RESERVED +CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visu ...) + NOT-FOR-US: Subrion CMS +CVE-2021-41946 + RESERVED +CVE-2021-41945 + RESERVED +CVE-2021-41944 + RESERVED +CVE-2021-41943 + RESERVED +CVE-2021-41942 + RESERVED +CVE-2021-41941 + RESERVED +CVE-2021-41940 + RESERVED +CVE-2021-41939 + RESERVED +CVE-2021-41938 + RESERVED +CVE-2021-41937 + RESERVED +CVE-2021-41936 + RESERVED +CVE-2021-41935 + RESERVED +CVE-2021-41934 + RESERVED +CVE-2021-41933 + RESERVED +CVE-2021-41932 + RESERVED +CVE-2021-41931 (The Company's Recruitment Management System in id=2 of the parameter f ...) + NOT-FOR-US: Company's Recruitment Management System +CVE-2021-41930 (Cross site scripting (XSS) vulnerability in Sourcecodester Online Covi ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41929 (Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Mana ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41928 (SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41927 + RESERVED +CVE-2021-41926 + RESERVED +CVE-2021-41925 + RESERVED +CVE-2021-41924 + RESERVED +CVE-2021-41923 + RESERVED +CVE-2021-41922 + RESERVED +CVE-2021-41921 + RESERVED +CVE-2021-41920 (webTareas version 2.4 and earlier allows an unauthenticated user to pe ...) + NOT-FOR-US: webTareas +CVE-2021-41919 (webTareas version 2.4 and earlier allows an authenticated user to arbi ...) + NOT-FOR-US: webTareas +CVE-2021-41918 (webTareas version 2.4 and earlier allows an authenticated user to inje ...) + NOT-FOR-US: webTareas +CVE-2021-41917 (webTareas version 2.4 and earlier allows an authenticated user to stor ...) + NOT-FOR-US: webTareas +CVE-2021-41916 (A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version ...) + NOT-FOR-US: webTareas +CVE-2021-41915 + RESERVED +CVE-2021-41914 + RESERVED +CVE-2021-41913 + RESERVED +CVE-2021-41912 + RESERVED +CVE-2021-41911 + RESERVED +CVE-2021-41910 + RESERVED +CVE-2021-41909 + RESERVED +CVE-2021-41908 + RESERVED +CVE-2021-41907 + RESERVED +CVE-2021-41906 + RESERVED +CVE-2021-41905 + RESERVED +CVE-2021-41904 + RESERVED +CVE-2021-41903 + RESERVED +CVE-2021-41902 + RESERVED +CVE-2021-41901 + RESERVED +CVE-2021-41900 + RESERVED +CVE-2021-41899 + RESERVED +CVE-2021-41898 + RESERVED +CVE-2021-41897 + RESERVED +CVE-2021-41896 + RESERVED +CVE-2021-41895 + RESERVED +CVE-2021-41894 + RESERVED +CVE-2021-41893 + RESERVED +CVE-2021-41892 + RESERVED +CVE-2021-41891 + RESERVED +CVE-2021-41890 + RESERVED +CVE-2021-41889 + RESERVED +CVE-2021-41888 + RESERVED +CVE-2021-41887 + RESERVED +CVE-2021-41886 + RESERVED +CVE-2021-41885 + RESERVED +CVE-2021-41884 + RESERVED +CVE-2021-41883 + RESERVED +CVE-2021-41882 + RESERVED +CVE-2021-41881 + RESERVED +CVE-2021-41880 + RESERVED +CVE-2021-41879 + RESERVED +CVE-2021-41878 (A reflected cross-site scripting (XSS) vulnerability exists in the i-P ...) + NOT-FOR-US: i-Panel Administration System +CVE-2021-41877 + RESERVED +CVE-2021-41876 + RESERVED +CVE-2021-41875 + RESERVED +CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of Portain ...) + NOT-FOR-US: Portainer +CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...) + NOT-FOR-US: Penguin Aurora TV Box 41502 +CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...) + NOT-FOR-US: Skyworth Digital Technology Penguin Aurora Box 41502 +CVE-2021-41871 (An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper ...) + NOT-FOR-US: Socomec +CVE-2021-41870 (An issue was discovered in the firmware update form in Socomec REMOTE ...) + NOT-FOR-US: Socomec +CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable ...) + NOT-FOR-US: SuiteCRM +CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...) + - onionshare <undetermined> + TODO: check details, exact fixing commits unclear +CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...) + - onionshare <undetermined> + TODO: check details, exact fixing commits unclear +CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...) + NOT-FOR-US: MyBB +CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...) + NOT-FOR-US: chaskiq +CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through User-Controlled Ke ...) + NOT-FOR-US: GROWI +CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...) + - nomad <not-affected> (Only affects 1.1.x) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311 + NOTE: https://github.com/hashicorp/nomad/issues/11243 + NOTE: https://github.com/hashicorp/nomad/pull/11257 +CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kern ...) + {DLA-2843-1} + - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a +CVE-2021-41863 + RESERVED +CVE-2021-41862 (AviatorScript through 5.2.7 allows code execution via an expression th ...) + NOT-FOR-US: AviatorScript +CVE-2021-41861 (The Telegram application 7.5.0 through 7.8.0 for Android does not prop ...) + NOT-FOR-US: Telegram for Android +CVE-2021-41860 + RESERVED +CVE-2021-41859 + RESERVED +CVE-2021-41858 + RESERVED +CVE-2021-41857 + RESERVED +CVE-2021-41856 + RESERVED +CVE-2021-41855 + RESERVED +CVE-2021-41854 + RESERVED +CVE-2021-41853 + RESERVED +CVE-2021-41852 + RESERVED +CVE-2021-41851 + RESERVED +CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site ...) + NOT-FOR-US: firefly-iii +CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository adodb/a ...) + {DLA-2912-1} + - libphp-adodb <unfixed> (bug #1004376) + NOTE: https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29 + NOTE: https://github.com/ADOdb/ADOdb/issues/793 +CVE-2021-3849 + RESERVED +CVE-2021-41850 + RESERVED +CVE-2021-41849 + RESERVED +CVE-2021-41848 + RESERVED +CVE-2021-41847 (An issue was discovered in 3xLogic Infinias Access Control through 6.7 ...) + NOT-FOR-US: 3xLogic +CVE-2021-41846 + RESERVED +CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret Server ...) + NOT-FOR-US: ThycoticCentrify Secret Server +CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and sanit ...) + NOT-FOR-US: Crocoblock JetEngine +CVE-2021-41843 (An authenticated SQL injection issue in the calendar search function o ...) + NOT-FOR-US: OpenEMR +CVE-2021-41842 (An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08 ...) + NOT-FOR-US: Insyde +CVE-2021-41841 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...) + NOT-FOR-US: Insyde +CVE-2021-41840 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...) + NOT-FOR-US: Insyde +CVE-2021-41839 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...) + NOT-FOR-US: Insyde +CVE-2021-41838 (An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 ...) + NOT-FOR-US: Insyde +CVE-2021-41837 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...) + NOT-FOR-US: Insyde +CVE-2021-41833 (Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to una ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-3848 (An arbitrary file creation by privilege escalation vulnerability in Tr ...) + NOT-FOR-US: Trend Micro +CVE-2021-3847 [low-privileged user privileges escalation] + RESERVED + - linux <unfixed> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2009704 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3 +CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dangerou ...) + NOT-FOR-US: firefly-iii +CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and Worry-Free Bu ...) + NOT-FOR-US: Trend Micro +CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or Path ...) + NOT-FOR-US: ws-scrcpy +CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...) + NOT-FOR-US: Apache OpenOffice +CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...) + NOT-FOR-US: Apache OpenOffice +CVE-2021-41830 (It is possible for an attacker to manipulate signed documents and macr ...) + NOT-FOR-US: Apache OpenOffice +CVE-2021-3844 + RESERVED +CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM in some ...) + NOT-FOR-US: Lenovo +CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity ...) + - nltk 3.6.7-1 (bug #1003142) + [bullseye] - nltk <no-dsa> (Minor issue) + [buster] - nltk <no-dsa> (Minor issue) + [stretch] - nltk <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/761a761e-2be2-430a-8d92-6f74ffe9866a/ + NOTE: https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d (3.6.6) +CVE-2021-3841 + RESERVED +CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41828 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41827 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41826 (PlaceOS Authentication Service before 1.29.10.0 allows app/controllers ...) + NOT-FOR-US: PlaceOS Authentication Service +CVE-2021-41825 (Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection ...) + NOT-FOR-US: Verint Workforce Optimization (WFO) +CVE-2021-41824 (Craft CMS before 3.7.14 allows CSV injection. ...) + NOT-FOR-US: Craft CMS +CVE-2021-41823 + RESERVED +CVE-2021-41822 + RESERVED +CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer U ...) + NOT-FOR-US: Wazuh +CVE-2021-41820 + RESERVED +CVE-2021-41819 (CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes i ...) + {DSA-5067-1 DSA-5066-1 DLA-2853-1} + - ruby3.0 <unfixed> (bug #1002995) + - ruby2.7 2.7.5-1 + - ruby2.5 <removed> + - ruby2.3 <removed> + NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9 + NOTE: https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/ + NOTE: Fixed by: https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5 (v0.3.1) +CVE-2021-41818 + RESERVED +CVE-2021-41817 (Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regula ...) + {DSA-5067-1 DSA-5066-1 DLA-2853-1} + - ruby3.0 <unfixed> (bug #1002995) + - ruby2.7 2.7.5-1 + - ruby2.5 <removed> + - ruby2.3 <removed> + NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9 + NOTE: https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/ + NOTE: Fixed by: https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0 (v3.2.2) + NOTE: Followups to mimic previous behaviour: + NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2) + NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2) +CVE-2021-41816 (CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integ ...) + {DSA-5067-1} + - ruby3.0 <unfixed> (bug #1002995) + - ruby2.7 2.7.5-1 + - ruby2.5 <not-affected> (Vulnerable code introduced later) + - ruby2.3 <not-affected> (Vulnerable code introduced later) + NOTE: Fixed in Ruby 3.0.3, 2.7.5 + NOTE: https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/ + NOTE: Introduced by: https://github.com/ruby/cgi/commit/3a62e20f76ea42ff0b4d45f2952479eab266ae1c (v0.1.0) + NOTE: Fixed by: https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a (v0.3.1) +CVE-2021-41815 + RESERVED +CVE-2021-41814 + RESERVED +CVE-2021-41813 + RESERVED +CVE-2021-41812 + RESERVED +CVE-2021-41811 + RESERVED +CVE-2021-41810 + RESERVED +CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions before 22. ...) + NOT-FOR-US: M-Files Server +CVE-2021-41808 (In M-Files Server product with versions before 21.11.10775.0, enabling ...) + NOT-FOR-US: M-Files Server +CVE-2021-41807 (Lack of rate limiting in M-Files Server and M-Files Web products with ...) + NOT-FOR-US: M-Files Server +CVE-2021-41806 + RESERVED +CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...) + - consul <not-affected> (Only affects Consul Enterprise) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871 +CVE-2021-41804 + RESERVED +CVE-2021-41803 + RESERVED +CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-41801 (The ReplaceText extension through 1.41 for MediaWiki has Incorrect Acc ...) + {DSA-4979-1} + - mediawiki 1:1.35.4-1 + [stretch] - mediawiki <not-affected> (The vulnerable code was introduced later) + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ + NOTE: https://phabricator.wikimedia.org/T279090 +CVE-2021-41800 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...) + {DSA-4979-1} + - mediawiki 1:1.35.4-1 + [stretch] - mediawiki <not-affected> (The vulnerable code was introduced later) + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ + NOTE: https://phabricator.wikimedia.org/T284419 + NOTE: Fixed by https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874 +CVE-2021-41799 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...) + {DSA-4979-1 DLA-2779-1} + - mediawiki 1:1.35.4-1 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ + NOTE: https://phabricator.wikimedia.org/T290379 +CVE-2021-41798 (MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages a ...) + {DSA-4979-1 DLA-2779-1} + - mediawiki 1:1.35.4-1 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ + NOTE: https://phabricator.wikimedia.org/T285515 +CVE-2021-41797 + REJECTED +CVE-2021-41796 + REJECTED +CVE-2021-41795 (The Safari app extension bundled with 1Password for Mac 7.7.0 through ...) + NOT-FOR-US: 1Password +CVE-2021-41794 (ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a ...) + NOT-FOR-US: Open5GS +CVE-2021-41793 + RESERVED +CVE-2021-41792 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...) + NOT-FOR-US: Hyland org.alfresco:alfresco-content-services +CVE-2021-41791 (An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 a ...) + NOT-FOR-US: Hyland org.alfresco:share and Hyland org.alfresco:community-share +CVE-2021-41790 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...) + NOT-FOR-US: Hyland org.alfresco:alfresco-content-services +CVE-2021-41789 (In wifi driver, there is a possible system crash due to a missing vali ...) + NOT-FOR-US: Mediatek devices +CVE-2021-41788 (MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and ...) + NOT-FOR-US: Netgear +CVE-2021-3840 (A dependency confusion vulnerability was reported in the Antilles open ...) + NOT-FOR-US: Antilles +CVE-2021-41787 + RESERVED +CVE-2021-41786 + RESERVED +CVE-2021-41785 + RESERVED +CVE-2021-41784 + RESERVED +CVE-2021-41783 + RESERVED +CVE-2021-41782 + RESERVED +CVE-2021-41781 + RESERVED +CVE-2021-41780 + RESERVED +CVE-2021-41779 + RESERVED +CVE-2021-41778 + RESERVED +CVE-2021-41777 + RESERVED +CVE-2021-41776 + RESERVED +CVE-2021-41775 + RESERVED +CVE-2021-41774 + RESERVED +CVE-2021-41773 (A flaw was found in a change made to path normalization in Apache HTTP ...) + - apache2 2.4.50-1 + [bullseye] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49) + [buster] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49) + [stretch] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-41773 + NOTE: Fixed by: https://svn.apache.org/r1893775 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/05/2 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1 +CVE-2021-3839 + RESERVED +CVE-2021-41772 (Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reade ...) + - golang-1.17 1.17.3-1 + - golang-1.16 1.16.10-1 + - golang-1.15 <not-affected> (Vulnerable code introduced later in go1.16beta1) + - golang-1.11 <not-affected> (Vulnerable code introduced later in go1.16beta1) + - golang-1.8 <not-affected> (Vulnerable code introduced later in go1.16beta1) + - golang-1.7 <not-affected> (Vulnerable code introduced later in go1.16beta1) + NOTE: https://github.com/golang/go/issues/48085 + NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc + NOTE: Introduced in: https://github.com/golang/go/commit/1296ee6b4f9058be75c799513ccb488d2f2dd085 (go1.16beta1) + NOTE: https://github.com/golang/go/commit/b212ba68296b503b395e7d1838ca72a19030a6bf (go1.17.3) + NOTE: https://github.com/golang/go/commit/88407a8dd98411f1730907dc8a69b99488af0052 (go1.16.10) +CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16 ...) + {DLA-2892-1 DLA-2891-1} + - golang-1.17 1.17.3-1 + - golang-1.16 1.16.10-1 + - golang-1.15 1.15.15-5 + [bullseye] - golang-1.15 1.15.15-1~deb11u2 + - golang-1.11 <removed> + [buster] - golang-1.11 <no-dsa> (Minor issue) + - golang-1.8 <removed> + - golang-1.7 <removed> + NOTE: https://github.com/golang/go/issues/48990 + NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc + NOTE: https://github.com/golang/go/commit/4a842985bf3f71d93a2b1340d9d6685bebc12b6b (go1.17.3) + NOTE: https://github.com/golang/go/commit/d19c5bdb24e093a2d5097b7623284eb02726cede (go1.16.10) +CVE-2021-41770 (Ping Identity PingFederate before 10.3.1 mishandles pre-parsing valida ...) + NOT-FOR-US: Ping Identity PingFederate +CVE-2021-3838 + RESERVED +CVE-2021-41769 (A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU v ...) + NOT-FOR-US: Siemens +CVE-2021-41768 + RESERVED +CVE-2021-41767 (Apache Guacamole 1.3.0 and older may incorrectly include a private tun ...) + - guacamole-client <unfixed> + [stretch] - guacamole-client <end-of-life> (unmaintained stretch-only package) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/6 +CVE-2021-3837 (openwhyd is vulnerable to Improper Authorization ...) + NOT-FOR-US: openwhyd +CVE-2021-41766 (Apache Karaf allows monitoring of applications and the Java runtime by ...) + - apache-karaf <itp> (bug #881297) +CVE-2021-3836 (dbeaver is vulnerable to Improper Restriction of XML External Entity R ...) + - dbeaver <itp> (bug #680987) + NOTE: https://github.com/dbeaver/dbeaver/commit/4debf8f25184b7283681ed3fb5e9e887d9d4fe22 +CVE-2021-3835 (Buffer overflow in usb device class. Zephyr versions >= v2.6.0 cont ...) + NOT-FOR-US: zephyr-rtos +CVE-2021-3834 (Integria IMS in its 5.0.92 version does not filter correctly some fiel ...) + NOT-FOR-US: Integria IMS +CVE-2021-3833 (Integria IMS login check uses a loose comparator ("==") to compare the ...) + NOT-FOR-US: Integria IMS +CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Exec ...) + NOT-FOR-US: Integria IMS +CVE-2021-3831 (gnuboard5 is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: gnuboard5 +CVE-2021-41765 (A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of R ...) + NOT-FOR-US: ResourceSpace +CVE-2021-41764 (A cross-site request forgery (CSRF) vulnerability exists in Streama up ...) + NOT-FOR-US: Streama +CVE-2021-41763 + RESERVED +CVE-2021-41762 + RESERVED +CVE-2021-41761 + RESERVED +CVE-2021-41760 + RESERVED +CVE-2021-41759 + RESERVED +CVE-2021-41758 + RESERVED +CVE-2021-41757 + RESERVED +CVE-2021-41756 + RESERVED +CVE-2021-41755 + RESERVED +CVE-2021-41754 + RESERVED +CVE-2021-41753 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...) + NOT-FOR-US: D-Link +CVE-2021-41752 + RESERVED +CVE-2021-41751 + RESERVED +CVE-2021-41750 + RESERVED +CVE-2021-41749 + RESERVED +CVE-2021-41748 + REJECTED +CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...) + NOT-FOR-US: Csdn APP +CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. ...) + NOT-FOR-US: Yonyou TurboCRM +CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...) + NOT-FOR-US: ShowDoc +CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...) + NOT-FOR-US: yongyou PLM +CVE-2021-41743 + RESERVED +CVE-2021-41742 + RESERVED +CVE-2021-41741 + RESERVED +CVE-2021-41740 + RESERVED +CVE-2021-41739 + RESERVED +CVE-2021-41738 + RESERVED +CVE-2021-41737 + RESERVED +CVE-2021-41736 + RESERVED +CVE-2021-41735 + RESERVED +CVE-2021-41734 + RESERVED +CVE-2021-41733 (Oppia 3.1.4 does not verify that certain URLs are valid before navigat ...) + NOT-FOR-US: Oppia +CVE-2021-41732 (** DISPUTED ** An issue was discovered in zeek version 4.1.0. There is ...) + - zeek <unfixed> (unimportant) + NOTE: https://github.com/zeek/zeek/issues/1798 + NOTE: Disputed validitity of the security issue +CVE-2021-41731 + RESERVED +CVE-2021-41730 + RESERVED +CVE-2021-41729 (BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerab ...) + NOT-FOR-US: BaiCloud-cms +CVE-2021-41728 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41727 + RESERVED +CVE-2021-41726 + RESERVED +CVE-2021-41725 + RESERVED +CVE-2021-41724 + RESERVED +CVE-2021-41723 + RESERVED +CVE-2021-41722 + RESERVED +CVE-2021-41721 + RESERVED +CVE-2021-41720 + REJECTED +CVE-2021-41719 + RESERVED +CVE-2021-41718 + RESERVED +CVE-2021-41717 + RESERVED +CVE-2021-41716 (Maharashtra State Electricity Board Mahavitara Android Application 8.2 ...) + NOT-FOR-US: Maharashtra State Electricity Board Mahavitara Android Application +CVE-2021-41715 + RESERVED +CVE-2021-41714 + RESERVED +CVE-2021-41713 + RESERVED +CVE-2021-41712 + RESERVED +CVE-2021-41711 + RESERVED +CVE-2021-41710 + RESERVED +CVE-2021-41709 + RESERVED +CVE-2021-41708 + RESERVED +CVE-2021-41707 + RESERVED +CVE-2021-41706 + RESERVED +CVE-2021-41705 + RESERVED +CVE-2021-41704 + RESERVED +CVE-2021-41703 + RESERVED +CVE-2021-41702 + RESERVED +CVE-2021-41701 + RESERVED +CVE-2021-41700 + RESERVED +CVE-2021-41699 + RESERVED +CVE-2021-41698 + RESERVED +CVE-2021-41697 (A reflected Cross Site Scripting (XSS) vulnerability exists in Premium ...) + NOT-FOR-US: Premiumdatingscript +CVE-2021-41696 (An authentication bypass (account takeover) vulnerability exists in Pr ...) + NOT-FOR-US: Premiumdatingscript +CVE-2021-41695 (An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 v ...) + NOT-FOR-US: Premiumdatingscript +CVE-2021-41694 (An Incorrect Access Control vulnerability exists in Premiumdatingscrip ...) + NOT-FOR-US: Premiumdatingscript +CVE-2021-41693 + RESERVED +CVE-2021-41692 + RESERVED +CVE-2021-41691 + RESERVED +CVE-2021-41690 + RESERVED +CVE-2021-41689 + RESERVED +CVE-2021-41688 + RESERVED +CVE-2021-41687 + RESERVED +CVE-2021-41686 + RESERVED +CVE-2021-41685 + RESERVED +CVE-2021-41684 + RESERVED +CVE-2021-41683 + RESERVED +CVE-2021-41682 + RESERVED +CVE-2021-41681 + RESERVED +CVE-2021-41680 + RESERVED +CVE-2021-41679 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) + NOT-FOR-US: openSIS +CVE-2021-41678 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) + NOT-FOR-US: openSIS +CVE-2021-41677 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) + NOT-FOR-US: openSIS +CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...) + NOT-FOR-US: oretnom23 Pharmacy Point of Sale System +CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosyo Syst ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41673 + RESERVED +CVE-2021-41672 + RESERVED +CVE-2021-41671 + RESERVED +CVE-2021-41670 + RESERVED +CVE-2021-41669 + RESERVED +CVE-2021-41668 + RESERVED +CVE-2021-41667 + RESERVED +CVE-2021-41666 + RESERVED +CVE-2021-41665 + RESERVED +CVE-2021-41664 + RESERVED +CVE-2021-41663 + RESERVED +CVE-2021-41662 + RESERVED +CVE-2021-41661 + RESERVED +CVE-2021-41660 (SQL injection vulnerability in Sourcecodester Patient Appointment Sche ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41659 (SQL injection vulnerability in Sourcecodester Banking System v1 by ore ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41658 (Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41657 + RESERVED +CVE-2021-41656 + RESERVED +CVE-2021-41655 + RESERVED +CVE-2021-41654 + RESERVED +CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with firmware ...) + NOT-FOR-US: TP-Link +CVE-2021-41652 + RESERVED +CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...) + NOT-FOR-US: Raymart DG / Ahmed Helal Hotel-mgmt-system +CVE-2021-41650 + RESERVED +CVE-2021-41649 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...) + NOT-FOR-US: PuneethReddyHC online-shopping-system +CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...) + NOT-FOR-US: PuneethReddyHC online-shopping-system +CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...) + NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App +CVE-2021-41646 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Onl ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41645 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Bud ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41644 (Remote Code Exection (RCE) vulnerability exists in Sourcecodester Onli ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Chu ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41642 + RESERVED +CVE-2021-41641 + RESERVED +CVE-2021-41640 + RESERVED +CVE-2021-41639 + RESERVED +CVE-2021-41638 + RESERVED +CVE-2021-41637 + RESERVED +CVE-2021-41636 + RESERVED +CVE-2021-41635 + RESERVED +CVE-2021-41634 + RESERVED +CVE-2021-41633 + RESERVED +CVE-2021-41632 + RESERVED +CVE-2021-41631 + RESERVED +CVE-2021-41630 + RESERVED +CVE-2021-41629 + RESERVED +CVE-2021-41628 + RESERVED +CVE-2021-41627 + RESERVED +CVE-2021-41626 + RESERVED +CVE-2021-41625 + RESERVED +CVE-2021-41624 + RESERVED +CVE-2021-41623 + RESERVED +CVE-2021-41622 + RESERVED +CVE-2021-41621 + RESERVED +CVE-2021-41620 + RESERVED +CVE-2021-41619 (An issue was discovered in Gradle Enterprise before 2021.1.2. There is ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-41618 + RESERVED +CVE-2021-41616 (Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intende ...) + NOT-FOR-US: Apache DB DdlUtils +CVE-2021-3830 (btcpayserver is vulnerable to Improper Neutralization of Input During ...) + NOT-FOR-US: btcpayserver +CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default c ...) + - openssh 1:8.7p1-1 (bug #995130) + [bullseye] - openssh <no-dsa> (Minor issue) + [buster] - openssh <no-dsa> (Minor issue) + [stretch] - openssh <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/09/26/1 + NOTE: https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455 + NOTE: https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde +CVE-2021-41615 + RESERVED +CVE-2021-41614 + RESERVED +CVE-2021-41613 + RESERVED +CVE-2021-41612 + RESERVED +CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When ...) + - squid 5.2-1 + [bullseye] - squid <not-affected> (Vulnerable code introduced later) + [buster] - squid <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r + NOTE: Fixed by: http://www.squid-cache.org/Versions/v5/changesets/squid-5-533b4359f16cf9ed15a6d709a57a4b06e4222cfe.patch +CVE-2021-3829 (openwhyd is vulnerable to URL Redirection to Untrusted Site ...) + NOT-FOR-US: openwhyd +CVE-2021-41610 + REJECTED +CVE-2021-41609 (SQL injection in the ID parameter of the UploadedImageDisplay.aspx end ...) + NOT-FOR-US: SelectSurvey.NET +CVE-2021-41608 (A file disclosure vulnerability in the UploadedImageDisplay.aspx endpo ...) + NOT-FOR-US: SelectSurvey.NET +CVE-2021-41607 + RESERVED +CVE-2021-41606 + RESERVED +CVE-2021-41605 + RESERVED +CVE-2021-41604 + RESERVED +CVE-2021-41603 + RESERVED +CVE-2021-41602 + RESERVED +CVE-2021-41601 + RESERVED +CVE-2021-41600 + RESERVED +CVE-2021-41599 (A remote code execution vulnerability was identified in GitHub Enterpr ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2021-41598 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote ...) + NOT-FOR-US: SuiteCRM +CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...) + NOT-FOR-US: SuiteCRM +CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...) + NOT-FOR-US: SuiteCRM +CVE-2021-41594 + RESERVED +CVE-2021-41593 (Lightning Labs lnd before 0.13.3-beta allows loss of funds because of ...) + NOT-FOR-US: Lightning Labs lnd +CVE-2021-41592 (Blockstream c-lightning through 0.10.1 allows loss of funds because of ...) + NOT-FOR-US: Blockstream c-lightning +CVE-2021-41591 (ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC ex ...) + NOT-FOR-US: ACINQ Eclair +CVE-2021-41590 (In Gradle Enterprise through 2021.3, probing of the server-side networ ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-41589 (In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node be ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-41588 (In Gradle Enterprise before 2021.1.3, a crafted request can trigger de ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-41587 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-41586 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-3828 (nltk is vulnerable to Inefficient Regular Expression Complexity ...) + - nltk 3.6.5-1 (bug #995226) + [bullseye] - nltk <no-dsa> (Minor issue) + [buster] - nltk <no-dsa> (Minor issue) + [stretch] - nltk <no-dsa> (Minor issue) + NOTE: https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6 + NOTE: https://github.com/nltk/nltk/pull/2816 +CVE-2021-41585 (Improper Input Validation vulnerability in accepting socket connection ...) + - trafficserver <not-affected> (Only affects FreeBSD) + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/pull/8456/ + NOTE: https://github.com/apache/trafficserver/commit/268b540edae0b3e51d033795a4dd7404a5756a93 (master) + NOTE: https://github.com/apache/trafficserver/commit/2b078741ecf14cbc7f5773b3e14ef0c1d3cf4cfb (8.1.x) +CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packa ...) + NOT-FOR-US: vpn-user-portal +CVE-2021-41582 + RESERVED +CVE-2021-41581 (x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints. ...) + - libressl <itp> (bug #754513) + NOTE: Affected code not present in any OpenSSL version in Bullseye/Buster/Stretch +CVE-2021-41580 (** DISPUTED ** The passport-oauth2 package before 1.6.1 for Node.js mi ...) + NOT-FOR-US: Node passport-oauth2 +CVE-2021-41579 (LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass ...) + NOT-FOR-US: LCDS LAquis SCADA +CVE-2021-41578 (mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks ...) + NOT-FOR-US: mySCADA myDESIGNER +CVE-2021-41577 + RESERVED +CVE-2021-41576 + RESERVED +CVE-2021-41575 + RESERVED +CVE-2021-41574 + RESERVED +CVE-2021-41573 (Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows info ...) + NOT-FOR-US: Hitachi +CVE-2021-3827 + RESERVED + NOT-FOR-US: Keycloak +CVE-2021-41572 + RESERVED +CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper that do ...) + NOT-FOR-US: Apache Pulsar +CVE-2021-41570 + RESERVED +CVE-2021-41569 (SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. Th ...) + NOT-FOR-US: SAS/Intrnet +CVE-2021-3826 + RESERVED +CVE-2021-41568 (Tad Web is vulnerable to authorization bypass, thus remote attackers c ...) + NOT-FOR-US: Tad Web +CVE-2021-41567 (The new add subject parameter of Tad Uploader view book list function ...) + NOT-FOR-US: Tad Uploader +CVE-2021-41566 (The file extension of the TadTools file upload function fails to filte ...) + NOT-FOR-US: TadTools +CVE-2021-41565 (TadTools special page parameter does not properly restrict the input o ...) + NOT-FOR-US: TadTools +CVE-2021-41564 (Tad Honor viewing book list function is vulnerable to authorization by ...) + NOT-FOR-US: Tad Honor +CVE-2021-41563 (Tad Book3 editing book function does not filter special characters. Un ...) + NOT-FOR-US: Tad Book3 +CVE-2021-41562 (A vulnerability in Snow Snow Agent for Windows allows a non-admin user ...) + NOT-FOR-US: Snow Snow Agent for Windows +CVE-2021-41561 (Improper Input Validation vulnerability in Parquet-MR of Apache Parque ...) + NOT-FOR-US: Apache Parquet +CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk software is ...) + NOT-FOR-US: LiderAhenk +CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...) + NOT-FOR-US: OpenVPN Access Server +CVE-2021-3823 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: Bitdefender +CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Complexity ...) + NOT-FOR-US: jsoneditor +CVE-2021-41560 (OpenCATS through 0.9.6 allows remote attackers to execute arbitrary co ...) + NOT-FOR-US: OpenCATS +CVE-2021-41559 + RESERVED +CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows Proce ...) + NOT-FOR-US: set_user extension for Postgres +CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site ...) + NOT-FOR-US: Sofico +CVE-2021-41556 + RESERVED +CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...) + NOT-FOR-US: ARCHIBUS Web Central +CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 (a ver ...) + NOT-FOR-US: ARCHIBUS Web Central +CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...) + NOT-FOR-US: ARCHIBUS Web Central +CVE-2021-41552 (CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injec ...) + NOT-FOR-US: CommScope +CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...) + NOT-FOR-US: Leostream Connection Broker +CVE-2021-41550 (Leostream Connection Broker 9.0.40.17 allows administrator to upload a ...) + NOT-FOR-US: Leostream Connection Broker +CVE-2021-41549 + RESERVED +CVE-2021-41548 + RESERVED +CVE-2021-41547 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...) + NOT-FOR-US: Siemens +CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2021-41545 + RESERVED +CVE-2021-41544 + RESERVED +CVE-2021-41543 + RESERVED +CVE-2021-41542 + RESERVED +CVE-2021-41541 + RESERVED +CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-41538 (A vulnerability has been identified in NX 1953 Series (All versions &l ...) + NOT-FOR-US: Siemens +CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-41535 (A vulnerability has been identified in NX 1953 Series (All versions &l ...) + NOT-FOR-US: Siemens +CVE-2021-41534 (A vulnerability has been identified in NX 1980 Series (All versions &l ...) + NOT-FOR-US: Siemens +CVE-2021-41533 (A vulnerability has been identified in NX 1980 Series (All versions &l ...) + NOT-FOR-US: Siemens +CVE-2021-41532 (In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to O ...) + NOT-FOR-US: Apache Ozone +CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if ...) + - routinator <itp> (bug #929024) + NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-41531.txt +CVE-2021-41530 (Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, ...) + NOT-FOR-US: Forcepoint NGFW Engine +CVE-2021-41529 + RESERVED +CVE-2021-41528 + RESERVED +CVE-2021-41527 + RESERVED +CVE-2021-41526 + RESERVED +CVE-2021-41525 (An issue related to modification of otherwise restricted files through ...) + NOT-FOR-US: FlexNet +CVE-2021-3821 + RESERVED +CVE-2021-3820 (inflect is vulnerable to Inefficient Regular Expression Complexity ...) + NOT-FOR-US: Nodejs inflect + NOTE: https://github.com/pksunkara/inflect +CVE-2021-41524 (While fuzzing the 2.4.49 httpd, a new null pointer dereference was det ...) + - apache2 2.4.50-1 + [bullseye] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49) + [buster] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49) + [stretch] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-41524 + NOTE: Fixed by: https://svn.apache.org/r1893655 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/05/1 +CVE-2021-3819 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: firefly-iii +CVE-2021-3818 (grav is vulnerable to Reliance on Cookies without Validation and Integ ...) + NOT-FOR-US: Grav CMS +CVE-2021-3817 (wbce_cms is vulnerable to Improper Neutralization of Special Elements ...) + NOT-FOR-US: wbce_cms +CVE-2021-41523 + RESERVED +CVE-2021-41522 + RESERVED +CVE-2021-41521 + RESERVED +CVE-2021-41520 + RESERVED +CVE-2021-41519 + RESERVED +CVE-2021-41518 + RESERVED +CVE-2021-41517 + RESERVED +CVE-2021-41516 + RESERVED +CVE-2021-41515 + RESERVED +CVE-2021-41514 + RESERVED +CVE-2021-41513 + RESERVED +CVE-2021-41512 + RESERVED +CVE-2021-41511 (The username and password field of login in Lodging Reservation Manage ...) + NOT-FOR-US: Lodging Reservation Management System +CVE-2021-41510 + RESERVED +CVE-2021-41509 + RESERVED +CVE-2021-41508 + RESERVED +CVE-2021-41507 + RESERVED +CVE-2021-41506 + RESERVED +CVE-2021-41505 + RESERVED +CVE-2021-41504 (** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in ...) + NOT-FOR-US: D-Link +CVE-2021-41503 (** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and ...) + NOT-FOR-US: D-Link +CVE-2021-41502 + RESERVED +CVE-2021-41501 + RESERVED +CVE-2021-41500 (Incomplete string comparison vulnerability exits in cvxopt.org cvxop & ...) + - cvxopt 1.2.7+dfsg-1 + [bullseye] - cvxopt <no-dsa> (Minor issue) + [buster] - cvxopt <no-dsa> (Minor issue) + [stretch] - cvxopt <no-dsa> (Minor issue) + NOTE: https://github.com/cvxopt/cvxopt/issues/193 +CVE-2021-41499 (Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < ...) + - python-pyo 1.0.4-1 + [stretch] - python-pyo <no-dsa> (Minor issue) + NOTE: https://github.com/belangeo/pyo/issues/222 + NOTE: https://github.com/belangeo/pyo/commit/e7e6d2880469b523e4c41f0da2087a6a3eec4a45 (1.0.4) +CVE-2021-41498 (Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Ser ...) + - python-pyo 1.0.4-1 + [stretch] - python-pyo <no-dsa> (Minor issue) + NOTE: https://github.com/belangeo/pyo/issues/221 + NOTE: https://github.com/belangeo/pyo/commit/017702c73332a8560c8554a36250a6da587a2418 (1.0.4) +CVE-2021-41497 (Null pointer reference in CMS_Conservative_increment_obj in RaRe-Techn ...) + NOT-FOR-US: RaRe-Technologies bounter +CVE-2021-41496 (** DISPUTED ** Buffer overflow in the array_from_pyobj function of for ...) + - numpy <unfixed> + [bullseye] - numpy <no-dsa> (Minor issue) + NOTE: https://github.com/numpy/numpy/issues/19000 + NOTE: https://github.com/numpy/numpy/pull/20630 + NOTE: https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2 +CVE-2021-41495 (** DISPUTED ** Null Pointer Dereference vulnerability exists in numpy. ...) + - numpy <unfixed> + [bullseye] - numpy <no-dsa> (Minor issue) + NOTE: https://github.com/numpy/numpy/issues/19038 + TODO: check for classification/severity +CVE-2021-41494 + RESERVED +CVE-2021-41493 + RESERVED +CVE-2021-41492 (Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41491 + RESERVED +CVE-2021-41490 + RESERVED +CVE-2021-41489 + RESERVED +CVE-2021-41488 + RESERVED +CVE-2021-41487 + RESERVED +CVE-2021-41486 + RESERVED +CVE-2021-41485 + RESERVED +CVE-2021-41484 + RESERVED +CVE-2021-41483 + RESERVED +CVE-2021-41482 + RESERVED +CVE-2021-41481 + RESERVED +CVE-2021-41480 + RESERVED +CVE-2021-41479 + RESERVED +CVE-2021-41478 + RESERVED +CVE-2021-41477 + RESERVED +CVE-2021-41476 + RESERVED +CVE-2021-41475 + RESERVED +CVE-2021-41474 + RESERVED +CVE-2021-41473 + RESERVED +CVE-2021-41472 (SQL injection vulnerability in Sourcecodester Simple Membership System ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41471 (SQL injection vulnerability in Sourcecodester South Gate Inn Online Re ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41470 + RESERVED +CVE-2021-41469 + RESERVED +CVE-2021-41468 + RESERVED +CVE-2021-41467 (Cross-site scripting (XSS) vulnerability in application/controllers/dr ...) + NOT-FOR-US: JustWriting +CVE-2021-41466 + RESERVED +CVE-2021-41465 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) + NOT-FOR-US: concrete5-legacy +CVE-2021-41464 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) + NOT-FOR-US: concrete5-legacy +CVE-2021-41463 (Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/a ...) + NOT-FOR-US: concrete5-legacy +CVE-2021-41462 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) + NOT-FOR-US: concrete5-legacy +CVE-2021-41461 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) + NOT-FOR-US: concrete5-legacy +CVE-2021-41460 + RESERVED +CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...) + - gpac <unfixed> + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/1912 + NOTE: Fixed by: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339 +CVE-2021-41458 + RESERVED +CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...) + - gpac <unfixed> + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/1909 + NOTE: Fixed by: https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619 +CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...) + - gpac <unfixed> + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/1911 + NOTE: Fixed by: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e +CVE-2021-41455 + RESERVED +CVE-2021-41454 + RESERVED +CVE-2021-41453 + RESERVED +CVE-2021-41452 + RESERVED +CVE-2021-41451 (A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP ...) + NOT-FOR-US: TP-Link +CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 al ...) + NOT-FOR-US: TP-Link +CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35, RAX38, and ...) + NOT-FOR-US: Netgear +CVE-2021-41448 + RESERVED +CVE-2021-41447 + RESERVED +CVE-2021-41446 + RESERVED +CVE-2021-41445 (A reflected cross-site-scripting attack in web application of D-Link D ...) + NOT-FOR-US: D-Link +CVE-2021-41444 + RESERVED +CVE-2021-41443 + RESERVED +CVE-2021-41442 (An HTTP smuggling attack in the web application of D-Link DIR-X1860 be ...) + NOT-FOR-US: D-Link +CVE-2021-41441 (A DoS attack in the web application of D-Link DIR-X1860 before v1.10WW ...) + NOT-FOR-US: D-Link +CVE-2021-41440 + RESERVED +CVE-2021-41439 + RESERVED +CVE-2021-41438 + RESERVED +CVE-2021-41437 + RESERVED +CVE-2021-41436 (An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX ...) + NOT-FOR-US: ASUS +CVE-2021-41435 (A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapt ...) + NOT-FOR-US: ASUS +CVE-2021-41434 + RESERVED +CVE-2021-41433 + RESERVED +CVE-2021-41432 + RESERVED +CVE-2021-41431 + RESERVED +CVE-2021-41430 + RESERVED +CVE-2021-41429 + RESERVED +CVE-2021-41428 + REJECTED +CVE-2021-41427 (Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) v ...) + NOT-FOR-US: Beeline Smart Box +CVE-2021-41426 (Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery ( ...) + NOT-FOR-US: Beeline Smart Box +CVE-2021-41425 + RESERVED +CVE-2021-41424 + RESERVED +CVE-2021-41423 + RESERVED +CVE-2021-41422 + RESERVED +CVE-2021-41421 + RESERVED +CVE-2021-41420 + RESERVED +CVE-2021-41419 + RESERVED +CVE-2021-41418 + RESERVED +CVE-2021-41417 + RESERVED +CVE-2021-41416 + RESERVED +CVE-2021-41415 + RESERVED +CVE-2021-41414 + RESERVED +CVE-2021-41413 + RESERVED +CVE-2021-41412 + RESERVED +CVE-2021-41411 + RESERVED +CVE-2021-41410 + RESERVED +CVE-2021-41409 + RESERVED +CVE-2021-41408 + RESERVED +CVE-2021-41407 + RESERVED +CVE-2021-41406 + RESERVED +CVE-2021-41405 + RESERVED +CVE-2021-41404 + RESERVED +CVE-2021-41403 + RESERVED +CVE-2021-41402 + RESERVED +CVE-2021-41401 + RESERVED +CVE-2021-41400 + RESERVED +CVE-2021-41399 + RESERVED +CVE-2021-41398 + RESERVED +CVE-2021-41397 + RESERVED +CVE-2021-41396 + RESERVED +CVE-2021-41395 (Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to contro ...) + NOT-FOR-US: Teleport +CVE-2021-41394 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...) + NOT-FOR-US: Teleport +CVE-2021-41393 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...) + NOT-FOR-US: Teleport +CVE-2021-41392 (static/main-preload.js in Boost Note through 0.22.0 allows remote comm ...) + NOT-FOR-US: BoostNote +CVE-2021-41391 (In Ericsson ECM before 18.0, it was observed that Security Management ...) + NOT-FOR-US: Ericsson ECM +CVE-2021-41390 (In Ericsson ECM before 18.0, it was observed that Security Provider En ...) + NOT-FOR-US: Ericsson ECM +CVE-2021-41389 + RESERVED +CVE-2021-41388 (Netskope client prior to 89.x on macOS is impacted by a local privileg ...) + NOT-FOR-US: Netskope +CVE-2021-41387 (seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation b ...) + - seatd <not-affected> (Vulnerable code introduced later) + NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E +CVE-2021-41386 + RESERVED +CVE-2021-41385 (The third party intelligence connector in Securonix SNYPR 6.3.1 Build ...) + NOT-FOR-US: third party intelligence connector in Securonix SNYPR +CVE-2021-41384 + RESERVED +CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute ...) + NOT-FOR-US: Netgear +CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server managem ...) + NOT-FOR-US: Plastic SCM +CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory Traversal. ...) + NOT-FOR-US: Payara Micro Community +CVE-2021-3816 (Cacti 1.1.38 allows authenticated users with User Management permissio ...) + - cacti 1.2.1+ds1-1 + [stretch] - cacti <not-affected> (user_group_admin.php not present, added in 1.0) + NOTE: https://github.com/Cacti/cacti/issues/1882 + NOTE: Fixed by: https://github.com/Cacti/cacti/commit/2b8097c06030ab72c5b3bdadb23dceb5332f0e94 (1.2.0-beta1) +CVE-2021-41380 (** DISPUTED ** RealVNC Viewer 6.21.406 allows remote VNC servers to ca ...) + NOT-FOR-US: RealVNC +CVE-2021-41379 (Windows Installer Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41378 (Windows NTFS Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41377 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-41376 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2021-41375 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2021-41374 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2021-41373 (FSLogix Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41372 (Power BI Report Server Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41371 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-41370 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...) + NOT-FOR-US: Microsoft +CVE-2021-41369 + RESERVED +CVE-2021-41368 (Microsoft Access Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41367 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...) + NOT-FOR-US: Microsoft +CVE-2021-41366 (Credential Security Support Provider Protocol (CredSSP) Elevation of P ...) + NOT-FOR-US: Microsoft +CVE-2021-41365 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-41364 + RESERVED +CVE-2021-41363 (Intune Management Extension Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41362 + RESERVED +CVE-2021-41361 (Active Directory Federation Server Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41360 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-41359 + RESERVED +CVE-2021-41358 + RESERVED +CVE-2021-41357 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-41356 (Windows Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41355 (.NET Core and Visual Studio Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft .NET +CVE-2021-41354 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-41353 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41352 (SCOM Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41351 (Microsoft Edge (Chrome based) Spoofing on IE Mode ...) + NOT-FOR-US: Microsoft +CVE-2021-41350 (Microsoft Exchange Server Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41349 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-41348 (Microsoft Exchange Server Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41347 (Windows AppX Deployment Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41346 (Console Window Host Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41345 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-41344 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-41343 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-41342 (Windows MSHTML Platform Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41341 + RESERVED +CVE-2021-41340 (Windows Graphics Component Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41339 (Microsoft DWM Core Library Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41338 (Windows AppContainer Firewall Rules Security Feature Bypass Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2021-41337 (Active Directory Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41336 (Windows Kernel Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41335 (Windows Kernel Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41334 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41333 (Windows Print Spooler Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41332 (Windows Print Spooler Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41331 (Windows Media Audio Decoder Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41330 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-41329 (Datalust Seq before 2021.2.6259 allows users (with view filters applie ...) + NOT-FOR-US: Datalust Seq +CVE-2021-41328 + RESERVED +CVE-2021-41327 + RESERVED +CVE-2021-41326 (In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles p ...) + NOT-FOR-US: MISP +CVE-2021-41325 (Broken access control for user creation in Pydio Cells 2.2.9 allows re ...) + NOT-FOR-US: Pydio Cells +CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in Pydio Ce ...) + NOT-FOR-US: Pydio Cells +CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...) + NOT-FOR-US: Pydio Cells +CVE-2021-41322 (Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin ...) + NOT-FOR-US: Poly VVX 400/410 +CVE-2021-41321 + RESERVED +CVE-2021-41320 (A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4 ...) + NOT-FOR-US: Wallstreet Suite TRM +CVE-2021-41319 + RESERVED +CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...) + NOT-FOR-US: Progress WhatsUp Gold +CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...) + NOT-FOR-US: XSS Hunter Express +CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...) + NOT-FOR-US: Device42 Main Appliance +CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize user i ...) + NOT-FOR-US: Device42 Remote Collector +CVE-2021-3815 (utils.js is vulnerable to Improperly Controlled Modification of Object ...) + NOT-FOR-US: fabiocaccamo/utils.js +CVE-2021-3814 + RESERVED +CVE-2021-3813 (Improper Privilege Management in GitHub repository chatwoot/chatwoot p ...) + NOT-FOR-US: chatwoot +CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...) + NOT-FOR-US: NETGEAR +CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) + NOT-FOR-US: Atlassian +CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...) + NOT-FOR-US: Atlassian +CVE-2021-41311 (Affected versions of Atlassian Jira Server and Data Center allow attac ...) + NOT-FOR-US: Atlassian +CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-41309 (Affected versions of Atlassian Jira Server and Data Center allow a use ...) + NOT-FOR-US: Atlassian +CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) + NOT-FOR-US: Atlassian +CVE-2021-41307 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) + NOT-FOR-US: Atlassian +CVE-2021-41306 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-41305 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-41304 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-3812 (adminlte is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: adminlte +CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: adminlte +CVE-2021-3810 (code-server is vulnerable to Inefficient Regular Expression Complexity ...) + NOT-FOR-US: code-server +CVE-2021-3809 + RESERVED +CVE-2021-3808 + RESERVED +CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity ...) + - node-ansi-regex 5.0.1-1 (bug #994568) + [bullseye] - node-ansi-regex 5.0.1-1~deb11u1 + [buster] - node-ansi-regex 3.0.0-1+deb10u1 + [stretch] - node-ansi-regex <not-affected> (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 + NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 (v6.0.1) +CVE-2021-3806 (A path traversal vulnerability on Pardus Software Center's "extractArc ...) + NOT-FOR-US: Pardus Software Center +CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...) + - node-object-path 0.11.8-1 + [bullseye] - node-object-path 0.11.5-3+deb11u1 + [buster] - node-object-path <no-dsa> (Minor issue) + [stretch] - node-object-path <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053 + NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6 +CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...) + - shiro <unfixed> + [bullseye] - shiro <no-dsa> (Minor issue) + [buster] - shiro <no-dsa> (Minor issue) + [stretch] - shiro <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1 +CVE-2021-41302 (ECOA BAS controller stores sensitive data (backup exports) in clear-te ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41301 (ECOA BAS controller is vulnerable to configuration disclosure when dir ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41300 (ECOA BAS controller’s special page displays user account and pas ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41299 (ECOA BAS controller is vulnerable to hard-coded credentials within its ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41298 (ECOA BAS controller is vulnerable to insecure direct object references ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41297 (ECOA BAS controller is vulnerable to weak access control mechanism all ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41296 (ECOA BAS controller uses weak set of default administrative credential ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41295 (ECOA BAS controller has a Cross-Site Request Forgery vulnerability, th ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41294 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41293 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41292 (ECOA BAS controller suffers from an authentication bypass vulnerabilit ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41291 (ECOA BAS controller suffers from a path traversal content disclosure v ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41290 (ECOA BAS controller suffers from an arbitrary file write and path trav ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41289 (ASUS P453UJ contains the Improper Restriction of Operations within the ...) + NOT-FOR-US: ASUS +CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is vulnerable to ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41287 + RESERVED +CVE-2021-41286 (Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authent ...) + NOT-FOR-US: Omikron MultiCash Desktop +CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity ...) + NOT-FOR-US: NervJS Taro +CVE-2021-41285 (Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escal ...) + NOT-FOR-US: Ballistix MOD Utility +CVE-2021-41284 + RESERVED +CVE-2021-41283 + RESERVED +CVE-2021-41282 + RESERVED +CVE-2021-41281 (Synapse is a package for Matrix homeservers written in Python 3/Twiste ...) + - matrix-synapse 1.47.1-1 (bug #1000451) + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c + NOTE: https://github.com/matrix-org/synapse/commit/91f2bd0907f1d05af67166846988e49644eb650c +CVE-2021-41280 (Sharetribe Go is a source available marketplace software. In affected ...) + NOT-FOR-US: Sharetribe Go +CVE-2021-41279 (BaserCMS is an open source content management system with a focus on J ...) + NOT-FOR-US: BaserCMS +CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing necessary ...) + NOT-FOR-US: EdgeX +CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...) + NOT-FOR-US: Metabase +CVE-2021-41276 (Tuleap is a Libre and Open Source tool for end to end traceability of ...) + NOT-FOR-US: Tuleap +CVE-2021-41275 (spree_auth_devise is an open source library which provides authenticat ...) + NOT-FOR-US: spree_auth_devise +CVE-2021-41274 (solidus_auth_devise provides authentication services for the Solidus w ...) + NOT-FOR-US: solidus_auth_devise +CVE-2021-41273 (Pterodactyl is an open-source game server management panel built with ...) + NOT-FOR-US: Pterodactyl +CVE-2021-41272 (Besu is an Ethereum client written in Java. Starting in version 21.10. ...) + NOT-FOR-US: Hyperledger Besu +CVE-2021-41271 (Discourse is a platform for community discussion. In affected versions ...) + NOT-FOR-US: Discourse +CVE-2021-41270 (Symfony/Serializer handles serializing and deserializing data structur ...) + - symfony 4.4.19+dfsg-3 + [bullseye] - symfony <no-dsa> (Minor issue; can be fixed via point release) + [buster] - symfony <not-affected> (Vulnerable code and support for csv_escape_formulas introduced in 4.1) + [stretch] - symfony <not-affected> (Vulnerable code and support for csv_escape_formulas introduced in 4.1) + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x + NOTE: https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8 (v4.4.35) + NOTE: https://symfony.com/blog/cve-2021-41270-prevent-csv-injection-via-formulas +CVE-2021-41269 (cron-utils is a Java library to define, parse, validate, migrate crons ...) + NOT-FOR-US: cron-utils Java library +CVE-2021-41268 (Symfony/SecurityBundle is the security system for Symfony, a PHP frame ...) + - symfony <not-affected> (Vulnerable code never in released version in unstable) + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr + NOTE: https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc (v5.3.12) +CVE-2021-41267 (Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP fr ...) + - symfony <not-affected> (Vulnerable code never in released version in unstable) + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q + NOTE: https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487 (v5.3.12) +CVE-2021-41266 (Minio console is a graphical user interface for the for MinIO operator ...) + NOT-FOR-US: Minio console +CVE-2021-41265 (Flask-AppBuilder is a development framework built on top of Flask. Ver ...) + - flask-appbuilder <itp> (bug #998029) + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-m3rf-7m4w-r66q + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.3.4 + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/eba517aab121afa3f3f2edb011ec6bc4efd61fbc (3.3.4) +CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract development. In ...) + NOT-FOR-US: OpenZeppelin Contracts +CVE-2021-41263 (rails_multisite provides multi-db support for Rails applications. In a ...) + NOT-FOR-US: rails_multisite +CVE-2021-41262 (Galette is a membership management web application built for non profi ...) + - galette <removed> +CVE-2021-41261 (Galette is a membership management web application built for non profi ...) + - galette <removed> +CVE-2021-41260 (Galette is a membership management web application built for non profi ...) + - galette <removed> +CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency, expr ...) + - nim <unfixed> + [bullseye] - nim <no-dsa> (Minor issue) + [buster] - nim <no-dsa> (Minor issue) + [stretch] - nim <no-dsa> (Minor issue) + NOTE: https://github.com/nim-lang/security/security/advisories/GHSA-3gg2-rw3q-qwgc +CVE-2021-41258 (Kirby is an open source file structured CMS. In affected versions Kirb ...) + NOT-FOR-US: Kirby +CVE-2021-41257 + RESERVED +CVE-2021-41256 (nextcloud news-android is an Android client for the Nextcloud news/fee ...) + NOT-FOR-US: nextcloud news-android App +CVE-2021-41255 + RESERVED +CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running ...) + NOT-FOR-US: kustomize-controller +CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v ...) + - zydis 3.2.1-1 (bug #999431) + NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g + NOTE: Fixed by: https://github.com/zyantific/zydis/commit/55dd08c210722aed81b38132f5fd4a04ec1943b5 (master) + NOTE: Fixed by: https://github.com/zyantific/zydis/commit/330b259583ade789886ce11af2ebcd030097dcbf (v3.2.1) +CVE-2021-41252 (Kirby is an open source file structured CMS ### Impact Kirby's writer ...) + NOT-FOR-US: Kirby +CVE-2021-41251 (@sap-cloud-sdk/core contains the core functionality of the SAP Cloud S ...) + NOT-FOR-US: SAP +CVE-2021-41250 (Python discord bot is the community bot for the Python Discord communi ...) + NOT-FOR-US: Python discord bot +CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL focused ...) + NOT-FOR-US: GraphQL Playground +CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, GraphQL IDE ...) + NOT-FOR-US: GraphiQL +CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter notebooks. ...) + - jupyterhub 2.0.0+ds1-1 + NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7 + NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27 +CVE-2021-41246 (Express OpenID Connect is express JS middleware implementing sign on f ...) + NOT-FOR-US: Express OpenID Connect +CVE-2021-41245 + RESERVED +CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...) + - grafana <removed> +CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command Injection V ...) + NOT-FOR-US: baserCMS +CVE-2021-41242 (OpenOlat is a web-basedlearning management system. A path traversal vu ...) + NOT-FOR-US: OpenOlat +CVE-2021-41241 + RESERVED +CVE-2021-41240 + RESERVED +CVE-2021-41239 + RESERVED +CVE-2021-41238 (Hangfire is an open source system to perform background job processing ...) + NOT-FOR-US: Hangfire +CVE-2021-41237 + RESERVED +CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In affected versio ...) + NOT-FOR-US: OroPlatform +CVE-2021-41235 + RESERVED +CVE-2021-41234 + RESERVED +CVE-2021-41233 + RESERVED +CVE-2021-41232 (Thunderdome is an open source agile planning poker tool in the theme o ...) + NOT-FOR-US: Thunderdome +CVE-2021-41231 + RESERVED +CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In affected ve ...) + NOT-FOR-US: Pomerium +CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ...) + {DLA-2827-1} + - bluez 5.62-2 (bug #1000262) + [bullseye] - bluez <no-dsa> (Minor issue) + [buster] - bluez <no-dsa> (Minor issue) + NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq + NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d939483328489fb835bb425d36f7c7c73d52c388 (4.0) + NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e79417ed7185b150a056d4eb3a1ab528b91d2fc0 +CVE-2021-41228 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41227 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41226 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41225 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41224 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41223 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41222 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41221 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41220 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41219 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41218 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41217 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41216 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41215 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41214 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41213 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41212 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41211 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41210 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41209 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41208 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41207 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41206 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41205 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41204 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41203 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41202 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41201 (TensorFlow is an open source platform for machine learning. In affeced ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41200 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41199 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41198 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41197 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41196 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41195 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow <itp> (bug #804612) +CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub authenticator that helps new use ...) + NOT-FOR-US: FirstUseAuthenticator for JupyterHub +CVE-2021-41193 + RESERVED +CVE-2021-41192 (Redash is a package for data visualization and sharing. If an admin se ...) + NOT-FOR-US: Redash +CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. ...) + NOT-FOR-US: Roblox-Purchasing-Hub +CVE-2021-41190 (The OCI Distribution Spec project defines an API protocol to facilitat ...) + NOT-FOR-US: OCI Distribution Specification + NOTE: Issue in the OCI Distribution Specification. Software mitigations are applied to + NOTE: containerd/1.5.8~ds1-1 and golang-github-opencontainers-image-spec/1.0.2-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/19/10 + NOTE: https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m + NOTE: https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh +CVE-2021-41189 (DSpace is an open source turnkey repository application. In version 7. ...) + NOT-FOR-US: DSpace +CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...) + NOT-FOR-US: Shopware +CVE-2021-41187 (DHIS 2 is an information system for data capture, management, validati ...) + NOT-FOR-US: DHIS +CVE-2021-41186 (Fluentd collects events from various data sources and writes them to f ...) + - fluentd <itp> (bug #926692) +CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...) + NOT-FOR-US: Mycodo +CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) + - jqueryui 1.13.0+dfsg-1 + [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1 + [stretch] - jqueryui <no-dsa> (Minor issue) + NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 + NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280 +CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) + {DLA-2889-1} + - drupal7 <removed> + - jqueryui 1.13.0+dfsg-1 + [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1 + [stretch] - jqueryui <no-dsa> (Minor issue) + NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 + NOTE: https://bugs.jqueryui.com/ticket/15284 + NOTE: https://github.com/jquery/jquery-ui/pull/1953 + NOTE: https://www.drupal.org/sa-core-2022-001 +CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) + {DLA-2889-1} + - drupal7 <removed> + - jqueryui 1.13.0+dfsg-1 + [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1 + [stretch] - jqueryui <no-dsa> (Minor issue) + NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc + NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce + NOTE: https://www.drupal.org/sa-core-2022-002 +CVE-2021-41181 + RESERVED +CVE-2021-41180 + RESERVED +CVE-2021-41179 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-41178 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-41177 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with ...) + NOT-FOR-US: Pterodactyl +CVE-2021-41175 (Pi-hole's Web interface (based on AdminLTE) provides a central locatio ...) + NOT-FOR-US: Pi-hole +CVE-2021-41174 (Grafana is an open-source platform for monitoring and observability. I ...) + - grafana <removed> +CVE-2021-41173 (Go Ethereum is the official Golang implementation of the Ethereum prot ...) + - golang-github-go-ethereum <itp> (bug #890541) +CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for ...) + NOT-FOR-US: AntSword plugin for Redis +CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...) + NOT-FOR-US: eLabFTW +CVE-2021-41170 (neoan3-apps/template is a neoan3 minimal template engine. Versions pri ...) + NOT-FOR-US: neoan3-apps/template +CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...) + NOT-FOR-US: Sulu +CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser used ...) + NOT-FOR-US: Snudown +CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...) + NOT-FOR-US: modern-async +CVE-2021-41166 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...) + NOT-FOR-US: Nextcloud Android app +CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...) + - ckeditor <unfixed> (bug #999909) + [bullseye] - ckeditor <no-dsa> (Minor issue) + [buster] - ckeditor <no-dsa> (Minor issue) + [stretch] - ckeditor <no-dsa> (Minor issue) + NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0) +CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions ...) + - ckeditor <unfixed> (bug #999909) + [bullseye] - ckeditor <no-dsa> (Minor issue) + [buster] - ckeditor <no-dsa> (Minor issue) + [stretch] - ckeditor <no-dsa> (Minor issue) + NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj (v4.17.0) +CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...) + NOT-FOR-US: Discourse +CVE-2021-41162 + RESERVED +CVE-2021-41161 + RESERVED +CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + - freerdp2 2.4.1+dfsg1-1 (bug #1001062) + [bullseye] - freerdp2 <no-dsa> (Minor issue) + [buster] - freerdp2 <no-dsa> (Minor issue) + - freerdp <removed> + [stretch] - freerdp <no-dsa> (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg + NOTE: https://github.com/FreeRDP/FreeRDP/pull/7349 + NOTE: https://github.com/FreeRDP/FreeRDP/commit/217e0caa181fc1690cf84dd6a3ba1a4f90c02692 +CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + - freerdp2 2.4.1+dfsg1-1 (bug #1001061) + [bullseye] - freerdp2 <no-dsa> (Minor issue) + [buster] - freerdp2 <no-dsa> (Minor issue) + - freerdp <removed> + [stretch] - freerdp <no-dsa> (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq + NOTE: https://github.com/FreeRDP/FreeRDP/commit/d39a7ba5c38e3ba3b99b1558dc2ab0970cbfb0c5 (Stable 2.0 backports) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/f0b44da67c09488178000725ff9f2729ccfdf9fe +CVE-2021-41158 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) + - freeswitch <itp> (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4 +CVE-2021-41157 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) + - freeswitch <itp> (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj +CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In affected ...) + NOT-FOR-US: anuko/timetracker +CVE-2021-41155 (Tuleap is a Free & Open Source Suite to improve management of soft ...) + NOT-FOR-US: Tuleap +CVE-2021-41154 (Tuleap is a Free & Open Source Suite to improve management of soft ...) + NOT-FOR-US: Tuleap +CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...) + NOT-FOR-US: Rust evm crate +CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...) + NOT-FOR-US: OpenOlat +CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...) + NOT-FOR-US: Backstage +CVE-2021-41150 (Tough provides a set of Rust libraries and tools for using and generat ...) + NOT-FOR-US: Tough +CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and generat ...) + NOT-FOR-US: Tough +CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) + NOT-FOR-US: Tuleap +CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) + NOT-FOR-US: Tuleap +CVE-2021-41146 (qutebrowser is an open source keyboard-focused browser with a minimal ...) + - qutebrowser <not-affected> (Only affects Windows) + NOTE: https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm + NOTE: https://github.com/qutebrowser/qutebrowser/commit/8f46ba3f6dc7b18375f7aa63c48a1fe461190430 + NOTE: Additional hardening for potential similar issues on Linux were added, but + NOTE: are not fixing a security vulnerability. +CVE-2021-41145 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) + - freeswitch <itp> (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m +CVE-2021-41144 + RESERVED +CVE-2021-41143 + RESERVED +CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) + NOT-FOR-US: Tuleap +CVE-2021-41141 (PJSIP is a free and open source multimedia communication library writt ...) + - pjproject <removed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc + NOTE: https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196 +CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform that allows ...) + NOT-FOR-US: Discourse plugin +CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) + NOT-FOR-US: Anuko Time Tracker +CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...) + NOT-FOR-US: Frontier +CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All users ...) + NOT-FOR-US: Minio +CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...) + - puma 5.5.2-1 + [stretch] - puma <no-dsa> (Minor issue) + NOTE: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx + NOTE: https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f +CVE-2021-41135 (The Cosmos-SDK is a framework for building blockchain applications in ...) + NOT-FOR-US: Cosmos-SDK +CVE-2021-41134 (nbdime provides tools for diffing and merging of Jupyter Notebooks. In ...) + - nbdime <itp> (bug #975509) +CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...) + NOT-FOR-US: OMERO.web +CVE-2021-41131 (python-tuf is a Python reference implementation of The Update Framewor ...) + - python-tuf <itp> (bug #934151) +CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...) + NOT-FOR-US: Extensible Service Proxy +CVE-2021-41129 (Pterodactyl is an open-source game server management panel built with ...) + NOT-FOR-US: Pterodactyl +CVE-2021-41128 (Hygeia is an application for collecting and processing personal and ca ...) + NOT-FOR-US: Hygeia +CVE-2021-41127 (Rasa is an open source machine learning framework to automate text-and ...) + NOT-FOR-US: Rasa +CVE-2021-41126 (October is a Content Management System (CMS) and web platform built on ...) + NOT-FOR-US: October CMS +CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for Python. ...) + - python-scrapy 2.5.1-1 + [bullseye] - python-scrapy <no-dsa> (Minor issue) + [buster] - python-scrapy <no-dsa> (Minor issue) + [stretch] - python-scrapy <no-dsa> (Minor issue) + NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498 +CVE-2021-41124 (Scrapy-splash is a library which provides Scrapy and JavaScript integr ...) + NOT-FOR-US: Scrapy-splash +CVE-2021-41123 (Survey Solutions is a survey management and data collection system. In ...) + NOT-FOR-US: Survey Solutions +CVE-2021-41122 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...) + NOT-FOR-US: Vyper +CVE-2021-41121 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...) + NOT-FOR-US: Vyper +CVE-2021-41120 (sylius/paypal-plugin is a paypal plugin for the Sylius development pla ...) + NOT-FOR-US: sylius/paypal-plugin +CVE-2021-41119 + RESERVED +CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...) + NOT-FOR-US: DynamicPageList3 MediaWiki Extension +CVE-2021-41117 (keypair is a a RSA PEM key generator written in javascript. keypair im ...) + NOT-FOR-US: keypair +CVE-2021-41116 (Composer is an open source dependency manager for the PHP language. In ...) + - composer <not-affected> (Only affects Windows) + NOTE: https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf + NOTE: https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa +CVE-2021-41115 (Zulip is an open source team chat server. In affected versions Zulip a ...) + - zulip-server <itp> (bug #800052) +CVE-2021-41114 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: Typo3 +CVE-2021-41113 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: Typo3 +CVE-2021-41112 + RESERVED +CVE-2021-41111 + RESERVED +CVE-2021-41110 (cwlviewer is a web application to view and share Common Workflow Langu ...) + NOT-FOR-US: cwlviewer +CVE-2021-41109 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Parse Server +CVE-2021-41108 + RESERVED +CVE-2021-41107 + RESERVED +CVE-2021-41106 (JWT is a library to work with JSON Web Token and JSON Web Signature. P ...) + NOT-FOR-US: PHP lcobucci/jwt +CVE-2021-41105 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) + - freeswitch <itp> (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36 +CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with web_serv ...) + NOT-FOR-US: ESPHome +CVE-2021-41103 (containerd is an open source container runtime with an emphasis on sim ...) + {DSA-5002-1} + - containerd 1.5.7~ds1-1 + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq + NOTE: https://github.com/containerd/containerd/commit/403846c9540f5bfdaf1fe5349cce5fd3bc60f507 (v1.4.11) + NOTE: https://github.com/containerd/containerd/commit/38532c6ed7bb9dd683ba9eaca62dd7cce0330cbb (v1.4.11) + NOTE: https://github.com/containerd/containerd/commit/0b1bde38546a9283a52cf4970e01fd0f09b0ac4a (v1.4.11) +CVE-2021-41102 + RESERVED +CVE-2021-41101 (wire-server is an open-source back end for Wire, a secure collaboratio ...) + NOT-FOR-US: wire-server +CVE-2021-41100 (Wire-server is the backing server for the open source wire secure mess ...) + NOT-FOR-US: wire-server +CVE-2021-41099 (Redis is an open source, in-memory database that persists on disk. An ...) + {DSA-5001-1 DLA-2810-1} + - redis 5:6.0.16-1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph +CVE-2021-41098 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...) + - ruby-nokogiri <not-affected> (jruby implementation not shiped) + NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h + NOTE: https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d +CVE-2021-41097 (aurelia-path is part of the Aurelia platform and contains utilities fo ...) + NOT-FOR-US: Aurelia +CVE-2021-41096 (Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 a ...) + NOT-FOR-US: Rucky for Android +CVE-2021-41095 (Discourse is an open source discussion platform. There is a cross-site ...) + NOT-FOR-US: Discourse +CVE-2021-41094 (Wire is an open source secure messenger. Users of Wire by Bund may byp ...) + NOT-FOR-US: Wire by Bund +CVE-2021-41093 (Wire is an open source secure messenger. In affected versions if the a ...) + NOT-FOR-US: Wire iOS +CVE-2021-41092 (Docker CLI is the command line interface for the docker container runt ...) + - docker.io 20.10.10+dfsg1-1 (bug #998292) + [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1 + [buster] - docker.io <no-dsa> (Minor issue) + NOTE: https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v + NOTE: https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b +CVE-2021-41091 (Moby is an open-source project created by Docker to enable software co ...) + - docker.io 20.10.10+dfsg1-1 + [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1 + [buster] - docker.io <no-dsa> (Minor issue) + NOTE: https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558 + NOTE: https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64 +CVE-2021-41090 (Grafana Agent is a telemetry collector for sending metrics, logs, and ...) + NOT-FOR-US: Grafana Agent +CVE-2021-41089 (Moby is an open-source project created by Docker to enable software co ...) + - docker.io 20.10.10+dfsg1-1 + [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1 + [buster] - docker.io <no-dsa> (Minor issue) + NOTE: https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4 +CVE-2021-41088 (Elvish is a programming language and interactive shell, combined into ...) + - elvish 0.14.0-1 + [buster] - elvish <no-dsa> (Minor issue) + NOTE: https://github.com/elves/elvish/security/advisories/GHSA-fpv6-f8jw-rc3r + NOTE: https://github.com/elves/elvish/commit/ccc2750037bbbfafe9c1b7a78eadd3bd16e81fe5 +CVE-2021-41087 (in-toto-golang is a go implementation of the in-toto framework to prot ...) + NOT-FOR-US: in-toto Go implementation (different from src:in-toto) +CVE-2021-41086 (jsuites is an open source collection of common required javascript web ...) + NOT-FOR-US: jsuites +CVE-2021-41085 + RESERVED +CVE-2021-41084 (http4s is an open source scala interface for HTTP. In affected version ...) + NOT-FOR-US: Http4s +CVE-2021-41083 (Dada Mail is a web-based e-mail list management system. In affected ve ...) + NOT-FOR-US: Dada Mail +CVE-2021-41082 (Discourse is a platform for community discussion. In affected versions ...) + NOT-FOR-US: Discourse +CVE-2021-41081 (Zoho ManageEngine Network Configuration Manager before  ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41080 (Zoho ManageEngine Network Configuration Manager before  ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10. ...) + {DSA-4986-1 DLA-2764-1} + - tomcat9 9.0.53-1 + - tomcat8 <removed> + NOTE: https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E + NOTE: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 (9.0.44) + NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64) +CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity ...) + - node-nth-check 2.0.1-1 + [bullseye] - node-nth-check <no-dsa> (Minor issue) + [buster] - node-nth-check <no-dsa> (Minor issue) + [stretch] - node-nth-check <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726 (v2.0.1) + NOTE: https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0/ + NOTE: https://github.com/advisories/GHSA-rp65-9cf3-cjxr +CVE-2021-3802 (A vulnerability found in udisks2. This flaw allows an attacker to inpu ...) + {DLA-2809-1} + - udisks2 2.9.4-1 + [bullseye] - udisks2 2.9.2-2+deb11u1 + [buster] - udisks2 <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649 + NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt + NOTE: https://github.com/storaged-project/udisks/commit/38d90a433bda0fc0f2a409f6baa12c3958893571 (udisks-2.9.4) +CVE-2021-41078 (Nameko through 2.13.0 can be tricked into performing arbitrary code ex ...) + NOT-FOR-US: Nameko +CVE-2021-3801 (prism is vulnerable to Inefficient Regular Expression Complexity ...) + - node-prismjs 1.25.0+dfsg-1 + [bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u1 + NOTE: https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9 +CVE-2021-41077 (The activation process in Travis CI, for certain 2021-09-03 through 20 ...) + NOT-FOR-US: Travis CI +CVE-2021-41076 + REJECTED +CVE-2021-41075 (The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vu ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41074 + RESERVED +CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 ...) + {DSA-4978-1} + - linux 5.14.6-2 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/09/18/2 +CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...) + {DSA-4987-1 DLA-2789-1} + - squashfs-tools 1:4.5-3 (bug #994262) + NOTE: Prerequisites: + NOTE: https://github.com/plougher/squashfs-tools/commit/80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36 + NOTE: https://github.com/plougher/squashfs-tools/commit/1993a4e7aeda04962bf26e84c15fba8b58837e10 + NOTE: https://github.com/plougher/squashfs-tools/commit/9938154174756ee48a94ea0b076397a2944b028d + NOTE: Fixed by: https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd + NOTE: Followup fix: https://github.com/plougher/squashfs-tools/commit/19fcc9365dcdb2c22d232d42d11012940df64b7c + NOTE: https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405 +CVE-2021-41071 + REJECTED +CVE-2021-41070 + REJECTED +CVE-2021-41069 + RESERVED +CVE-2021-41068 + RESERVED +CVE-2021-41067 (An issue was discovered in Listary through 6. Improper implementation ...) + NOT-FOR-US: Listary +CVE-2021-41066 (An issue was discovered in Listary through 6. When Listary is configur ...) + NOT-FOR-US: Listary +CVE-2021-41065 (An issue was discovered in Listary through 6. An attacker can create a ...) + NOT-FOR-US: Listary +CVE-2021-41064 + RESERVED +CVE-2021-41063 (SQL injection vulnerability was discovered in Aanderaa GeoView Webserv ...) + NOT-FOR-US: Aanderaa GeoView Webservice +CVE-2021-41062 + RESERVED +CVE-2021-41061 (In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee8201 ...) + NOT-FOR-US: RIOT-OS +CVE-2021-41060 + RESERVED +CVE-2021-41059 + RESERVED +CVE-2021-41058 + RESERVED +CVE-2021-41057 (In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles s ...) + NOT-FOR-US: WIBU +CVE-2021-41056 + RESERVED +CVE-2021-41055 (Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a ...) + {DSA-5064-1} + - python-nbxmpp 2.0.4-1 + [buster] - python-nbxmpp <not-affected> (Vulnerable code not present) + [stretch] - python-nbxmpp <not-affected> (Vulnerable code introduced later (modules added in v1.0.0)) + NOTE: https://dev.gajim.org/gajim/gajim/-/issues/10638 + NOTE: https://dev.gajim.org/gajim/python-nbxmpp/-/commit/8a626829d7c4b14077f764e61b1d1e867d21413f + NOTE: Fix in python-nbxmpp, and gajim 1.3.3 bumps depends on required nbxmpp version. +CVE-2021-41053 + RESERVED +CVE-2021-41052 + RESERVED +CVE-2021-41051 + RESERVED +CVE-2021-41050 + RESERVED +CVE-2021-41049 + RESERVED +CVE-2021-41048 + RESERVED +CVE-2021-41047 + RESERVED +CVE-2021-41046 + RESERVED +CVE-2021-41045 + RESERVED +CVE-2021-41044 + RESERVED +CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other confirm ...) + - tcpslice <unfixed> (bug #1003190) + [bullseye] - tcpslice <no-dsa> (Minor issue) + [buster] - tcpslice <no-dsa> (Minor issue) + [stretch] - tcpslice <no-dsa> (Minor issue) + NOTE: https://github.com/the-tcpdump-group/tcpslice/issues/11 + NOTE: https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a (tcpslice-1.5) +CVE-2021-41042 + RESERVED +CVE-2021-41041 + RESERVED +CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoA ...) + NOT-FOR-US: Eclipse Wakaama +CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ...) + - mosquitto <unfixed> (bug #1001028) + [buster] - mosquitto <not-affected> (Vulnerable code introduced later) + [stretch] - mosquitto <not-affected> (Vulnerable code introduced later) + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314 + NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/9d6a73f9f72005c2f19a262f15d28327eedea91f (v2.0.12) +CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior ...) + NOT-FOR-US: Eclipse Theia +CVE-2021-41037 + RESERVED +CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client ...) + - paho.mqtt.c <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/eclipse/paho.mqtt.embedded-c/issues/96 +CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...) + NOT-FOR-US: Eclipse OpenJ9 +CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...) + NOT-FOR-US: Eclipse Che +CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...) + NOT-FOR-US: Eclipse Equinox +CVE-2021-41032 + RESERVED +CVE-2021-41031 + RESERVED +CVE-2021-41030 (An authentication bypass by capture-replay vulnerability [CWE-294] in ...) + NOT-FOR-US: FortiGuard +CVE-2021-41029 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2021-41028 (A combination of a use of hard-coded cryptographic key vulnerability [ ...) + NOT-FOR-US: FortiGuard +CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6 ...) + NOT-FOR-US: FortiGuard +CVE-2021-41026 + RESERVED +CVE-2021-41025 (Multiple vulnerabilities in the authentication mechanism of confd in F ...) + NOT-FOR-US: FortiGuard +CVE-2021-41024 (A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7 ...) + NOT-FOR-US: FortiGuard +CVE-2021-41023 (A unprotected storage of credentials in Fortinet FortiSIEM Windows Age ...) + NOT-FOR-US: Fortiguard +CVE-2021-41022 (A improper privilege management in Fortinet FortiSIEM Windows Agent ve ...) + NOT-FOR-US: Fortiguard +CVE-2021-41021 (A privilege escalation vulnerability in FortiNAC versions 8.8.8 and be ...) + NOT-FOR-US: FortiGuard +CVE-2021-41020 + RESERVED +CVE-2021-41019 (An improper validation of certificate with host mismatch [CWE-297] vul ...) + NOT-FOR-US: Fortiguard +CVE-2021-41018 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: FortiGuard +CVE-2021-41017 (Multiple heap-based buffer overflow vulnerabilities in some web API co ...) + NOT-FOR-US: FortiGuard +CVE-2021-41016 (A improper neutralization of special elements used in a command ('comm ...) + NOT-FOR-US: FortiGuard +CVE-2021-41015 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2021-41014 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 ...) + NOT-FOR-US: FortiGuard +CVE-2021-41013 (An improper access control vulnerability [CWE-284] in FortiWeb version ...) + NOT-FOR-US: FortiGuard +CVE-2021-41012 + RESERVED +CVE-2021-41011 (LINE client for iOS before 11.15.0 might expose authentication informa ...) + NOT-FOR-US: LINE client for iOS +CVE-2021-41010 + RESERVED +CVE-2021-41009 + RESERVED +CVE-2021-41008 + RESERVED +CVE-2021-41007 + RESERVED +CVE-2021-41006 + RESERVED +CVE-2021-41005 + RESERVED +CVE-2021-41004 + RESERVED +CVE-2021-41003 + RESERVED +CVE-2021-41002 + RESERVED +CVE-2021-41001 + RESERVED +CVE-2021-41000 + RESERVED +CVE-2021-40999 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-40998 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-40997 (A remote authentication bypass vulnerability was discovered in Aruba C ...) + NOT-FOR-US: Aruba +CVE-2021-40996 (A remote authentication bypass vulnerability was discovered in Aruba C ...) + NOT-FOR-US: Aruba +CVE-2021-40995 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-40994 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-40993 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) + NOT-FOR-US: Aruba +CVE-2021-40992 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) + NOT-FOR-US: Aruba +CVE-2021-40991 (A remote disclosure of sensitive information vulnerability was discove ...) + NOT-FOR-US: Aruba +CVE-2021-40990 (A remote disclosure of sensitive information vulnerability was discove ...) + NOT-FOR-US: Aruba +CVE-2021-40989 (A local escalation of privilege vulnerability was discovered in Aruba ...) + NOT-FOR-US: Aruba +CVE-2021-40988 (A remote directory traversal vulnerability was discovered in Aruba Cle ...) + NOT-FOR-US: Aruba +CVE-2021-40987 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-3800 + RESERVED +CVE-2021-40985 (Buffer overflow vulnerability in htmldoc before 1.9.12, allows attacke ...) + - htmldoc 1.9.13-1 (unimportant) + [bullseye] - htmldoc 1.9.11-4+deb11u1 + NOTE: https://github.com/michaelrsweet/htmldoc/issues/444 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43 (v1.9.13) + NOTE: Crash in CLI tool, no security impact +CVE-2021-40984 + RESERVED +CVE-2021-40983 + RESERVED +CVE-2021-40982 + RESERVED +CVE-2021-40981 (ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain p ...) + NOT-FOR-US: ASUS ROG Armoury Crate Lite +CVE-2021-40980 + RESERVED +CVE-2021-40979 + RESERVED +CVE-2021-40978 (** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory t ...) + - python-mkdocs <unfixed> (unimportant) + NOTE: https://github.com/mkdocs/mkdocs/issues/2601 +CVE-2021-40977 + RESERVED +CVE-2021-40976 + RESERVED +CVE-2021-40975 (Cross-site scripting (XSS) vulnerability in application/modules/admin/ ...) + NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap +CVE-2021-40974 + RESERVED +CVE-2021-40973 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) + - spotweb <removed> (unimportant) + NOTE: https://github.com/spotweb/spotweb/issues/711 + NOTE: Issue only in the installer +CVE-2021-40972 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) + - spotweb <removed> (unimportant) + NOTE: https://github.com/spotweb/spotweb/issues/711 + NOTE: Issue only in the installer +CVE-2021-40971 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) + - spotweb <removed> (unimportant) + NOTE: https://github.com/spotweb/spotweb/issues/711 + NOTE: Issue only in the installer +CVE-2021-40970 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) + - spotweb <removed> (unimportant) + NOTE: https://github.com/spotweb/spotweb/issues/711 + NOTE: Issue only in the installer +CVE-2021-40969 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) + - spotweb <removed> (unimportant) + NOTE: https://github.com/spotweb/spotweb/issues/711 + NOTE: Issue only in the installer +CVE-2021-40968 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) + - spotweb <removed> (unimportant) + NOTE: https://github.com/spotweb/spotweb/issues/711 + NOTE: Issue only in the installer +CVE-2021-40967 + RESERVED +CVE-2021-40966 (A Stored XSS exists in TinyFileManager All version up to and including ...) + NOT-FOR-US: TinyFileManager +CVE-2021-40965 (A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileMa ...) + NOT-FOR-US: TinyFileManager +CVE-2021-40964 (A Path Traversal vulnerability exists in TinyFileManager all version u ...) + NOT-FOR-US: TinyFileManager +CVE-2021-40963 + RESERVED +CVE-2021-40962 + RESERVED +CVE-2021-40961 + RESERVED +CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal vulnerabil ...) + NOT-FOR-US: Galera WebTemplate +CVE-2021-40959 + RESERVED +CVE-2021-40958 + RESERVED +CVE-2021-40957 + RESERVED +CVE-2021-40956 + RESERVED +CVE-2021-40955 + RESERVED +CVE-2021-40954 + RESERVED +CVE-2021-40953 + RESERVED +CVE-2021-40952 + RESERVED +CVE-2021-40951 + RESERVED +CVE-2021-40950 + RESERVED +CVE-2021-40949 + RESERVED +CVE-2021-40948 + RESERVED +CVE-2021-40947 + RESERVED +CVE-2021-40946 + RESERVED +CVE-2021-40945 + RESERVED +CVE-2021-40944 + RESERVED +CVE-2021-40943 + RESERVED +CVE-2021-40942 + RESERVED +CVE-2021-40941 + RESERVED +CVE-2021-40940 + RESERVED +CVE-2021-40939 + RESERVED +CVE-2021-40938 + RESERVED +CVE-2021-40937 + RESERVED +CVE-2021-40936 + RESERVED +CVE-2021-40935 + RESERVED +CVE-2021-40934 + RESERVED +CVE-2021-40933 + RESERVED +CVE-2021-40932 + RESERVED +CVE-2021-40931 + RESERVED +CVE-2021-40930 + RESERVED +CVE-2021-40929 + RESERVED +CVE-2021-40928 (Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta d ...) + NOT-FOR-US: FlexTV +CVE-2021-40927 (Cross-site scripting (XSS) vulnerability in callback.php in Spotify-fo ...) + NOT-FOR-US: Spotify-for-Alfred +CVE-2021-40926 (Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in g ...) + - php-getid3 1.9.21+dfsg-1 (unimportant) + NOTE: https://github.com/JamesHeinrich/getID3/issues/341 + NOTE: https://github.com/JamesHeinrich/getID3/commit/0163ba96f7fc64765e499847c2373b1f994797c5 (v1.9.21) + NOTE: XSS issue in demo file +CVE-2021-40925 (Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php ...) + NOT-FOR-US: infaveo-helpdesk +CVE-2021-40924 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...) + NOT-FOR-US: Pixeline Bugs +CVE-2021-40923 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...) + NOT-FOR-US: Pixeline Bugs +CVE-2021-40922 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...) + NOT-FOR-US: Pixeline Bugs +CVE-2021-40921 (Cross-site scripting (XSS) vulnerability in _contactform.inc.php in De ...) + NOT-FOR-US: Detector +CVE-2021-40920 + RESERVED +CVE-2021-40919 + RESERVED +CVE-2021-40918 + RESERVED +CVE-2021-40917 + RESERVED +CVE-2021-40916 + RESERVED +CVE-2021-40915 + RESERVED +CVE-2021-40914 + RESERVED +CVE-2021-40913 + RESERVED +CVE-2021-40912 + RESERVED +CVE-2021-40911 + RESERVED +CVE-2021-40910 + RESERVED +CVE-2021-40909 (Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD wi ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester Purchase Or ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40907 (SQL injection vulnerability in Sourcecodester Storage Unit Rental Mana ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40906 + RESERVED +CVE-2021-40905 + RESERVED +CVE-2021-40904 + RESERVED +CVE-2021-40903 + RESERVED +CVE-2021-40902 + RESERVED +CVE-2021-40901 + RESERVED +CVE-2021-40900 + RESERVED +CVE-2021-40899 + RESERVED +CVE-2021-40898 + RESERVED +CVE-2021-40897 + RESERVED +CVE-2021-40896 + RESERVED +CVE-2021-40895 + RESERVED +CVE-2021-40894 + RESERVED +CVE-2021-40893 + RESERVED +CVE-2021-40892 + RESERVED +CVE-2021-40891 + RESERVED +CVE-2021-40890 + RESERVED +CVE-2021-40889 (CMSUno version 1.7.2 is affected by a PHP code execution vulnerability ...) + NOT-FOR-US: CMSUno +CVE-2021-40888 (Projectsend version r1295 is affected by Cross Site Scripting (XSS) du ...) + NOT-FOR-US: Projectsend +CVE-2021-40887 (Projectsend version r1295 is affected by a directory traversal vulnera ...) + NOT-FOR-US: Projectsend +CVE-2021-40886 (Projectsend version r1295 is affected by a directory traversal vulnera ...) + NOT-FOR-US: Projectsend +CVE-2021-40885 + RESERVED +CVE-2021-40884 (Projectsend version r1295 is affected by sensitive information disclos ...) + NOT-FOR-US: Projectsend +CVE-2021-40883 (A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via ...) + NOT-FOR-US: emlog +CVE-2021-40882 (A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via ...) + - piwigo <removed> +CVE-2021-40881 (An issue in the BAT file parameters of PublicCMS v4.0 allows attackers ...) + NOT-FOR-US: PublicCMS +CVE-2021-40880 + RESERVED +CVE-2021-40879 + RESERVED +CVE-2021-40878 + RESERVED +CVE-2021-40877 + RESERVED +CVE-2021-40876 + RESERVED +CVE-2021-40875 (Improper Access Control in Gurock TestRail versions < 7.2.0.3014 re ...) + NOT-FOR-US: Gurock TestRail +CVE-2021-40874 [RESTServer pwdConfirm always returns true with Combination + Kerberos] + RESERVED + [experimental] - lemonldap-ng 2.0.14~exp+ds-1 + - lemonldap-ng <unfixed> (bug #1005302) + [bullseye] - lemonldap-ng <no-dsa> (Minor issue) + [buster] - lemonldap-ng <no-dsa> (Minor issue) + [stretch] - lemonldap-ng <no-dsa> (Minor issue) + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612 + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/66946e8f754812b375768c2124937137c856fe0c +CVE-2021-40873 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2021-40872 (An issue was discovered in Softing Industrial Automation uaToolkit Emb ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2021-40871 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2021-40870 (An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.192 ...) + NOT-FOR-US: Aviatrix Controller +CVE-2021-40869 + RESERVED +CVE-2021-40868 (In Cloudron 6.2, the returnTo parameter on the login page is vulnerabl ...) + NOT-FOR-US: Cloudron +CVE-2021-40867 (Certain NETGEAR smart switches are affected by an authentication hijac ...) + NOT-FOR-US: Netgear +CVE-2021-40866 (Certain NETGEAR smart switches are affected by a remote admin password ...) + NOT-FOR-US: Netgear +CVE-2021-3799 (grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI ...) + NOT-FOR-US: Grav CMS +CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buff ...) + {DLA-2820-1} + - atftp 0.7.git20210915-1 (bug #994895) + [bullseye] - atftp 0.7.git20120829-3.3+deb11u1 + [buster] - atftp 0.7.git20120829-3.2~deb10u2 + NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/ +CVE-2021-3798 [Soft token does not check if an EC key is valid] + RESERVED + - opencryptoki <not-affected> (Vulnerable code introduced later) + NOTE: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780 + NOTE: Introduced with: https://github.com/opencryptoki/opencryptoki/commit/a179fd01a265a98194d9c06ec5958da1dd2ecae3 (v3.15.0) + NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0 +CVE-2021-40865 (An Unsafe Deserialization vulnerability exists in the worker services ...) + NOT-FOR-US: Apache Storm +CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison ...) + NOT-FOR-US: Hestia Control Panel +CVE-2021-3796 (vim is vulnerable to Use After Free ...) + {DLA-2876-1} + - vim 2:8.2.3455-1 (bug #994497) + [bullseye] - vim 2:8.2.2434-3+deb11u1 + [buster] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d/ + NOTE: https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 (v8.2.3428) + NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 +CVE-2021-3795 (semver-regex is vulnerable to Inefficient Regular Expression Complexit ...) + NOT-FOR-US: Node semver-regex +CVE-2021-3794 (vuelidate is vulnerable to Inefficient Regular Expression Complexity ...) + NOT-FOR-US: vuelidate for Vue.js +CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFIC ...) + NOT-FOR-US: Translate plugin for ONLYOFFICE Document Server +CVE-2021-40863 + RESERVED +CVE-2021-40862 (HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoi ...) + NOT-FOR-US: HashiCorp Terraform Enterprise +CVE-2021-40861 (A SQL Injection in the custom filter query component in Genesys intell ...) + NOT-FOR-US: Genesys +CVE-2021-40860 (A SQL Injection in the custom filter query component in Genesys intell ...) + NOT-FOR-US: Genesys +CVE-2021-40859 (Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B dev ...) + NOT-FOR-US: Auerswald +CVE-2021-40858 (Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Discl ...) + NOT-FOR-US: Auerswald COMpact 5500R devices +CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation ...) + NOT-FOR-US: Auerswald COMpact 5500R devices +CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...) + NOT-FOR-US: Auerswald +CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before ...) + NOT-FOR-US: EU Technical Specifications for Digital COVID Certificates +CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...) + NOT-FOR-US: AnyDesk +CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...) + NOT-FOR-US: TCMAN GIM +CVE-2021-40852 (TCMAN GIM is affected by an open redirect vulnerability. This vulnerab ...) + NOT-FOR-US: TCMAN GIM +CVE-2021-40851 (TCMAN GIM is vulnerable to a lack of authorization in all available we ...) + NOT-FOR-US: TCMAN GIM +CVE-2021-40850 (TCMAN GIM is vulnerable to a SQL injection vulnerability inside severa ...) + NOT-FOR-US: TCMAN GIM +CVE-2021-40849 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account a ...) + - mahara <removed> +CVE-2021-40848 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV ...) + - mahara <removed> +CVE-2021-40847 (The update process of the Circle Parental Control Service on various N ...) + NOT-FOR-US: Netgear +CVE-2021-40846 + RESERVED +CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, ca ...) + NOT-FOR-US: Zenitel +CVE-2021-40844 + RESERVED +CVE-2021-40843 (Proofpoint Insider Threat Management Server contains an unsafe deseria ...) + NOT-FOR-US: Proofpoint +CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL injection v ...) + NOT-FOR-US: Proofpoint +CVE-2021-40841 (A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 all ...) + NOT-FOR-US: LiveConfig +CVE-2021-40840 (A Stored XSS issue exists in the admin/users user administration form ...) + NOT-FOR-US: LiveConfig +CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...) + - python-rencode 1.0.6-2 + [bullseye] - python-rencode <no-dsa> (Minor issue) + [buster] - python-rencode <no-dsa> (Minor issue) + [stretch] - python-rencode <no-dsa> (Minor issue) + NOTE: https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75 + NOTE: https://github.com/aresch/rencode/pull/29 +CVE-2021-40838 + RESERVED +CVE-2021-40837 (A vulnerability affecting F-Secure antivirus engine before Capricorn u ...) + NOT-FOR-US: F-Secure +CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...) + NOT-FOR-US: F-Secure +CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...) + NOT-FOR-US: Safe Browser for iOS +CVE-2021-40834 (A user interface overlay vulnerability was discovered in F-secure SAFE ...) + NOT-FOR-US: F-secure +CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...) + NOT-FOR-US: F-Secure +CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) + NOT-FOR-US: F-Secure +CVE-2021-40831 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a ...) + NOT-FOR-US: AWS IoT Device SDK +CVE-2021-40830 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a ...) + NOT-FOR-US: AWS IoT Device SDK +CVE-2021-40829 (Connections initialized by the AWS IoT Device SDK v2 for Java (version ...) + NOT-FOR-US: AWS IoT Device SDK +CVE-2021-40828 (Connections initialized by the AWS IoT Device SDK v2 for Java (version ...) + NOT-FOR-US: AWS IoT Device SDK +CVE-2021-40827 (Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) ...) + - clementine <unfixed> (unimportant) + NOTE: https://voidsec.com/advisories/cve-2021-40827/ + NOTE: Bogus report with hardly useful details whether affects clementine/gstreamer, but + NOTE: regardless just a crash in a CLI tool +CVE-2021-40826 (Clementine Music Player through 1.3.1 is vulnerable to a User Mode Wri ...) + - clementine <unfixed> (unimportant) + NOTE: https://voidsec.com/advisories/cve-2021-40826/ + NOTE: Bogus report with hardly useful details whether affects clementine/gstreamer, but + NOTE: regardless just a crash in a CLI tool +CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software prior to 1.1 ...) + NOT-FOR-US: nLight ECLYPSE (nECY) system Controllers +CVE-2021-40824 (A logic error in the room key sharing functionality of Element Android ...) + NOT-FOR-US: matrix-android-sdk2 +CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js-sdk ( ...) + - element-web <itp> (bug #866502) + - node-matrix-js-sdk <unfixed> (bug #994213) + [bullseye] - node-matrix-js-sdk <no-dsa> (Minor issue) + [buster] - node-matrix-js-sdk <no-dsa> (Minor issue) + NOTE: https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing/ + NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 (v12.4.1) +CVE-2021-40822 + RESERVED +CVE-2021-40821 + RESERVED +CVE-2021-40820 + RESERVED +CVE-2021-40819 + RESERVED +CVE-2021-3793 (An improper access control vulnerability was reported in some Motorola ...) + NOT-FOR-US: Binatone +CVE-2021-3792 (Some device communications in some Motorola-branded Binatone Hubble Ca ...) + NOT-FOR-US: Binatone +CVE-2021-3791 (An information disclosure vulnerability was reported in some Motorola- ...) + NOT-FOR-US: Binatone +CVE-2021-3790 (A buffer overflow was reported in the local web server of some Motorol ...) + NOT-FOR-US: Binatone +CVE-2021-3789 (An information disclosure vulnerability was reported in some Motorola- ...) + NOT-FOR-US: Binatone +CVE-2021-3788 (An exposed debug interface was reported in some Motorola-branded Binat ...) + NOT-FOR-US: Binatone +CVE-2021-3787 (A vulnerability was reported in some Motorola-branded Binatone Hubble ...) + NOT-FOR-US: Binatone +CVE-2021-3786 (A potential vulnerability in the SMI callback function used in CSME co ...) + NOT-FOR-US: Lenovo +CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...) + NOT-FOR-US: yourls +CVE-2021-3784 + RESERVED +CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...) + NOT-FOR-US: yourls +CVE-2021-3782 + RESERVED +CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was ...) + {DSA-4972-1} + - ghostscript 9.53.3~dfsg-8 (bug #994011) + [buster] - ghostscript <not-affected> (Vulnerable code introduced later) + [stretch] - ghostscript <not-affected> (Vulnerable code introduced later) + NOTE: https://twitter.com/ducnt_/status/1434534373416574983 + NOTE: https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704342 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20 +CVE-2021-40817 + RESERVED +CVE-2021-40816 + RESERVED +CVE-2021-40815 + RESERVED +CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulner ...) + NOT-FOR-US: PrestaShop addon +CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...) + NOT-FOR-US: Element-IT HTTP Commander +CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...) + - libgd2 <unfixed> + [bullseye] - libgd2 <no-dsa> (Minor issue) + [buster] - libgd2 <no-dsa> (Minor issue) + [stretch] - libgd2 <no-dsa> (Minor issue) + NOTE: https://github.com/libgd/libgd/issues/750#issuecomment-914872385 + NOTE: https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9 +CVE-2021-40811 + RESERVED +CVE-2021-40810 + RESERVED +CVE-2021-40809 (An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An ...) + NOT-FOR-US: Jamf Pro +CVE-2021-40808 + RESERVED +CVE-2021-40807 + RESERVED +CVE-2021-40806 + RESERVED +CVE-2021-40805 + RESERVED +CVE-2021-40804 + RESERVED +CVE-2021-40803 + RESERVED +CVE-2021-40802 + RESERVED +CVE-2021-40801 + RESERVED +CVE-2021-40800 + RESERVED +CVE-2021-40799 + RESERVED +CVE-2021-40798 + RESERVED +CVE-2021-40797 (An issue was discovered in the routes middleware in OpenStack Neutron ...) + - neutron 2:19.0.0-1 (unimportant; bug #994202) + [bullseye] - neutron 2:17.2.1-0+deb11u1 + [buster] - neutron 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1 + NOTE: https://launchpad.net/bugs/1942179 + NOTE: neutron-api in Debian is served over UWSGI, cf. https://bugs.debian.org/994202 + NOTE: and so serves the requests and stops the process. +CVE-2021-40796 + RESERVED +CVE-2021-40795 + RESERVED +CVE-2021-40794 + RESERVED +CVE-2021-40793 + RESERVED +CVE-2021-40792 + RESERVED +CVE-2021-40791 + RESERVED +CVE-2021-40790 + RESERVED +CVE-2021-40789 + RESERVED +CVE-2021-40788 + RESERVED +CVE-2021-40787 + RESERVED +CVE-2021-40786 + RESERVED +CVE-2021-40785 + RESERVED +CVE-2021-40784 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40783 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40782 + RESERVED +CVE-2021-40781 + RESERVED +CVE-2021-40780 + RESERVED +CVE-2021-40779 + RESERVED +CVE-2021-40778 + RESERVED +CVE-2021-40777 + RESERVED +CVE-2021-40776 + RESERVED +CVE-2021-40775 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-40774 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...) + NOT-FOR-US: Adobe +CVE-2021-40773 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...) + NOT-FOR-US: Adobe +CVE-2021-40772 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-40771 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-40770 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-40769 + RESERVED +CVE-2021-40768 + RESERVED +CVE-2021-40767 + RESERVED +CVE-2021-40766 + RESERVED +CVE-2021-40765 + RESERVED +CVE-2021-40764 + RESERVED +CVE-2021-40763 + RESERVED +CVE-2021-40762 + RESERVED +CVE-2021-40761 (Adobe After Effects version 18.4.1 (and earlier) is affected by a Null ...) + NOT-FOR-US: Adobe +CVE-2021-40760 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40759 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40758 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40757 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40756 (Adobe After Effects version 18.4.1 (and earlier) is affected by a Null ...) + NOT-FOR-US: Adobe +CVE-2021-40755 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40754 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40753 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40752 (Adobe After Effects version 18.4 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-40751 (Adobe After Effects version 18.4 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-40750 + RESERVED +CVE-2021-40749 + RESERVED +CVE-2021-40748 + RESERVED +CVE-2021-40747 + RESERVED +CVE-2021-40746 + RESERVED +CVE-2021-40745 (Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Trav ...) + NOT-FOR-US: Adobe +CVE-2021-40744 + RESERVED +CVE-2021-40743 + RESERVED +CVE-2021-40742 + RESERVED +CVE-2021-40741 + RESERVED +CVE-2021-40740 + RESERVED +CVE-2021-40739 + RESERVED +CVE-2021-40738 + RESERVED +CVE-2021-40737 + RESERVED +CVE-2021-40736 + RESERVED +CVE-2021-40735 + RESERVED +CVE-2021-40734 + RESERVED +CVE-2021-40733 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...) + NOT-FOR-US: Adobe +CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...) + NOT-FOR-US: Adobe +CVE-2021-40731 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) + NOT-FOR-US: Adobe +CVE-2021-40730 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) + NOT-FOR-US: Adobe +CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) + NOT-FOR-US: Adobe +CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) + NOT-FOR-US: Adobe +CVE-2021-40727 + RESERVED +CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are affected ...) + NOT-FOR-US: Adobe +CVE-2021-40723 + RESERVED +CVE-2021-40722 (AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and bel ...) + NOT-FOR-US: Adobe +CVE-2021-40721 (Adobe Connect version 11.2.3 (and earlier) is affected by a reflected ...) + NOT-FOR-US: Adobe +CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...) + NOT-FOR-US: Adobe +CVE-2021-40719 (Adobe Connect version 11.2.3 (and earlier) is affected by a Deserializ ...) + NOT-FOR-US: Adobe +CVE-2021-40718 + RESERVED +CVE-2021-40717 + RESERVED +CVE-2021-40716 (XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out- ...) + NOT-FOR-US: Adobe +CVE-2021-40715 (Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-40714 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2021-40713 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2021-40712 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2021-40711 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2021-40710 (Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-40709 (Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2021-40708 (Adobe Genuine Service versions 7.3 (and earlier) are affected by a pri ...) + NOT-FOR-US: Adobe +CVE-2021-40707 + RESERVED +CVE-2021-40706 + RESERVED +CVE-2021-40705 + RESERVED +CVE-2021-40704 + RESERVED +CVE-2021-40703 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) + NOT-FOR-US: Adobe +CVE-2021-40702 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) + NOT-FOR-US: Adobe +CVE-2021-40701 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) + NOT-FOR-US: Adobe +CVE-2021-40700 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) + NOT-FOR-US: Adobe +CVE-2021-40699 + RESERVED +CVE-2021-40698 + RESERVED +CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-40696 + REJECTED +CVE-2021-40695 (It was possible for a student to view their quiz grade before it had b ...) + - moodle <removed> +CVE-2021-40694 (Insufficient escaping of the LaTeX preamble made it possible for site ...) + - moodle <removed> +CVE-2021-40693 (An authentication bypass risk was identified in the external database ...) + - moodle <removed> +CVE-2021-40692 (Insufficient capability checks made it possible for teachers to downlo ...) + - moodle <removed> +CVE-2021-40691 (A session hijack risk was identified in the Shibboleth authentication ...) + - moodle <removed> +CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) + {DSA-5010-1 DLA-2767-1} + - libxml-security-java 2.1.7-1 (bug #994569) + NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc +CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...) + - peertube <itp> (bug #950821) +CVE-2021-40689 + RESERVED +CVE-2021-40688 + RESERVED +CVE-2021-40687 + RESERVED +CVE-2021-40686 + RESERVED +CVE-2021-40685 + RESERVED +CVE-2021-40684 (Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R ...) + NOT-FOR-US: Talend ESB Runtime +CVE-2021-XXXX [jwe cbc tag computation error] + - rhonabwy 0.9.13-4 (bug #993866) + [bullseye] - rhonabwy 0.9.13-3+deb11u1 + NOTE: https://github.com/babelouest/rhonabwy/commit/996d935540c2c171c7678f14b8178d9ce87db9ac (v1.0.0) +CVE-2021-XXXX [jws alg:none signature verification issue] + - rhonabwy 0.9.13-4 (bug #993866) + [bullseye] - rhonabwy 0.9.13-3+deb11u1 + NOTE: https://github.com/babelouest/rhonabwy/commit/ff9ecad4c9a031c8369acde67ea52d558899e51e (v1.0.0) +CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer ov ...) + - glewlwyd 2.5.2-3 (bug #993867) + [bullseye] - glewlwyd 2.5.2-2+deb11u1 + [buster] - glewlwyd <not-affected> (Vulnerable code for FIDO2 signature validation introduced later) + NOTE: https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2 +CVE-2021-40683 (In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4 ...) + NOT-FOR-US: Akamai EAA (Enterprise Application Access) Client +CVE-2021-40682 + RESERVED +CVE-2021-3779 + RESERVED +CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...) + {DLA-2876-1} + - vim 2:8.2.3455-1 (bug #994498) + [bullseye] - vim 2:8.2.2434-3+deb11u1 + [buster] - vim <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273 + NOTE: https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f (v8.2.3409) + NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 +CVE-2021-3777 (nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity ...) + NOT-FOR-US: nodejs-tmpl +CVE-2021-40681 + RESERVED +CVE-2021-40680 + RESERVED +CVE-2021-40679 + RESERVED +CVE-2021-40678 + RESERVED +CVE-2021-40677 + RESERVED +CVE-2021-40676 + RESERVED +CVE-2021-40675 + RESERVED +CVE-2021-40674 (An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyV ...) + NOT-FOR-US: Wuzhi CMS +CVE-2021-40673 + RESERVED +CVE-2021-40672 + RESERVED +CVE-2021-40671 + RESERVED +CVE-2021-40670 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...) + NOT-FOR-US: Wuzhi CMS +CVE-2021-40669 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...) + NOT-FOR-US: Wuzhi CMS +CVE-2021-40668 + RESERVED +CVE-2021-40667 + RESERVED +CVE-2021-40666 + RESERVED +CVE-2021-40665 + RESERVED +CVE-2021-40664 + RESERVED +CVE-2021-40663 + RESERVED +CVE-2021-40662 + RESERVED +CVE-2021-40661 + RESERVED +CVE-2021-40660 + RESERVED +CVE-2021-40659 + RESERVED +CVE-2021-40658 + RESERVED +CVE-2021-40657 + RESERVED +CVE-2021-40656 + RESERVED +CVE-2021-40655 (An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Ve ...) + NOT-FOR-US: D-Link +CVE-2021-40654 (An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An ...) + NOT-FOR-US: D-Link +CVE-2021-40653 + RESERVED +CVE-2021-40652 + RESERVED +CVE-2021-40651 (OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vu ...) + NOT-FOR-US: OS4Ed OpenSIS Community +CVE-2021-40650 + RESERVED +CVE-2021-40649 + RESERVED +CVE-2021-40648 + RESERVED +CVE-2021-40647 + RESERVED +CVE-2021-40646 + RESERVED +CVE-2021-40645 + RESERVED +CVE-2021-40644 + RESERVED +CVE-2021-40643 + RESERVED +CVE-2021-40642 + RESERVED +CVE-2021-40641 + RESERVED +CVE-2021-40640 + RESERVED +CVE-2021-40639 (Improper access control in Jfinal CMS 5.1.0 allows attackers to access ...) + NOT-FOR-US: Jfinal CMS +CVE-2021-40638 + RESERVED +CVE-2021-40637 + RESERVED +CVE-2021-40636 + RESERVED +CVE-2021-40635 + RESERVED +CVE-2021-40634 + RESERVED +CVE-2021-40633 + RESERVED +CVE-2021-40632 + RESERVED +CVE-2021-40631 + RESERVED +CVE-2021-40630 + RESERVED +CVE-2021-40629 + RESERVED +CVE-2021-40628 + RESERVED +CVE-2021-40627 + RESERVED +CVE-2021-40626 + RESERVED +CVE-2021-40625 + RESERVED +CVE-2021-40624 + RESERVED +CVE-2021-40623 + RESERVED +CVE-2021-40622 + RESERVED +CVE-2021-40621 + RESERVED +CVE-2021-40620 + RESERVED +CVE-2021-40619 + RESERVED +CVE-2021-40618 (An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1 ...) + NOT-FOR-US: openSIS +CVE-2021-40617 (An SQL Injection vulnerability exists in openSIS Community Edition ver ...) + NOT-FOR-US: openSIS +CVE-2021-40616 + RESERVED +CVE-2021-40615 + RESERVED +CVE-2021-40614 + RESERVED +CVE-2021-40613 + RESERVED +CVE-2021-40612 (An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without au ...) + NOT-FOR-US: Opmantek Open-AudIT +CVE-2021-40611 + RESERVED +CVE-2021-40610 + RESERVED +CVE-2021-40609 + RESERVED +CVE-2021-40608 + RESERVED +CVE-2021-40607 + RESERVED +CVE-2021-40606 + RESERVED +CVE-2021-40605 + RESERVED +CVE-2021-40604 + RESERVED +CVE-2021-40603 + RESERVED +CVE-2021-40602 + RESERVED +CVE-2021-40601 + RESERVED +CVE-2021-40600 + RESERVED +CVE-2021-40599 + RESERVED +CVE-2021-40598 + RESERVED +CVE-2021-40597 + RESERVED +CVE-2021-40596 (SQL injection vulnerability in Login.php in sourcecodester Online Lear ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40594 + RESERVED +CVE-2021-40593 + RESERVED +CVE-2021-40592 + RESERVED +CVE-2021-40591 + RESERVED +CVE-2021-40590 + RESERVED +CVE-2021-40589 + RESERVED +CVE-2021-40588 + RESERVED +CVE-2021-40587 + RESERVED +CVE-2021-40586 + RESERVED +CVE-2021-40585 + RESERVED +CVE-2021-40584 + RESERVED +CVE-2021-40583 + RESERVED +CVE-2021-40582 + RESERVED +CVE-2021-40581 + RESERVED +CVE-2021-40580 + RESERVED +CVE-2021-40579 (https://www.sourcecodester.com/ Online Enrollment Management System in ...) + NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code +CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerability was ...) + NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code +CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40576 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1904 + NOTE: https://github.com/gpac/gpac/commit/ad18ece95fa064efc0995c4ab2c985f77fb166ec +CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1905 + NOTE: https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858 +CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1897 + NOTE: https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcb +CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1891 + NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a +CVE-2021-40572 (The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_fi ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1893 + NOTE: https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109 +CVE-2021-40571 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1895 + NOTE: https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340 +CVE-2021-40570 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1899 + NOTE: https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302 +CVE-2021-40569 (The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerabilit ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1890 + NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a +CVE-2021-40568 (A buffer overflow vulnerability exists in Gpac through 1.0.1 via a mal ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1900 + NOTE: https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30 +CVE-2021-40567 (Segmentation fault vulnerability exists in Gpac through 1.0.1 via the ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1889 + NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816 +CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1887 + NOTE: https://github.com/gpac/gpac/commit/96047e0e6166407c40cc19f4e94fb35cd7624391 +CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1902 + NOTE: https://github.com/gpac/gpac/commit/893fb99b606eebfae46cde151846a980e689039b +CVE-2021-40564 (A Segmentation fault caused by null pointer dereference vulnerability ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1898 + NOTE: https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618 +CVE-2021-40563 (A Segmentation fault exists casued by null pointer dereference exists ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1892 + NOTE: https://github.com/gpac/gpac/commit/5ce0c906ed8599d218036b18b78e8126a496f137 +CVE-2021-40562 (A Segmentation fault caused by a floating point exception exists in Gp ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1901 + NOTE: https://github.com/gpac/gpac/commit/5dd71c7201a3e5cf40732d585bfb21c906c171d3 +CVE-2021-40561 + RESERVED +CVE-2021-40560 + RESERVED +CVE-2021-40559 (A null pointer deference vulnerability exists in gpac through 1.0.1 vi ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1886 + NOTE: https://github.com/gpac/gpac/commit/70607fc71a671cf48a05e013a4e411429373dce7 +CVE-2021-40558 + RESERVED +CVE-2021-40557 + RESERVED +CVE-2021-40556 + RESERVED +CVE-2021-40555 + RESERVED +CVE-2021-40554 + RESERVED +CVE-2021-40553 + RESERVED +CVE-2021-40552 + RESERVED +CVE-2021-40551 + RESERVED +CVE-2021-40550 + RESERVED +CVE-2021-40549 + RESERVED +CVE-2021-40548 + RESERVED +CVE-2021-40547 + RESERVED +CVE-2021-40546 + RESERVED +CVE-2021-40545 + RESERVED +CVE-2021-40544 + RESERVED +CVE-2021-40543 (Opensis-Classic Version 8.0 is affected by a SQL injection vulnerabili ...) + NOT-FOR-US: openSIS +CVE-2021-40542 (Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). ...) + NOT-FOR-US: openSIS +CVE-2021-40541 (PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the pr ...) + NOT-FOR-US: PHP-Fusion +CVE-2021-40540 (ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info ...) + - ulfius 2.7.1-2 (bug #993851) + [bullseye] - ulfius 2.7.1-1+deb11u1 + [buster] - ulfius 2.5.2-4+deb10u1 + NOTE: https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa +CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnera ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40538 + RESERVED +CVE-2021-40537 (Server Side Request Forgery (SSRF) vulnerability exists in owncloud/us ...) + - owncloud <removed> +CVE-2021-40536 + RESERVED +CVE-2021-40535 + RESERVED +CVE-2021-40534 + RESERVED +CVE-2021-40533 + RESERVED +CVE-2021-40532 (Telegram Web K Alpha before 0.7.2 mishandles the characters in a docum ...) + NOT-FOR-US: tweb + NOTE: https://github.com/morethanwords/tweb +CVE-2021-40531 (Sketch before 75 allows library feeds to be used to bypass file quaran ...) + NOT-FOR-US: Sketch collaborative design (Mac or Web app) + NOTE: sketch.com, not the sketch package in Debian. +CVE-2021-40530 (The ElGamal implementation in Crypto++ through 8.5 allows plaintext re ...) + - libcrypto++ 8.6.0-1 (bug #993841) + [bullseye] - libcrypto++ <no-dsa> (Minor issue) + [buster] - libcrypto++ <no-dsa> (Minor issue) + [stretch] - libcrypto++ <no-dsa> (Minor issue) + NOTE: https://eprint.iacr.org/2021/923 + NOTE: https://github.com/weidai11/cryptopp/issues/1059 + NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 + NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 + NOTE: https://github.com/weidai11/cryptopp/commit/bee8e8ca6658 (CRYPTOPP_8_6_0) +CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in Thunder ...) + - botan 2.18.1+dfsg-3 (bug #993840) + [bullseye] - botan <no-dsa> (Minor issue) + [buster] - botan <no-dsa> (Minor issue) + - botan1.10 <removed> + [stretch] - botan1.10 <ignored> (Affected function encrypt(...) has changed drastically. Backport is too instrusive to backport) + NOTE: https://eprint.iacr.org/2021/923 + NOTE: https://github.com/randombit/botan/pull/2790 + NOTE: Fixed by: https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2 + NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 + NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 +CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...) + - libgcrypt20 1.9.4-2 + [bullseye] - libgcrypt20 <no-dsa> (Minor issue) + [buster] - libgcrypt20 <no-dsa> (Minor issue) + [stretch] - libgcrypt20 <no-dsa> (Minor issue) + NOTE: https://eprint.iacr.org/2021/923 + NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 + NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e8b7f10be275bcedb5fc05ed4837a89bfd605c61 (1.9.x) + NOTE: Related to CVE-2021-33560, but not a duplicate. Unfortunately scope of CVE-2021-33560 and + NOTE: CVE-2021-40528 got switched at some point, and CVE-2021-33560 referring to the blinding + NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on + NOTE: a query). +CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the "com. ...) + NOT-FOR-US: "com.onepeloton.erlich" mobile application +CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...) + NOT-FOR-US: Peleton +CVE-2021-40525 (Apache James ManagedSieve implementation alongside with the file stora ...) + NOT-FOR-US: Apache James +CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: ShowDoc +CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: ShowDoc +CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version a ...) + NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch +CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to infer ...) + NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3 + NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html + TODO: fill in tracking details +CVE-2021-3772 [Invalid chunks may be used to remotely remove existing associations] + RESERVED + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000694 +CVE-2021-3771 + RESERVED +CVE-2021-40524 (In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism ...) + - pure-ftpd 1.0.50-1 (bug #993810) + [bullseye] - pure-ftpd <no-dsa> (Minor issue) + [buster] - pure-ftpd <no-dsa> (Minor issue) + [stretch] - pure-ftpd <no-dsa> (Minor issue) + NOTE: https://github.com/jedisct1/pure-ftpd/pull/158 +CVE-2021-40523 (In Contiki 3.0, Telnet option negotiation is mishandled. During negoti ...) + NOT-FOR-US: Contiki +CVE-2021-40522 + RESERVED +CVE-2021-40521 (Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Executi ...) + NOT-FOR-US: Airangel +CVE-2021-40520 (Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials ...) + NOT-FOR-US: Airangel +CVE-2021-40519 (Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database ...) + NOT-FOR-US: Airangel +CVE-2021-40518 (Airangel HSMX Gateway devices through 5.2.04 allow CSRF. ...) + NOT-FOR-US: Airangel +CVE-2021-40517 (Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored C ...) + NOT-FOR-US: Airangel +CVE-2021-40516 (WeeChat before 3.2.1 allows remote attackers to cause a denial of serv ...) + {DLA-2770-1} + - weechat 3.2.1-1 (bug #993803) + [bullseye] - weechat <no-dsa> (Minor issue; can be fixed via point release) + [buster] - weechat <no-dsa> (Minor issue; can be fixed via point release) + NOTE: https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b +CVE-2021-40515 + RESERVED +CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow ...) + - vim 2:8.2.3455-1 (bug #994076) + [bullseye] - vim 2:8.2.2434-3+deb11u1 + [buster] - vim <no-dsa> (Minor issue) + [stretch] - vim <not-affected> (Vulnerable code not present) + NOTE: https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/ + NOTE: Fixed by: https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 (v8.2.3402) + NOTE: Followup fix for introduced memory leak: https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e (v8.2.3403) + NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 +CVE-2021-3769 (# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` t ...) + NOT-FOR-US: ohmyzsh +CVE-2021-40514 + RESERVED +CVE-2021-40513 + RESERVED +CVE-2021-40512 + RESERVED +CVE-2021-40511 + RESERVED +CVE-2021-40510 + RESERVED +CVE-2021-40509 (ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. ...) + NOT-FOR-US: JForum2 +CVE-2021-3768 (bookstack is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: bookstack +CVE-2021-3767 (bookstack is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: bookstack +CVE-2021-40508 + RESERVED +CVE-2021-40507 + RESERVED +CVE-2021-40506 + RESERVED +CVE-2021-40505 + RESERVED +CVE-2021-3766 (objection.js is vulnerable to Improperly Controlled Modification of Ob ...) + NOT-FOR-US: Node objection.js +CVE-2021-3765 (validator.js is vulnerable to Inefficient Regular Expression Complexit ...) + - validator.js <removed> + [stretch] - validator.js <postponed> (Minor issue, ReDOS, partial fix, no rdeps) + NOTE: https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1 (13.7.0) + NOTE: partial fix, only applies to chars==null +CVE-2021-40504 (A certain template role in SAP NetWeaver Application Server for ABAP a ...) + NOT-FOR-US: SAP +CVE-2021-40503 (An information disclosure vulnerability exists in SAP GUI for Windows ...) + NOT-FOR-US: SAP +CVE-2021-40502 (SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not pe ...) + NOT-FOR-US: SAP +CVE-2021-40501 (SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not p ...) + NOT-FOR-US: SAP +CVE-2021-40500 (SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - ...) + NOT-FOR-US: SAP +CVE-2021-40499 (Client-side printing services SAP Cloud Print Manager and SAPSprint fo ...) + NOT-FOR-US: SAP +CVE-2021-40498 (A vulnerability has been identified in SAP SuccessFactors Mobile Appli ...) + NOT-FOR-US: SAP +CVE-2021-40497 (SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, a ...) + NOT-FOR-US: SAP +CVE-2021-40496 (SAP Internet Communication framework (ICM) - versions 700, 701, 702, 7 ...) + NOT-FOR-US: SAP +CVE-2021-40495 (There are multiple Denial-of Service vulnerabilities in SAP NetWeaver ...) + NOT-FOR-US: SAP +CVE-2021-40494 (A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI throu ...) + NOT-FOR-US: AdaptiveScale LXDUI +CVE-2021-40493 (Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injecti ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40492 (A reflected XSS vulnerability exists in multiple pages in version 22 o ...) + NOT-FOR-US: Gibbon application +CVE-2021-40489 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-40488 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-40487 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-40486 (Microsoft Word Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40485 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-40484 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-40483 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-40482 (Microsoft SharePoint Server Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40481 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-40480 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-40479 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-40478 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-40477 (Windows Event Tracing Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40476 (Windows AppContainer Elevation Of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40475 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2021-40474 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-40473 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-40472 (Microsoft Excel Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40471 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-40470 (DirectX Graphics Kernel Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40469 (Windows DNS Server Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40468 (Windows Bind Filter Driver Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40467 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-40466 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-40465 (Windows Text Shaping Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40464 (Windows Nearby Sharing Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40463 (Windows NAT Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40462 (Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Exec ...) + NOT-FOR-US: Microsoft +CVE-2021-40461 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-40460 (Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2021-40459 + RESERVED +CVE-2021-40458 + RESERVED +CVE-2021-40457 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-40456 (Windows AD FS Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40455 (Windows Installer Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40454 (Rich Text Edit Control Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40453 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-40452 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-40451 + RESERVED +CVE-2021-40450 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-40449 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-40448 (Microsoft Accessibility Insights for Android Information Disclosure Vu ...) + NOT-FOR-US: Microsoft +CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-40446 + RESERVED +CVE-2021-40445 + RESERVED +CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40443 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-40442 (Microsoft Excel Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40441 (Windows Media Center Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-40440 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-3764 [DoS in ccp_run_aes_gcm_cmd() function] + RESERVED + - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 + [stretch] - linux <not-affected> (Vulnerability introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997467 + NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4) +CVE-2021-3763 + RESERVED + NOT-FOR-US: Red Hat AMQ Broker +CVE-2021-3762 + RESERVED + NOT-FOR-US: Quay/clair +CVE-2021-40439 (Apache OpenOffice has a dependency on expat software. Versions prior t ...) + NOT-FOR-US: Apache OpenOffice +CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the request ...) + {DSA-4982-1 DLA-2776-1} + - apache2 2.4.49-1 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-40438 + NOTE: Minimal fix: https://github.com/apache/httpd/commit/496c863776c68bd08cdbeb7d8fa5935ba63b76c2 (2.4.x) + NOTE: Future-proof follow-up: https://github.com/apache/httpd/commit/d4901cb32133bc0e59ad193a29d1665597080d67 (2.4.x) + NOTE: Regression fix #1: https://github.com/apache/httpd/commit/6e768a811c59ca6a0769b72681aaef381823339f (2.4.x) + NOTE: Regression fix #2: https://github.com/apache/httpd/commit/81a8b0133b46c4cf7dfc4b5476ad46eb34aa0a5c (2.4.x) +CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate addresses ...) + - inetutils 2:2.2-1 (bug #993476) + [bullseye] - inetutils <no-dsa> (Minor issue) + [buster] - inetutils <no-dsa> (Minor issue) + [stretch] - inetutils <no-dsa> (Minor issue) + NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html + NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd +CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/ +CVE-2021-40437 + RESERVED +CVE-2021-40436 + RESERVED +CVE-2021-40435 + RESERVED +CVE-2021-40434 + RESERVED +CVE-2021-40433 + RESERVED +CVE-2021-40432 + RESERVED +CVE-2021-40431 + RESERVED +CVE-2021-40430 + RESERVED +CVE-2021-40429 + RESERVED +CVE-2021-40428 + RESERVED +CVE-2021-40427 + RESERVED +CVE-2021-40426 + RESERVED +CVE-2021-40425 + RESERVED +CVE-2021-40424 + RESERVED +CVE-2021-40423 (A denial of service vulnerability exists in the cgiserver.cgi API comm ...) + NOT-FOR-US: Reolink +CVE-2021-40422 + RESERVED +CVE-2021-40421 + RESERVED +CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary of reol ...) + NOT-FOR-US: Reolink +CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...) + NOT-FOR-US: DaVinci Resolve +CVE-2021-40417 (When parsing a file that is submitted to the DPDecoder service as a jo ...) + NOT-FOR-US: DaVinci Resolve +CVE-2021-40416 (An incorrect default permission vulnerability exists in the cgiserver. ...) + NOT-FOR-US: Reolink +CVE-2021-40415 (An incorrect default permission vulnerability exists in the cgiserver. ...) + NOT-FOR-US: Reolink +CVE-2021-40414 (An incorrect default permission vulnerability exists in the cgiserver. ...) + NOT-FOR-US: Reolink +CVE-2021-40413 (An incorrect default permission vulnerability exists in the cgiserver. ...) + NOT-FOR-US: Reolink +CVE-2021-40412 (An OScommand injection vulnerability exists in the device network sett ...) + NOT-FOR-US: Reolink +CVE-2021-40411 (An OS command injection vulnerability exists in the device network set ...) + NOT-FOR-US: Reolink +CVE-2021-40410 (An OS command injection vulnerability exists in the device network set ...) + NOT-FOR-US: Reolink +CVE-2021-40409 (An OS command injection vulnerability exists in the device network set ...) + NOT-FOR-US: Reolink +CVE-2021-40408 (An OS command injection vulnerability exists in the device network set ...) + NOT-FOR-US: Reolink +CVE-2021-40407 (An OS command injection vulnerability exists in the device network set ...) + NOT-FOR-US: Reolink +CVE-2021-40406 (A denial of service vulnerability exists in the cgiserver.cgi session ...) + NOT-FOR-US: Reolink +CVE-2021-40405 + RESERVED +CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.cgi Log ...) + NOT-FOR-US: Reolink +CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-place r ...) + - gerbv <unfixed> + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417 + NOTE: https://github.com/gerbv/gerbv/issues/82 + NOTE: Proposed patch: https://github.com/gerbv/gerbv/commit/387f07b163cc30cd95e9bedf53bc07e7b38cc318 +CVE-2021-40402 + RESERVED + - gerbv <unfixed> + NOTE: https://github.com/gerbv/gerbv/issues/80 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416 +CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture definiti ...) + - gerbv <unfixed> + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415 + NOTE: https://github.com/gerbv/gerbv/commit/68ee18945bcf68ff964c42f12af79c5c0e2f4069 + NOTE: https://github.com/gerbv/gerbv/issues/81 +CVE-2021-40400 + RESERVED + - gerbv <unfixed> + NOTE: https://github.com/gerbv/gerbv/issues/79 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413 +CVE-2021-40399 + RESERVED +CVE-2021-40398 + RESERVED +CVE-2021-40397 (A privilege escalation vulnerability exists in the installation of Adv ...) + NOT-FOR-US: Advantech +CVE-2021-40396 (A privilege escalation vulnerability exists in the installation of Adv ...) + NOT-FOR-US: Advantech +CVE-2021-40395 + REJECTED +CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...) + - gerbv 2.8.1-1 + [bullseye] - gerbv <no-dsa> (Minor issue) + [buster] - gerbv <no-dsa> (Minor issue) + [stretch] - gerbv <no-dsa> (Minor issue) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1405 + NOTE: https://github.com/advisories/GHSA-936x-jwpc-5p28 + NOTE: https://github.com/gerbv/gerbv/commit/8d7e005f8783d92de74192af21303619bef7541f (v2.8.1-rc.1) +CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...) + - gerbv 2.8.2-1 + [bullseye] - gerbv <no-dsa> (Minor issue) + [buster] - gerbv <no-dsa> (Minor issue) + [stretch] - gerbv <no-dsa> (Minor issue) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404 + NOTE: https://github.com/advisories/GHSA-w67q-2hr6-7cjf + NOTE: https://github.com/gerbv/gerbv/commit/4d12b696aed19fbcc115fe83aa7597b7c42ba8d6 (v2.8.2-rc.1) +CVE-2021-40392 + RESERVED +CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format T-code ...) + {DLA-2839-1} + - gerbv 2.7.1-1 + [bullseye] - gerbv 2.7.0-2+deb11u1 + [buster] - gerbv <no-dsa> (Minor issue) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1402 + NOTE: https://github.com/gerbv/gerbv/commit/9f83950b772b37b49ee188300e444546e6aab17e + NOTE: https://github.com/gerbv/gerbv/issues/30 +CVE-2021-40390 + RESERVED +CVE-2021-40389 (A privilege escalation vulnerability exists in the installation of Adv ...) + NOT-FOR-US: Advantech +CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ Manager Se ...) + NOT-FOR-US: Advantech +CVE-2021-40387 (An issue was discovered in the server software in Kaseya Unitrends Bac ...) + NOT-FOR-US: Kaseya Unitrends Backup Software +CVE-2021-40386 + RESERVED +CVE-2021-40385 (An issue was discovered in the server software in Kaseya Unitrends Bac ...) + NOT-FOR-US: Kaseya Unitrends Backup Software +CVE-2021-40384 + RESERVED +CVE-2021-40383 + RESERVED +CVE-2021-40382 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) + NOT-FOR-US: Compro devices +CVE-2021-40381 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) + NOT-FOR-US: Compro devices +CVE-2021-40380 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) + NOT-FOR-US: Compro devices +CVE-2021-40379 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) + NOT-FOR-US: Compro devices +CVE-2021-40378 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) + NOT-FOR-US: Compro devices +CVE-2021-40377 (SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The ap ...) + NOT-FOR-US: SmarterTools +CVE-2021-40376 + RESERVED +CVE-2021-40375 + RESERVED +CVE-2021-40374 + RESERVED +CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP c ...) + NOT-FOR-US: playSMS +CVE-2021-40372 + RESERVED +CVE-2021-40371 (Gridpro Request Management for Windows Azure Pack before 2.0.7912 allo ...) + NOT-FOR-US: Gridpro Request Management for Windows Azure Pack +CVE-2021-40370 + RESERVED +CVE-2021-40369 (A carefully crafted plugin link invocation could trigger an XSS vulner ...) + - jspwiki <removed> +CVE-2021-40368 + RESERVED +CVE-2021-40367 + RESERVED +CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWM module) (A ...) + NOT-FOR-US: Siemens +CVE-2021-40365 + RESERVED +CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + NOT-FOR-US: Siemens +CVE-2021-40363 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + NOT-FOR-US: Siemens +CVE-2021-40362 + RESERVED +CVE-2021-40361 + RESERVED +CVE-2021-40360 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + NOT-FOR-US: Siemens +CVE-2021-40359 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + NOT-FOR-US: Siemens +CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + NOT-FOR-US: Siemens +CVE-2021-40357 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...) + NOT-FOR-US: Siemens +CVE-2021-40356 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-40355 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-40354 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitt ...) + {DSA-5041-1} + - cfrpki 1.3.0-1 (bug #994572) + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9 + NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422 +CVE-2021-3760 (A flaw was found in the Linux kernel. A use-after-free vulnerability i ...) + {DLA-2843-1} + - linux 5.14.16-1 (unimportant) + [bullseye] - linux 5.10.84-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/26/2 + NOTE: https://git.kernel.org/linus/1b1499a817c90fd1ce9453a2c98d2a01cca0e775 (5.15-rc6) + NOTE: CONFIG_NFC_NCI is not set in Debian +CVE-2021-40353 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) + NOT-FOR-US: openSIS +CVE-2021-40352 (OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Re ...) + NOT-FOR-US: OpenEMR +CVE-2021-40351 + RESERVED +CVE-2021-40350 (webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows at ...) + NOT-FOR-US: Christie Digital DWU850-GS V06.46 devices +CVE-2021-40349 (e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack th ...) + NOT-FOR-US: e7d Speed Test +CVE-2021-40348 (Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code inj ...) + NOT-FOR-US: Uyuni / Spacewalk (Red Hat) +CVE-2021-40347 (An issue was discovered in views/list.py in GNU Mailman Postorius befo ...) + {DSA-4970-1} + - postorius 1.3.5-1 (bug #993746) + NOTE: https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474b + NOTE: https://phabricator.wikimedia.org/T289798 +CVE-2021-40346 (An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_heade ...) + {DSA-4968-1} + - haproxy 2.2.16-3 + [buster] - haproxy <not-affected> (Vulnerable code not present) + [stretch] - haproxy <not-affected> (Vulnerable code not present) + NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41114.html + NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=3b69886f7dcc3cfb3d166309018e6cfec9ce2c95 +CVE-2021-40345 (An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets sec ...) + NOT-FOR-US: Nagios XI +CVE-2021-40344 (An issue was discovered in Nagios XI 5.8.5. In the Custom Includes sec ...) + NOT-FOR-US: Nagios XI +CVE-2021-40343 (An issue was discovered in Nagios XI 5.8.5. Insecure file permissions ...) + NOT-FOR-US: Nagios XI +CVE-2021-40342 + RESERVED +CVE-2021-40341 + RESERVED +CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne applicati ...) + NOT-FOR-US: Hitachi +CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne application due ...) + NOT-FOR-US: Hitachi +CVE-2021-40338 (Hitachi Energy LinkOne product, has a vulnerability due to a web serve ...) + NOT-FOR-US: Hitachi +CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...) + NOT-FOR-US: Hitachi +CVE-2021-40336 + RESERVED +CVE-2021-40335 + RESERVED +CVE-2021-40334 (Missing Handler vulnerability in the proprietary management protocol ( ...) + NOT-FOR-US: Hitachi +CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM ...) + NOT-FOR-US: Hitachi +CVE-2021-40332 + RESERVED +CVE-2021-3759 [unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks] + RESERVED + - linux 5.15.3-1 + NOTE: https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/ +CVE-2021-3758 (bookstack is vulnerable to Server-Side Request Forgery (SSRF) ...) + NOT-FOR-US: bookstack +CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Object Pr ...) + NOT-FOR-US: Node immer + NOTE: https://github.com/immerjs/immer +CVE-2021-40331 + RESERVED +CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow ...) + - libmysofa 1.2.1~dfsg0-1 + [bullseye] - libmysofa <no-dsa> (Minor issue) + [buster] - libmysofa <no-dsa> (Minor issue) + NOTE: https://huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/ + NOTE: https://github.com/hoene/libmysofa/commit/890400ebd092c574707d0c132124f8ff047e20e1 (v1.2.1) +CVE-2021-3755 + REJECTED +CVE-2021-3754 + RESERVED +CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7 +CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel’s Bluetooth ...) + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4 +CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a repository ...) + - git 1:2.30.1-1 + [bullseye] - git <no-dsa> (Minor issue) + [buster] - git <no-dsa> (Minor issue) + [stretch] - git <no-dsa> (Minor issue) + NOTE: https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473 +CVE-2021-40329 (The Authentication API in Ping Identity PingFederate before 10.3 misha ...) + NOT-FOR-US: Ping Identity PingFederate +CVE-2021-3751 (libmobi is vulnerable to Out-of-bounds Write ...) + - libmobi <not-affected> (Fixed before initial upload to Debian) + NOTE: https://huntr.dev/bounties/fcb4383c-bc27-4b89-bfce-6b041f0cb769/ + NOTE: https://github.com/bfabiszewski/libmobi/commit/ab5bf0e37e540eac682a14e628853b918626e72b (v0.7) +CVE-2021-40328 + RESERVED +CVE-2021-40327 (Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incor ...) + NOT-FOR-US: Trusted Firmware-M (TF-M) +CVE-2021-40326 + RESERVED +CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for modification of s ...) + - cobbler <removed> +CVE-2021-40324 (Cobbler before 3.3.0 allows arbitrary file write operations via upload ...) + - cobbler <removed> +CVE-2021-40323 (Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code E ...) + - cobbler <removed> +CVE-2021-40322 + RESERVED +CVE-2021-40321 + RESERVED +CVE-2021-40320 + RESERVED +CVE-2021-3750 [hcd-ehci: DMA reentrancy issue leads to use-after-free] + RESERVED + - qemu <unfixed> + [bullseye] - qemu <no-dsa> (Minor issue) + [buster] - qemu <no-dsa> (Minor issue) + [stretch] - qemu <postponed> (Fix along with a future DLA) + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/541 + NOTE: Fix for whole class of DMA MMIO reentrancy issues: https://gitlab.com/qemu-project/qemu/-/issues/556 + NOTE: Patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html + NOTE: No upstream patch as of 2022-01-28 +CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression Complexity ...) + - node-axios 0.21.3+dfsg-1 + [bullseye] - node-axios 0.21.1+dfsg-1+deb11u1 + [buster] - node-axios 0.17.1+dfsg-2+deb10u1 + NOTE: https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/ + NOTE: https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929 + NOTE: https://github.com/axios/axios/pull/3980 +CVE-2021-3748 [virtio-net: heap use-after-free in virtio_net_receive_rcu] + RESERVED + {DSA-4980-1} + - qemu 1:6.1+dfsg-6 (bug #993401) + [stretch] - qemu <postponed> (Fix along with a future DLA) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1998514 +CVE-2021-40319 + RESERVED +CVE-2021-40318 + RESERVED +CVE-2021-40317 + RESERVED +CVE-2021-40316 + RESERVED +CVE-2021-40315 + RESERVED +CVE-2021-40314 + RESERVED +CVE-2021-40313 (Piwigo v11.5 was discovered to contain a SQL injection vulnerability v ...) + - piwigo <removed> +CVE-2021-40312 + RESERVED +CVE-2021-40311 + RESERVED +CVE-2021-40310 (OpenSIS Community Edition version 8.0 is affected by a cross-site scri ...) + NOT-FOR-US: OpenSIS +CVE-2021-40309 (A SQL injection vulnerability exists in the Take Attendance functional ...) + NOT-FOR-US: OpenSIS +CVE-2021-40308 + RESERVED +CVE-2021-40307 + RESERVED +CVE-2021-40306 + RESERVED +CVE-2021-40305 + RESERVED +CVE-2021-40304 + RESERVED +CVE-2021-40303 + RESERVED +CVE-2021-40302 + RESERVED +CVE-2021-40301 + RESERVED +CVE-2021-40300 + RESERVED +CVE-2021-40299 + RESERVED +CVE-2021-40298 + RESERVED +CVE-2021-40297 + RESERVED +CVE-2021-40296 + RESERVED +CVE-2021-40295 + RESERVED +CVE-2021-40294 + RESERVED +CVE-2021-40293 + RESERVED +CVE-2021-40292 (A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2 ...) + NOT-FOR-US: DzzOffice +CVE-2021-40291 + RESERVED +CVE-2021-40290 + RESERVED +CVE-2021-40289 + RESERVED +CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...) + NOT-FOR-US: TP-Link +CVE-2021-40287 + RESERVED +CVE-2021-40286 + RESERVED +CVE-2021-40285 + RESERVED +CVE-2021-40284 (D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow whi ...) + NOT-FOR-US: D-Link +CVE-2021-40283 + RESERVED +CVE-2021-40282 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 202 ...) + NOT-FOR-US: zzcms +CVE-2021-40281 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...) + NOT-FOR-US: zzcms +CVE-2021-40280 (An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 ...) + NOT-FOR-US: zzcms +CVE-2021-40279 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...) + NOT-FOR-US: zzcms +CVE-2021-40278 + RESERVED +CVE-2021-40277 + RESERVED +CVE-2021-40276 + RESERVED +CVE-2021-40275 + RESERVED +CVE-2021-40274 + RESERVED +CVE-2021-40273 + RESERVED +CVE-2021-40272 + RESERVED +CVE-2021-40271 + RESERVED +CVE-2021-40270 + RESERVED +CVE-2021-40269 + RESERVED +CVE-2021-40268 + RESERVED +CVE-2021-40267 + RESERVED +CVE-2021-40266 + RESERVED +CVE-2021-40265 + RESERVED +CVE-2021-40264 + RESERVED +CVE-2021-40263 + RESERVED +CVE-2021-40262 + RESERVED +CVE-2021-40261 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...) + NOT-FOR-US: SourceCodester +CVE-2021-40260 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...) + NOT-FOR-US: SourceCodester +CVE-2021-40259 + RESERVED +CVE-2021-40258 + RESERVED +CVE-2021-40257 + RESERVED +CVE-2021-40256 + RESERVED +CVE-2021-40255 + RESERVED +CVE-2021-40254 + RESERVED +CVE-2021-40253 + RESERVED +CVE-2021-40252 + RESERVED +CVE-2021-40251 + RESERVED +CVE-2021-40250 + RESERVED +CVE-2021-40249 + RESERVED +CVE-2021-40248 + RESERVED +CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40246 + RESERVED +CVE-2021-40245 + RESERVED +CVE-2021-40244 + RESERVED +CVE-2021-40243 + RESERVED +CVE-2021-40242 + RESERVED +CVE-2021-40241 + RESERVED +CVE-2021-40240 + RESERVED +CVE-2021-40239 (A Buffer Overflow vulnerability exists in the latest version of Minift ...) + NOT-FOR-US: Miniftpd +CVE-2021-40238 (A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel ...) + NOT-FOR-US: Webuzo +CVE-2021-40237 + RESERVED +CVE-2021-40236 + RESERVED +CVE-2021-40235 + RESERVED +CVE-2021-40234 + RESERVED +CVE-2021-40233 + RESERVED +CVE-2021-40232 + RESERVED +CVE-2021-40231 + RESERVED +CVE-2021-40230 + RESERVED +CVE-2021-40229 + RESERVED +CVE-2021-40228 + RESERVED +CVE-2021-40227 + RESERVED +CVE-2021-40226 + RESERVED +CVE-2021-40225 + RESERVED +CVE-2021-40224 + RESERVED +CVE-2021-40223 (Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitiz ...) + NOT-FOR-US: Rittal CMC PU III Web management +CVE-2021-40222 (Rittal CMC PU III Web management Version affected: V3.11.00_2. Version ...) + NOT-FOR-US: Rittal CMC PU III Web management +CVE-2021-40221 + RESERVED +CVE-2021-40220 + RESERVED +CVE-2021-40219 + RESERVED +CVE-2021-40218 + RESERVED +CVE-2021-40217 + RESERVED +CVE-2021-40216 + RESERVED +CVE-2021-40215 + RESERVED +CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wal ...) + NOT-FOR-US: Gibbon +CVE-2021-40213 + RESERVED +CVE-2021-40212 + RESERVED +CVE-2021-40211 + RESERVED +CVE-2021-40210 + RESERVED +CVE-2021-40209 + RESERVED +CVE-2021-40208 + RESERVED +CVE-2021-40207 + RESERVED +CVE-2021-40206 + RESERVED +CVE-2021-40205 + RESERVED +CVE-2021-40204 + RESERVED +CVE-2021-40203 + RESERVED +CVE-2021-40202 + RESERVED +CVE-2021-40201 + RESERVED +CVE-2021-40200 + RESERVED +CVE-2021-40199 + RESERVED +CVE-2021-40198 + RESERVED +CVE-2021-40197 + RESERVED +CVE-2021-40196 + RESERVED +CVE-2021-40195 + RESERVED +CVE-2021-40194 + RESERVED +CVE-2021-40193 + RESERVED +CVE-2021-40192 + RESERVED +CVE-2021-40191 (Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due ...) + NOT-FOR-US: Dzzoffice +CVE-2021-40190 + RESERVED +CVE-2021-40189 (PHPFusion 9.03.110 is affected by a remote code execution vulnerabilit ...) + NOT-FOR-US: PHP-Fusion +CVE-2021-40188 (PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerabili ...) + NOT-FOR-US: PHP-Fusion +CVE-2021-40187 + RESERVED +CVE-2021-40186 + RESERVED +CVE-2021-40185 + RESERVED +CVE-2021-40184 + RESERVED +CVE-2021-40183 + RESERVED +CVE-2021-40182 + RESERVED +CVE-2021-40181 + RESERVED +CVE-2021-40180 + RESERVED +CVE-2021-40179 + RESERVED +CVE-2021-40178 (Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the L ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40177 (Zoho ManageEngine Log360 before Build 5225 allows remote code executio ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40176 (Zoho ManageEngine Log360 before Build 5225 allows stored XSS. ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40175 (Zoho ManageEngine Log360 before Build 5219 allows unrestricted file up ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40174 (Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for di ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40173 (Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40172 (Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on pro ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40171 (The absence of notifications regarding an ongoing RF jamming attack in ...) + NOT-FOR-US: SecuritasHome home alarm system +CVE-2021-40170 (An RF replay attack vulnerability in the SecuritasHome home alarm syst ...) + NOT-FOR-US: SecuritasHome home alarm system +CVE-2021-40169 + RESERVED +CVE-2021-40168 + RESERVED +CVE-2021-40167 (A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017 ...) + NOT-FOR-US: Autodesk +CVE-2021-40166 + RESERVED +CVE-2021-40165 + RESERVED +CVE-2021-40164 + RESERVED +CVE-2021-40163 + RESERVED +CVE-2021-40162 + RESERVED +CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution through m ...) + NOT-FOR-US: Autodesk +CVE-2021-40160 (A maliciously crafted PDF file prior to 9.0.7 may be forced to read be ...) + NOT-FOR-US: Autodesk +CVE-2021-40159 (An Information Disclosure vulnerability for JT files in Autodesk Inven ...) + NOT-FOR-US: Autodesk +CVE-2021-40158 (A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2 ...) + NOT-FOR-US: Autodesk +CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...) + NOT-FOR-US: Autodesk +CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...) + NOT-FOR-US: Autodesk +CVE-2021-40155 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...) + NOT-FOR-US: Autodesk +CVE-2021-3747 (The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, acciden ...) + NOT-FOR-US: Multipass +CVE-2021-40154 (NXP LPC55S69 devices before A3 have a buffer over-read via a crafted w ...) + NOT-FOR-US: NXP LPC55S69 devices +CVE-2021-40152 + RESERVED +CVE-2021-40151 + RESERVED +CVE-2021-3746 (A flaw was found in the libtpms code that may cause access beyond the ...) + - libtpms 0.9.1-1 + NOTE: https://github.com/stefanberger/libtpms/commit/1fb6cd9b8df05b5d6e381b31215193d6ada969df (v0.6.6) + NOTE: https://github.com/stefanberger/libtpms/commit/ea62fd9679f8c6fc5e79471b33cfbd8227bfed72 (v0.6.6) + NOTE: https://github.com/stefanberger/libtpms/commit/aaef222e8682cc2e0f9ea7124220c5fe44fab62b (v0.8.5) + NOTE: https://github.com/stefanberger/libtpms/commit/33a03986e0a09dde439985e0312d1c8fb3743aab (v0.8.5) + NOTE: https://github.com/stefanberger/libtpms/commit/034a5c02488cf7f0048e130177fc71c9e626e135 (v0.9.0) + NOTE: https://github.com/stefanberger/libtpms/commit/17255da54cf8354d02369f1323dc50cfb87e2bf4 (v0.9.0) +CVE-2021-3745 (flatcore-cms is vulnerable to Unrestricted Upload of File with Dangero ...) + NOT-FOR-US: flatcore-cms +CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()] + RESERVED + - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 + [stretch] - linux <not-affected> (Vulnerability introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000627 + NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4) +CVE-2021-40153 (squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the file ...) + {DSA-4967-1 DLA-2752-1} + [experimental] - squashfs-tools 1:4.5-1 + - squashfs-tools 1:4.5-2 + NOTE: https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790 + NOTE: https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646 (4.5) + NOTE: https://github.com/plougher/squashfs-tools/issues/72 +CVE-2021-40150 + RESERVED +CVE-2021-40149 + RESERVED +CVE-2021-40148 (In Modem EMM, there is a possible information disclosure due to a miss ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-3743 + RESERVED + {DSA-4978-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://lists.openwall.net/netdev/2021/08/17/124 + NOTE: https://git.kernel.org/linus/7e78c597c3ebfd0cb329aa09a838734147e4f117 +CVE-2021-3742 + RESERVED +CVE-2021-3741 + RESERVED +CVE-2021-3740 + RESERVED +CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerabili ...) + NOT-FOR-US: EmTec ZOC +CVE-2021-40146 (A Remote Code Execution (RCE) vulnerability was discovered in the Any2 ...) + NOT-FOR-US: Apache Any23 +CVE-2021-3738 [crash in dsdb stack] + RESERVED + {DSA-5003-1} + - samba 2:4.13.14+dfsg-1 + [buster] - samba <no-dsa> (Minor issue; affects Samba as AD DC) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468 + NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html +CVE-2021-3737 [client can enter an infinite loop on a 100 Continue response from the server] + RESERVED + {DLA-2808-1} + [experimental] - python3.9 3.9.6-1 + - python3.9 3.9.7-1 + [bullseye] - python3.9 <no-dsa> (Minor issue) + - python3.7 <removed> + [buster] - python3.7 <no-dsa> (Minor issue) + - python3.5 <removed> + - python3.4 <removed> + NOTE: https://bugs.python.org/issue44022 + NOTE: https://github.com/python/cpython/pull/25916 + NOTE: https://github.com/python/cpython/pull/26503 + NOTE: https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2) + NOTE: https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6) + NOTE: https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11) + NOTE: https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11) + NOTE: https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14) + NOTE: Needs the "Improve the regression test" followup: + NOTE: https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3) + NOTE: https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6) + NOTE: https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch) + NOTE: https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11) + NOTE: https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14 +CVE-2021-3736 [uninitialized kernel stack may lead to information disclosure] + RESERVED + - linux 5.14.6-1 (unimportant) + [bullseye] - linux <not-affected> (Vulnerable code not present) + [buster] - linux <not-affected> (Vulnerable code not present) + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995570 +CVE-2021-40145 (** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (a ...) + - libgd2 <unfixed> + [bullseye] - libgd2 <no-dsa> (Minor issue) + [buster] - libgd2 <no-dsa> (Minor issue) + [stretch] - libgd2 <no-dsa> (Minor issue) + NOTE: https://github.com/libgd/libgd/issues/700 + NOTE: https://github.com/libgd/libgd/pull/713 + NOTE: https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af +CVE-2021-40144 + RESERVED +CVE-2021-40143 (Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HT ...) + NOT-FOR-US: Sonatype +CVE-2021-40142 (In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, re ...) + NOT-FOR-US: OPC Foundation Local Discovery Server (LDS) +CVE-2021-40141 + RESERVED +CVE-2021-40140 + RESERVED +CVE-2021-40139 + RESERVED +CVE-2021-40138 + RESERVED +CVE-2021-40137 + RESERVED +CVE-2021-40136 + RESERVED +CVE-2021-40135 + RESERVED +CVE-2021-40134 + RESERVED +CVE-2021-40133 + RESERVED +CVE-2021-40132 + RESERVED +CVE-2021-40131 (A vulnerability in the web-based management interface of Cisco Common ...) + NOT-FOR-US: Cisco +CVE-2021-40130 (A vulnerability in the web application of Cisco Common Services Platfo ...) + NOT-FOR-US: Cisco +CVE-2021-40129 (A vulnerability in the configuration dashboard of Cisco Common Service ...) + NOT-FOR-US: Cisco +CVE-2021-40128 (A vulnerability in the account activation feature of Cisco Webex Meeti ...) + NOT-FOR-US: Cisco +CVE-2021-40127 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2021-40126 (A vulnerability in the web-based dashboard of Cisco Umbrella could all ...) + NOT-FOR-US: Cisco +CVE-2021-40125 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...) + NOT-FOR-US: Cisco +CVE-2021-40124 (A vulnerability in the Network Access Manager (NAM) module of Cisco An ...) + NOT-FOR-US: Cisco +CVE-2021-40123 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2021-40122 (A vulnerability in an API of the Call Bridge feature of Cisco Meeting ...) + NOT-FOR-US: Cisco +CVE-2021-40121 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-40120 (A vulnerability in the web-based management interface of certain Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-40119 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-40118 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) + NOT-FOR-US: Cisco +CVE-2021-40117 (A vulnerability in SSL/TLS message handler for Cisco Adaptive Security ...) + NOT-FOR-US: Cisco +CVE-2021-40116 (Multiple Cisco products are affected by a vulnerability in Snort rules ...) + NOT-FOR-US: Cisco +CVE-2021-40115 (A vulnerability in Cisco Webex Video Mesh could allow an unauthenticat ...) + NOT-FOR-US: Cisco +CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the way the ...) + NOT-FOR-US: Cisco +CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface of the ...) + NOT-FOR-US: Cisco +CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface of the ...) + NOT-FOR-US: Cisco +CVE-2021-40111 (In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we ...) + NOT-FOR-US: Apache James +CVE-2021-40110 (In Apache James, using Jazzer fuzzer, we identified that an IMAP user ...) + NOT-FOR-US: Apache James +CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can a ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40108 (An issue was discovered in Concrete CMS through 8.5.5. The Calendar is ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40107 + RESERVED +CVE-2021-40106 (An issue was discovered in Concrete CMS through 8.5.5. There is unauth ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40105 (An issue was discovered in Concrete CMS through 8.5.5. There is XSS vi ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40104 (An issue was discovered in Concrete CMS through 8.5.5. There is an SVG ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40103 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40102 (An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40101 (An issue was discovered in Concrete CMS before 8.5.7. The Dashboard al ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40100 (An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40099 (An issue was discovered in Concrete CMS through 8.5.5. Fetching the up ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40098 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40097 (An issue was discovered in Concrete CMS through 8.5.5. Authenticated p ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40096 (A cross-site scripting (XSS) vulnerability in integration configuratio ...) + NOT-FOR-US: SquaredUp for SCOM +CVE-2021-40095 (An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download ...) + NOT-FOR-US: SquaredUp for SCOM +CVE-2021-40094 (A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. I ...) + NOT-FOR-US: SquaredUp for SCOM +CVE-2021-40093 (A cross-site scripting (XSS) vulnerability in integration configuratio ...) + NOT-FOR-US: SquaredUp for SCOM +CVE-2021-40092 (A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp ...) + NOT-FOR-US: SquaredUp for SCOM +CVE-2021-40091 (An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. ...) + NOT-FOR-US: SquaredUp for SCOM +CVE-2021-40090 + RESERVED +CVE-2021-40089 (An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Pu ...) + NOT-FOR-US: PrimeKey +CVE-2021-40088 (An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode ca ...) + NOT-FOR-US: PrimeKey +CVE-2021-40087 (An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit log ...) + NOT-FOR-US: PrimeKey +CVE-2021-40086 (An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the ...) + NOT-FOR-US: PrimeKey +CVE-2021-40085 (An issue was discovered in OpenStack Neutron before 16.4.1, 17.x befor ...) + {DSA-4983-1 DLA-2781-1} + - neutron 2:18.1.0-3 (bug #993398) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/31/2 + NOTE: https://launchpad.net/bugs/1939733 +CVE-2021-40082 + RESERVED +CVE-2021-40081 + RESERVED +CVE-2021-3739 + RESERVED + {DSA-4978-1} + - linux 5.14.6-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/25/3 +CVE-2021-3735 [ahci: deadlock issue leads to denial of service] + RESERVED + - qemu <unfixed> + [bullseye] - qemu <no-dsa> (Minor issue) + [buster] - qemu <no-dsa> (Minor issue) + [stretch] - qemu <postponed> (Fix along with a future DLA) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184 + NOTE: No upstream patch as of 2022-01-28 +CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure, triggerab ...) + [experimental] - knot-resolver 5.4.1-1 + - knot-resolver 5.4.1-2 (bug #991463) + [bullseye] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release) + [buster] - knot-resolver <not-affected> (Vulnerable code introduced later) + NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169 + NOTE: Introduced by https://gitlab.nic.cz/knot/knot-resolver/-/commit/7107faebc72c14c864622128a20a9b39fe94d733 (5.3.1) +CVE-2021-3734 (yourls is vulnerable to Improper Restriction of Rendered UI Layers or ...) + NOT-FOR-US: yourls +CVE-2021-40080 + RESERVED +CVE-2021-40079 + RESERVED +CVE-2021-40078 + RESERVED +CVE-2021-40077 + RESERVED +CVE-2021-40076 + RESERVED +CVE-2021-40075 + RESERVED +CVE-2021-40074 + RESERVED +CVE-2021-40073 + RESERVED +CVE-2021-40072 + RESERVED +CVE-2021-40071 + RESERVED +CVE-2021-40070 + RESERVED +CVE-2021-40069 + RESERVED +CVE-2021-40068 + RESERVED +CVE-2021-40067 (The access controls on the Mobility read-write API improperly validate ...) + NOT-FOR-US: Mobility +CVE-2021-40066 (The access controls on the Mobility read-only API improperly validate ...) + NOT-FOR-US: Mobility +CVE-2021-40065 + RESERVED +CVE-2021-40064 + RESERVED +CVE-2021-40063 + RESERVED +CVE-2021-40062 + RESERVED +CVE-2021-40061 + RESERVED +CVE-2021-40060 + RESERVED +CVE-2021-40059 + RESERVED +CVE-2021-40058 + RESERVED +CVE-2021-40057 + RESERVED +CVE-2021-40056 + RESERVED +CVE-2021-40055 + RESERVED +CVE-2021-40054 + RESERVED +CVE-2021-40053 + RESERVED +CVE-2021-40052 + RESERVED +CVE-2021-40051 + RESERVED +CVE-2021-40050 + RESERVED +CVE-2021-40049 + RESERVED +CVE-2021-40048 + RESERVED +CVE-2021-40047 + RESERVED +CVE-2021-40046 + RESERVED +CVE-2021-40045 (There is a vulnerability of signature verification mechanism failure i ...) + NOT-FOR-US: Huawei +CVE-2021-40044 (There is a permission verification vulnerability in the Bluetooth modu ...) + NOT-FOR-US: Huawei +CVE-2021-40043 + RESERVED +CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huawei pro ...) + NOT-FOR-US: Huawei +CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...) + NOT-FOR-US: Huawei +CVE-2021-40040 + RESERVED +CVE-2021-40039 (There is a Null pointer dereference vulnerability in the camera module ...) + NOT-FOR-US: Huawei +CVE-2021-40038 (There is a Double free vulnerability in the AOD module in smartphones. ...) + NOT-FOR-US: Huawei +CVE-2021-40037 (There is a Vulnerability of accessing resources using an incompatible ...) + NOT-FOR-US: Huawei +CVE-2021-40036 + RESERVED +CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error with ...) + NOT-FOR-US: Huawei +CVE-2021-40034 + RESERVED +CVE-2021-40033 (There is an information exposure vulnerability on several Huawei Produ ...) + NOT-FOR-US: Huawei +CVE-2021-40032 (The bone voice ID TA has a vulnerability in information management,Suc ...) + NOT-FOR-US: Huawei +CVE-2021-40031 (There is a Null pointer dereference vulnerability in the camera module ...) + NOT-FOR-US: Huawei +CVE-2021-40030 + RESERVED +CVE-2021-40029 (There is a Buffer overflow vulnerability due to a boundary error with ...) + NOT-FOR-US: Huawei +CVE-2021-40028 (The eID module has an out-of-bounds memory write vulnerability,Success ...) + NOT-FOR-US: Huawei +CVE-2021-40027 (The bone voice ID TA has a vulnerability in calculating the buffer len ...) + NOT-FOR-US: Huawei +CVE-2021-40026 (There is a Heap-based buffer overflow vulnerability in the AOD module ...) + NOT-FOR-US: Huawei +CVE-2021-40025 (The eID module has a vulnerability that causes the memory to be used w ...) + NOT-FOR-US: Huawei +CVE-2021-40024 + RESERVED +CVE-2021-40023 + RESERVED +CVE-2021-40022 (The weaver module has a vulnerability in parameter type verification,S ...) + NOT-FOR-US: Huawei +CVE-2021-40021 (The eID module has an out-of-bounds memory write vulnerability,Success ...) + NOT-FOR-US: Huawei +CVE-2021-40020 (There is an Out-of-bounds array read vulnerability in the security sto ...) + NOT-FOR-US: Huawei +CVE-2021-40019 + RESERVED +CVE-2021-40018 (The eID module has a null pointer reference vulnerability. Successful ...) + NOT-FOR-US: Huawei +CVE-2021-40017 + RESERVED +CVE-2021-40016 + RESERVED +CVE-2021-40015 (There is a race condition vulnerability in the binder driver subsystem ...) + NOT-FOR-US: Huawei +CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...) + NOT-FOR-US: Huawei +CVE-2021-40013 + RESERVED +CVE-2021-40012 + RESERVED +CVE-2021-40011 (There is an Uncontrolled resource consumption vulnerability in the dis ...) + NOT-FOR-US: Huawei +CVE-2021-40010 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...) + NOT-FOR-US: Huawei +CVE-2021-40009 (There is an Out-of-bounds write vulnerability in the AOD module in sma ...) + NOT-FOR-US: Huawei +CVE-2021-40008 (There is a memory leak vulnerability in CloudEngine 12800 V200R019C00S ...) + NOT-FOR-US: Huawei +CVE-2021-40007 (There is an information leak vulnerability in eCNS280_TD V100R005C10SP ...) + NOT-FOR-US: Huawei +CVE-2021-40006 (The fingerprint module has a security risk of brute force cracking. Su ...) + NOT-FOR-US: Huawei +CVE-2021-40005 (The distributed data service component has a vulnerability in data acc ...) + NOT-FOR-US: Huawei +CVE-2021-40004 (The cellular module has a vulnerability in permission management. Succ ...) + NOT-FOR-US: Huawei +CVE-2021-40003 (HwPCAssistant has a path traversal vulnerability. Successful exploitat ...) + NOT-FOR-US: Huawei +CVE-2021-40002 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...) + NOT-FOR-US: Huawei +CVE-2021-40001 (The CaasKit module has a path traversal vulnerability. Successful expl ...) + NOT-FOR-US: Huawei +CVE-2021-40000 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...) + NOT-FOR-US: Huawei +CVE-2021-39999 + RESERVED +CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for multiple ...) + NOT-FOR-US: Huawei +CVE-2021-39997 (There is a vulnerability of unstrict input parameter verification in t ...) + NOT-FOR-US: Huawei +CVE-2021-39996 (There is a Heap-based buffer overflow vulnerability with the NFC modul ...) + NOT-FOR-US: Huawei +CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...) + NOT-FOR-US: Huawei +CVE-2021-39994 (There is an arbitrary address access vulnerability with the product li ...) + NOT-FOR-US: Huawei +CVE-2021-39993 (There is an Integer overflow vulnerability with ACPU in smartphones. S ...) + NOT-FOR-US: Huawei +CVE-2021-39992 (There is an improper security permission configuration vulnerability o ...) + NOT-FOR-US: Huawei +CVE-2021-39991 (There is an unauthorized rewriting vulnerability with the memory acces ...) + NOT-FOR-US: Huawei +CVE-2021-39990 (The screen lock module has a Stack-based Buffer Overflow vulnerability ...) + NOT-FOR-US: Huawei +CVE-2021-39989 (The HwNearbyMain module has a Exposure of Sensitive Information to an ...) + NOT-FOR-US: Huawei +CVE-2021-39988 (The HwNearbyMain module has a NULL Pointer Dereference vulnerability.S ...) + NOT-FOR-US: Huawei +CVE-2021-39987 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...) + NOT-FOR-US: Huawei +CVE-2021-39986 (There is an unauthorized rewriting vulnerability with the memory acces ...) + NOT-FOR-US: Huawei +CVE-2021-39985 (The HwNearbyMain module has a Improper Validation of Array Index vulne ...) + NOT-FOR-US: Huawei +CVE-2021-39984 (Huawei idap module has a Out-of-bounds Read vulnerability.Successful e ...) + NOT-FOR-US: Huawei +CVE-2021-39983 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...) + NOT-FOR-US: Huawei +CVE-2021-39982 (Phone Manager application has a Improper Privilege Management vulnerab ...) + NOT-FOR-US: Huawei +CVE-2021-39981 (Chang Lian application has a vulnerability which can be maliciously ex ...) + NOT-FOR-US: Huawei +CVE-2021-39980 (Telephony application has a Exposure of Sensitive Information to an Un ...) + NOT-FOR-US: Huawei +CVE-2021-39979 (HHEE system has a Code Injection vulnerability.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2021-39978 (Telephony application has a SQL Injection vulnerability.Successful exp ...) + NOT-FOR-US: Huawei +CVE-2021-39977 (The HwNearbyMain module has a NULL Pointer Dereference vulnerability.S ...) + NOT-FOR-US: Huawei +CVE-2021-39976 (There is a privilege escalation vulnerability in CloudEngine 5800 V200 ...) + NOT-FOR-US: Huawei +CVE-2021-39975 (Hilinksvc has a Data Processing Errors vulnerability.Successful exploi ...) + NOT-FOR-US: Huawei +CVE-2021-39974 (There is an Out-of-bounds read in Smartphones.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2021-39973 (There is a Null pointer dereference in Smartphones.Successful exploita ...) + NOT-FOR-US: Huawei +CVE-2021-39972 (MyHuawei-App has a Exposure of Sensitive Information to an Unauthorize ...) + NOT-FOR-US: Huawei +CVE-2021-39971 (Password vault has a External Control of System or Configuration Setti ...) + NOT-FOR-US: Huawei +CVE-2021-39970 (HwPCAssistant has a Improper Input Validation vulnerability.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-39969 (There is an Unauthorized file access vulnerability in Smartphones.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-39968 (Changlian Blocklist has a Business Logic Errors vulnerability .Success ...) + NOT-FOR-US: Huawei +CVE-2021-39967 (There is a Vulnerability of obtaining broadcast information improperly ...) + NOT-FOR-US: Huawei +CVE-2021-39966 (There is an Uninitialized AOD driver structure in Smartphones.Successf ...) + NOT-FOR-US: Huawei +CVE-2021-39965 + RESERVED +CVE-2021-39964 + RESERVED +CVE-2021-39963 + RESERVED +CVE-2021-39962 + RESERVED +CVE-2021-39961 + RESERVED +CVE-2021-39960 + RESERVED +CVE-2021-39959 + RESERVED +CVE-2021-39958 + RESERVED +CVE-2021-39957 + RESERVED +CVE-2021-39956 + RESERVED +CVE-2021-39955 + RESERVED +CVE-2021-39954 + RESERVED +CVE-2021-39953 + RESERVED +CVE-2021-39952 + RESERVED +CVE-2021-39951 + RESERVED +CVE-2021-39950 + RESERVED +CVE-2021-39949 + RESERVED +CVE-2021-39948 + RESERVED +CVE-2021-39947 + RESERVED +CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...) + - gitlab <unfixed> +CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...) + - gitlab <unfixed> +CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-39943 (An authorization logic error in the External Status Check API in GitLa ...) + - gitlab <unfixed> + TODO: reach out for details +CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...) + - gitlab <unfixed> +CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...) + - gitlab <unfixed> +CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab Runner af ...) + - gitlab-ci-multi-runner <not-affected> (Vulnerable code introduced later) + NOTE: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630 + NOTE: https://about.gitlab.com/releases/2021/12/10/security-release-gitlab-runner-14-5-2-released/ +CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since version ...) + - gitlab <unfixed> +CVE-2021-39937 (A collision in access memoization logic in all versions of GitLab CE/E ...) + - gitlab <unfixed> +CVE-2021-39936 (Improper access control in GitLab CE/EE affecting all versions startin ...) + - gitlab <unfixed> +CVE-2021-39935 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-39934 (Improper access control allows any project member to retrieve the serv ...) + - gitlab <unfixed> +CVE-2021-39933 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-39932 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-39931 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-39930 (Missing authorization in GitLab EE versions between 12.4 and 14.3.6, b ...) + - gitlab <unfixed> +CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4 ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark <no-dsa> (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17651 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-07.html +CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark <no-dsa> (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html +CVE-2021-39927 (Server side request forgery protections in GitLab CE/EE versions betwe ...) + - gitlab <unfixed> +CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...) + {DSA-5019-1} + - wireshark 3.6.0-1 + [buster] - wireshark <not-affected> (Vulnerable code not present) + [stretch] - wireshark <not-affected> (Vulnerable code not present) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17649 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-08.html +CVE-2021-39925 (Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3 ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark 2.6.20-0+deb10u2 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17635 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-09.html +CVE-2021-39924 (Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark <no-dsa> (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17677 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-10.html +CVE-2021-39923 (Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark <no-dsa> (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17684 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-11.html +CVE-2021-39922 (Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 an ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark <no-dsa> (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17636 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-12.html +CVE-2021-39921 (NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3 ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark <no-dsa> (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17703 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-14.html +CVE-2021-39920 (NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3 ...) + {DSA-5019-1} + - wireshark 3.6.0-1 + [buster] - wireshark <not-affected> (IPPUSB dissector added in 3.4) + [stretch] - wireshark <not-affected> (IPPUSB dissector added in 3.4) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-15.html +CVE-2021-39919 (In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, a ...) + - gitlab <unfixed> +CVE-2021-39918 (Incorrect Authorization in GitLab EE affecting all versions starting f ...) + - gitlab <unfixed> +CVE-2021-39917 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-39916 (Lack of an access control check in the External Status Check feature a ...) + - gitlab <unfixed> +CVE-2021-39915 (Improper access control in the GraphQL API in GitLab CE/EE affecting a ...) + - gitlab <unfixed> +CVE-2021-39914 (A regular expression denial of service issue in GitLab versions 8.13 t ...) + - gitlab <unfixed> +CVE-2021-39913 (Accidental logging of system root password in the migration log in all ...) + - gitlab <unfixed> +CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE starting ...) + - gitlab <unfixed> +CVE-2021-39911 (An improper access control flaw in GitLab CE/EE since version 13.9 exp ...) + - gitlab <unfixed> +CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...) + - gitlab <not-affected> (Specific to EE) +CVE-2021-39908 + RESERVED +CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...) + - gitlab <unfixed> +CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 13.5 and ab ...) + - gitlab <unfixed> +CVE-2021-39905 (An information disclosure vulnerability in the GitLab CE/EE API since ...) + - gitlab <unfixed> +CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in GitLab ...) + - gitlab <unfixed> +CVE-2021-39903 (In all versions of GitLab CE/EE since version 13.0, a privileged user, ...) + - gitlab <unfixed> +CVE-2021-39902 (Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user wi ...) + - gitlab <unfixed> +CVE-2021-39901 (In all versions of GitLab CE/EE since version 11.10, an admin of a gro ...) + - gitlab <unfixed> +CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with 10.8 all ...) + - gitlab <unfixed> +CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical access to a ...) + - gitlab <unfixed> +CVE-2021-39898 (In all versions of GitLab CE/EE since version 10.6, a project export l ...) + - gitlab <unfixed> +CVE-2021-39897 (Improper access control in GitLab CE/EE version 10.5 and above allowed ...) + - gitlab <unfixed> +CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin uses ...) + - gitlab <unfixed> +CVE-2021-39895 (In all versions of GitLab CE/EE since version 8.0, an attacker can set ...) + - gitlab <unfixed> +CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vul ...) + - gitlab <unfixed> +CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...) + - gitlab <unfixed> +CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...) + [experimental] - gitlab 14.6.4+ds1-1 + - gitlab <unfixed> + NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/28440 +CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...) + - gitlab <unfixed> +CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...) + - gitlab <unfixed> +CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...) + - gitlab <not-affected> (Specific to Enterprise Edition) +CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific API endpo ...) + - gitlab <not-affected> (Specific to Enterprise Edition) +CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab Flavored Mar ...) + - gitlab <unfixed> +CVE-2021-39886 (Permissions rules were not applied while issues were moved between pro ...) + - gitlab <unfixed> +CVE-2021-39885 (A Stored XSS in merge request creation page in Gitlab EE version 13.5 ...) + - gitlab <not-affected> (Specific to Enterprise Edition) +CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint discloses ...) + - gitlab <not-affected> (Specific to Enterprise Edition) +CVE-2021-39883 (Improper authorization checks in GitLab EE > 13.11 allows subgroup ...) + - gitlab <not-affected> (Specific to Enterprise Edition) +CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous users c ...) + - gitlab <unfixed> +CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the application may ...) + - gitlab <unfixed> +CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...) + - gitlab <unfixed> + - ruby-apollo-upload-server <unfixed> + TODO: reach out for details +CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...) + - gitlab <unfixed> +CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jira inte ...) + - gitlab <unfixed> +CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...) + - gitlab <unfixed> +CVE-2021-39876 + RESERVED +CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to ...) + - gitlab <unfixed> +CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...) + - gitlab <unfixed> +CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content spoofing vulne ...) + - gitlab <unfixed> +CVE-2021-39872 (In all versions of GitLab CE/EE since version 14.1, an improper access ...) + - gitlab <unfixed> +CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an instance that h ...) + - gitlab <unfixed> +CVE-2021-39870 (In all versions of GitLab CE/EE since version 11.11, an instance that ...) + - gitlab <unfixed> +CVE-2021-39869 (In all versions of GitLab CE/EE since version 8.9, project exports may ...) + - gitlab <unfixed> +CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an authenticated l ...) + - gitlab <unfixed> +CVE-2021-39867 (In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vu ...) + - gitlab <unfixed> +CVE-2021-39866 (A business logic error in the project deletion process in GitLab 13.6 ...) + - gitlab <unfixed> +CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2021-39863 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39862 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39861 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39860 (Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 ( ...) + NOT-FOR-US: Adobe +CVE-2021-39859 + RESERVED +CVE-2021-39858 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39857 (Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005 ...) + NOT-FOR-US: Adobe +CVE-2021-39856 (Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2021-39855 (Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2021-39854 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39853 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39852 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39851 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39850 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39849 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39848 + RESERVED +CVE-2021-39847 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-ba ...) + NOT-FOR-US: Adobe +CVE-2021-39846 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39845 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39844 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39843 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39842 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39841 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39840 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39839 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39838 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39837 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39836 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39835 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39834 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39833 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39832 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39831 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39830 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39829 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39828 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a p ...) + NOT-FOR-US: Adobe +CVE-2021-39827 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...) + NOT-FOR-US: Adobe +CVE-2021-39826 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...) + NOT-FOR-US: Adobe +CVE-2021-39825 (Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and e ...) + NOT-FOR-US: Adobe +CVE-2021-39824 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) + NOT-FOR-US: Adobe +CVE-2021-39823 (Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and e ...) + NOT-FOR-US: Adobe +CVE-2021-39822 + RESERVED +CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2021-39820 + RESERVED +CVE-2021-39819 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-39818 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-39817 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-39816 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-39815 + RESERVED +CVE-2021-39814 + RESERVED +CVE-2021-39813 + RESERVED +CVE-2021-39812 + RESERVED +CVE-2021-39811 + RESERVED +CVE-2021-39810 + RESERVED +CVE-2021-39809 + RESERVED +CVE-2021-39808 + RESERVED +CVE-2021-39807 + RESERVED +CVE-2021-39806 + RESERVED +CVE-2021-39805 + RESERVED +CVE-2021-39804 + RESERVED +CVE-2021-39803 + RESERVED +CVE-2021-39802 + RESERVED +CVE-2021-39801 + RESERVED +CVE-2021-39800 + RESERVED +CVE-2021-39799 + RESERVED +CVE-2021-39798 + RESERVED +CVE-2021-39797 + RESERVED +CVE-2021-39796 + RESERVED +CVE-2021-39795 + RESERVED +CVE-2021-39794 + RESERVED +CVE-2021-39793 + RESERVED +CVE-2021-39792 + RESERVED +CVE-2021-39791 + RESERVED +CVE-2021-39790 + RESERVED +CVE-2021-39789 + RESERVED +CVE-2021-39788 + RESERVED +CVE-2021-39787 + RESERVED +CVE-2021-39786 + RESERVED +CVE-2021-39785 + RESERVED +CVE-2021-39784 + RESERVED +CVE-2021-39783 + RESERVED +CVE-2021-39782 + RESERVED +CVE-2021-39781 + RESERVED +CVE-2021-39780 + RESERVED +CVE-2021-39779 + RESERVED +CVE-2021-39778 + RESERVED +CVE-2021-39777 + RESERVED +CVE-2021-39776 + RESERVED +CVE-2021-39775 + RESERVED +CVE-2021-39774 + RESERVED +CVE-2021-39773 + RESERVED +CVE-2021-39772 + RESERVED +CVE-2021-39771 + RESERVED +CVE-2021-39770 + RESERVED +CVE-2021-39769 + RESERVED +CVE-2021-39768 + RESERVED +CVE-2021-39767 + RESERVED +CVE-2021-39766 + RESERVED +CVE-2021-39765 + RESERVED +CVE-2021-39764 + RESERVED +CVE-2021-39763 + RESERVED +CVE-2021-39762 + RESERVED +CVE-2021-39761 + RESERVED +CVE-2021-39760 + RESERVED +CVE-2021-39759 + RESERVED +CVE-2021-39758 + RESERVED +CVE-2021-39757 + RESERVED +CVE-2021-39756 + RESERVED +CVE-2021-39755 + RESERVED +CVE-2021-39754 + RESERVED +CVE-2021-39753 + RESERVED +CVE-2021-39752 + RESERVED +CVE-2021-39751 + RESERVED +CVE-2021-39750 + RESERVED +CVE-2021-39749 + RESERVED +CVE-2021-39748 + RESERVED +CVE-2021-39747 + RESERVED +CVE-2021-39746 + RESERVED +CVE-2021-39745 + RESERVED +CVE-2021-39744 + RESERVED +CVE-2021-39743 + RESERVED +CVE-2021-39742 + RESERVED +CVE-2021-39741 + RESERVED +CVE-2021-39740 + RESERVED +CVE-2021-39739 + RESERVED +CVE-2021-39738 + RESERVED +CVE-2021-39737 + RESERVED +CVE-2021-39736 + RESERVED +CVE-2021-39735 + RESERVED +CVE-2021-39734 + RESERVED +CVE-2021-39733 + RESERVED +CVE-2021-39732 + RESERVED +CVE-2021-39731 + RESERVED +CVE-2021-39730 + RESERVED +CVE-2021-39729 + RESERVED +CVE-2021-39728 + RESERVED +CVE-2021-39727 + RESERVED +CVE-2021-39726 + RESERVED +CVE-2021-39725 + RESERVED +CVE-2021-39724 + RESERVED +CVE-2021-39723 + RESERVED +CVE-2021-39722 + RESERVED +CVE-2021-39721 + RESERVED +CVE-2021-39720 + RESERVED +CVE-2021-39719 + RESERVED +CVE-2021-39718 + RESERVED +CVE-2021-39717 + RESERVED +CVE-2021-39716 + RESERVED +CVE-2021-39715 + RESERVED +CVE-2021-39714 + RESERVED +CVE-2021-39713 + RESERVED +CVE-2021-39712 + RESERVED +CVE-2021-39711 + RESERVED +CVE-2021-39710 + RESERVED +CVE-2021-39709 + RESERVED +CVE-2021-39708 + RESERVED +CVE-2021-39707 + RESERVED +CVE-2021-39706 + RESERVED +CVE-2021-39705 + RESERVED +CVE-2021-39704 + RESERVED +CVE-2021-39703 + RESERVED +CVE-2021-39702 + RESERVED +CVE-2021-39701 + RESERVED +CVE-2021-39700 + RESERVED +CVE-2021-39699 + RESERVED +CVE-2021-39698 + RESERVED +CVE-2021-39697 + RESERVED +CVE-2021-39696 + RESERVED +CVE-2021-39695 + RESERVED +CVE-2021-39694 + RESERVED +CVE-2021-39693 + RESERVED +CVE-2021-39692 + RESERVED +CVE-2021-39691 + RESERVED +CVE-2021-39690 + RESERVED +CVE-2021-39689 + RESERVED +CVE-2021-39688 (In TBD of TBD, there is a possible out of bounds read due to TBD. This ...) + NOT-FOR-US: Pixel +CVE-2021-39687 (In HandleTransactionIoEvent of actuator_driver.cc, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-39686 + RESERVED +CVE-2021-39685 + RESERVED + {DSA-5050-1} + - linux 5.15.5-2 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4 +CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a possibl ...) + NOT-FOR-US: Pixel +CVE-2021-39683 (In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds ...) + NOT-FOR-US: Pixel +CVE-2021-39682 (In mgm_alloc_page of memory_group_manager.c, there is a possible out o ...) + NOT-FOR-US: Pixel +CVE-2021-39681 (In delete_protocol of main.c, there is a possible arbitrary code execu ...) + NOT-FOR-US: Pixel +CVE-2021-39680 (In sec_SHA256_Transform of sha256_core.c, there is a possible way to r ...) + NOT-FOR-US: Pixel +CVE-2021-39679 (In init of vendor_graphicbuffer_meta.cpp, there is a possible use afte ...) + NOT-FOR-US: Pixel +CVE-2021-39678 (In <TBD> of <TBD>, there is a possible bypass of Factory R ...) + NOT-FOR-US: Pixel +CVE-2021-39677 (In startVideoStream() there is a possibility of an OOB Read in the hea ...) + NOT-FOR-US: Android +CVE-2021-39676 (In writeThrowable of AndroidFuture.java, there is a possible parcel se ...) + NOT-FOR-US: Android +CVE-2021-39675 (In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds writ ...) + NOT-FOR-US: Android +CVE-2021-39674 (In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , the ...) + NOT-FOR-US: Android +CVE-2021-39673 + RESERVED +CVE-2021-39672 (In fastboot, there is a possible secure boot bypass due to a configura ...) + NOT-FOR-US: Android +CVE-2021-39671 (In code generated by aidl_const_expressions.cpp, there is a possible o ...) + NOT-FOR-US: Android +CVE-2021-39670 + RESERVED +CVE-2021-39669 (In onCreate of InstallCaCertificateWarning.java, there is a possible w ...) + NOT-FOR-US: Android +CVE-2021-39668 (In onActivityViewReady of DetailDialog.kt, there is a possible Intent ...) + NOT-FOR-US: Android +CVE-2021-39667 + RESERVED +CVE-2021-39666 (In extract of MediaMetricsItem.h, there is a possible out of bounds re ...) + NOT-FOR-US: Android +CVE-2021-39665 (In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2021-39664 (In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2021-39663 (In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, ther ...) + NOT-FOR-US: Android +CVE-2021-39662 (In checkUriPermission of MediaProvider.java , there is a possible way ...) + NOT-FOR-US: Android +CVE-2021-39661 + RESERVED +CVE-2021-39660 + RESERVED +CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ...) + NOT-FOR-US: Android +CVE-2021-39658 (ismsEx service is a vendor service in unisoc equipment。ismsEx s ...) + NOT-FOR-US: Android +CVE-2021-39657 (In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out ...) + - linux 5.10.12-1 + [buster] - linux 4.19.171-1 + [stretch] - linux 4.9.258-1 + NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01 + NOTE: https://git.kernel.org/linus/35fc4cd34426c242ab015ef280853b7bff101f48 (5.11-rc4) +CVE-2021-39656 (In __configfs_open_file of file.c, there is a possible use-after-free ...) + - linux 5.10.24-1 + [buster] - linux 4.19.181-1 + [stretch] - linux 4.9.272-1 + NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01 + NOTE: https://git.kernel.org/linus/14fbbc8297728e880070f7b077b3301a8c698ef9 (5.12-rc3) +CVE-2021-39655 (Product: AndroidVersions: Android kernelAndroid ID: A-192641593Referen ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39654 + RESERVED +CVE-2021-39653 (In (TBD) of (TBD), there is a possible way to boot with a hidden debug ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39652 (In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds wri ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39651 (In TBD of TBD, there is a possible way to access PIN protected setting ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39650 (In (TBD) of (TBD), there is a possible out of bounds write due to a mi ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39649 (In regmap_exit of regmap.c, there is a possible use-after-free due to ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39648 (In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclos ...) + - linux 5.10.9-1 + [buster] - linux 4.19.171-1 + [stretch] - linux 4.9.258-1 + NOTE: https://git.kernel.org/linus/64e6bbfff52db4bf6785fab9cffab850b2de6870 + NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01 +CVE-2021-39647 (In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_ ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39646 (Product: AndroidVersions: Android kernelAndroid ID: A-201537251Referen ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39645 (Product: AndroidVersions: Android kernelAndroid ID: A-199805112Referen ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39644 (Product: AndroidVersions: Android kernelAndroid ID: A-199809304Referen ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39643 (In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39642 (In synchronous_process_io_entries of lwis_ioctl.c, there is a possible ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39641 (Product: AndroidVersions: Android kernelAndroid ID: A-126949257Referen ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39640 (In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39639 (In TBD of fvp.c, there is a possible way to glitch CPU behavior due to ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39638 (In periodic_io_work_func of lwis_periodic_io.c, there is a possible ou ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39637 (In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there i ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39636 (In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possib ...) + - linux 4.16.5-1 + NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01 +CVE-2021-39635 (ims_ex is a vendor system service used to manage VoLTE in unisoc devic ...) + NOT-FOR-US: Android +CVE-2021-39634 (In fs/eventpoll.c, there is a possible use after free. This could lead ...) + - linux 5.8.14-1 + [buster] - linux 4.19.152-1 + [stretch] - linux 4.9.240-1 + NOTE: https://source.android.com/security/bulletin/2022-01-01 + NOTE: https://git.kernel.org/linus/f8d4f44df056c5b504b0d49683fb7279218fd207 (5.9-rc8) +CVE-2021-39633 (In gre_handle_offloads of ip_gre.c, there is a possible page fault due ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + [stretch] - linux 4.9.290-1 + NOTE: https://source.android.com/security/bulletin/2022-01-01 + NOTE: https://git.kernel.org/linus/1d011c4803c72f3907eccfc1ec63caefb852fcbf (5.14) +CVE-2021-39632 (In inotify_cb of events.cpp, there is a possible out of bounds write d ...) + NOT-FOR-US: Android +CVE-2021-39631 (In clear_data_dlg_text of strings.xml, there is a possible situation w ...) + NOT-FOR-US: Android +CVE-2021-39630 (In executeRequest of OverlayManagerService.java, there is a possible w ...) + NOT-FOR-US: Android +CVE-2021-39629 (In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-39628 (In StatusBar.java, there is a possible disclosure of notification cont ...) + NOT-FOR-US: Android +CVE-2021-39627 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...) + NOT-FOR-US: Android +CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-39625 (In showCarrierAppInstallationNotification of EuiccNotificationManager. ...) + NOT-FOR-US: Android +CVE-2021-39624 + RESERVED +CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...) + NOT-FOR-US: Android +CVE-2021-39622 (In GBoard, there is a possible way to bypass Factory Reset Protection ...) + NOT-FOR-US: Android +CVE-2021-39621 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...) + NOT-FOR-US: Android +CVE-2021-39620 (In ipcSetDataReference of Parcel.cpp, there is a possible way to corru ...) + NOT-FOR-US: Android +CVE-2021-39619 (In updatePackageMappingsData of UsageStatsService.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-39617 + RESERVED +CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 ...) + NOT-FOR-US: Android +CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs] + RESERVED + {DLA-2808-1} + - python3.9 3.9.7-1 + [bullseye] - python3.9 <no-dsa> (Minor issue) + - python3.7 <removed> + [buster] - python3.7 <no-dsa> (Minor issue) + - python3.5 <removed> + NOTE: https://bugs.python.org/issue43075 + NOTE: https://github.com/python/cpython/pull/24391 + NOTE: https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master) + NOTE: https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5) + NOTE: https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10) + NOTE: https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11) + NOTE: https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14) +CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files] + RESERVED + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249 + NOTE: https://git.kernel.org/linus/427215d85e8d1476da1a86b8d67aceb485eb3631 +CVE-2021-39615 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains ...) + NOT-FOR-US: D-Link +CVE-2021-39614 (D-Link DVX-2000MS contains hard-coded credentials for undocumented use ...) + NOT-FOR-US: D-Link +CVE-2021-39613 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1 ...) + NOT-FOR-US: D-Link +CVE-2021-39612 + RESERVED +CVE-2021-39611 + RESERVED +CVE-2021-39610 + RESERVED +CVE-2021-39609 (Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 v ...) + NOT-FOR-US: FlatCore-CMS +CVE-2021-39608 (Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 ...) + NOT-FOR-US: FlatCore-CMS +CVE-2021-39607 + RESERVED +CVE-2021-39606 + RESERVED +CVE-2021-39605 + RESERVED +CVE-2021-39604 + RESERVED +CVE-2021-39603 + RESERVED +CVE-2021-39602 (A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd fu ...) + NOT-FOR-US: Miniftpd +CVE-2021-39601 + RESERVED +CVE-2021-39600 + RESERVED +CVE-2021-39599 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS ...) + NOT-FOR-US: CXUUCMS +CVE-2021-39598 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/145 +CVE-2021-39597 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/143 +CVE-2021-39596 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/146 +CVE-2021-39595 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/141 +CVE-2021-39594 (Other An issue was discovered in swftools through 20200710. A NULL poi ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/142 +CVE-2021-39593 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/139 +CVE-2021-39592 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/138 +CVE-2021-39591 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/135 +CVE-2021-39590 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/137 +CVE-2021-39589 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/132 +CVE-2021-39588 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/131 +CVE-2021-39587 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/129 +CVE-2021-39586 + RESERVED +CVE-2021-39585 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/133 +CVE-2021-39584 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/130 +CVE-2021-39583 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/136 +CVE-2021-39582 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/122 +CVE-2021-39581 + RESERVED +CVE-2021-39580 + RESERVED +CVE-2021-39579 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/125 +CVE-2021-39578 + RESERVED +CVE-2021-39577 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/121 +CVE-2021-39576 + RESERVED +CVE-2021-39575 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/128 +CVE-2021-39574 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/124 +CVE-2021-39573 + RESERVED +CVE-2021-39572 + RESERVED +CVE-2021-39571 + RESERVED +CVE-2021-39570 + RESERVED +CVE-2021-39569 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/114 +CVE-2021-39568 + RESERVED +CVE-2021-39567 + RESERVED +CVE-2021-39566 + RESERVED +CVE-2021-39565 + RESERVED +CVE-2021-39564 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/116 +CVE-2021-39563 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/115 +CVE-2021-39562 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/98 +CVE-2021-39561 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/102 +CVE-2021-39560 + RESERVED +CVE-2021-39559 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/101 +CVE-2021-39558 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/106 +CVE-2021-39557 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/97 +CVE-2021-39556 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/105 +CVE-2021-39555 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/99 +CVE-2021-39554 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/100 +CVE-2021-39553 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools <removed> + [stretch] - swftools <no-dsa> (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/103 +CVE-2021-39552 (An issue was discovered in sela through 20200412. file::WavFile::readF ...) + NOT-FOR-US: sela +CVE-2021-39551 (An issue was discovered in sela through 20200412. file::SelaFile::read ...) + NOT-FOR-US: sela +CVE-2021-39550 (An issue was discovered in sela through 20200412. file::SelaFile::read ...) + NOT-FOR-US: sela +CVE-2021-39549 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) + NOT-FOR-US: sela +CVE-2021-39548 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) + NOT-FOR-US: sela +CVE-2021-39547 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) + NOT-FOR-US: sela +CVE-2021-39546 (An issue was discovered in sela through 20200412. rice::RiceDecoder::p ...) + NOT-FOR-US: sela +CVE-2021-39545 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) + NOT-FOR-US: sela +CVE-2021-39544 (An issue was discovered in sela through 20200412. file::WavFile::write ...) + NOT-FOR-US: sela +CVE-2021-39543 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) + NOT-FOR-US: pdftools +CVE-2021-39542 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) + NOT-FOR-US: pdftools +CVE-2021-39541 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) + NOT-FOR-US: pdftools +CVE-2021-39540 (An issue was discovered in pdftools through 20200714. A stack-buffer-o ...) + NOT-FOR-US: pdftools +CVE-2021-39539 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) + NOT-FOR-US: pdftools +CVE-2021-39538 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) + NOT-FOR-US: pdftools +CVE-2021-39537 (An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in ca ...) + - ncurses <unfixed> (unimportant) + NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html + NOTE: Negligible security impact +CVE-2021-39536 (An issue was discovered in libxsmm through v1.16.1-93. The JIT code ha ...) + - libxsmm <unfixed> (bug #996098) + NOTE: https://github.com/hfp/libxsmm/issues/402 + NOTE: https://github.com/hfp/libxsmm/commit/d6984918886d4bd6be241ff3e6af799f4aba3375 + NOTE: https://github.com/hfp/libxsmm/commit/c24027d07eef23411a56958e52afad5ee6db6393 +CVE-2021-39535 (An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer ...) + - libxsmm <unfixed> (bug #996098) + NOTE: https://github.com/hfp/libxsmm/issues/398 + NOTE: https://github.com/hfp/libxsmm/commit/d6984918886d4bd6be241ff3e6af799f4aba3375 +CVE-2021-39534 (An issue was discovered in libslax through v0.22.1. slaxIsCommentStart ...) + - libslax <itp> (bug #766210) +CVE-2021-39533 (An issue was discovered in libslax through v0.22.1. slaxLexer() in sla ...) + - libslax <itp> (bug #766210) +CVE-2021-39532 (An issue was discovered in libslax through v0.22.1. A NULL pointer der ...) + - libslax <itp> (bug #766210) +CVE-2021-39531 (An issue was discovered in libslax through v0.22.1. slaxLexer() in sla ...) + - libslax <itp> (bug #766210) +CVE-2021-39530 (An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen ...) + - libredwg <itp> (bug #595191) +CVE-2021-39529 + RESERVED +CVE-2021-39528 (An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MAT ...) + - libredwg <itp> (bug #595191) +CVE-2021-39527 (An issue was discovered in libredwg through v0.10.1.3751. appinfo_priv ...) + - libredwg <itp> (bug #595191) +CVE-2021-39526 + RESERVED +CVE-2021-39525 (An issue was discovered in libredwg through v0.10.1.3751. bit_read_fix ...) + - libredwg <itp> (bug #595191) +CVE-2021-39524 + RESERVED +CVE-2021-39523 (An issue was discovered in libredwg through v0.10.1.3751. A NULL point ...) + - libredwg <itp> (bug #595191) +CVE-2021-39522 (An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len( ...) + - libredwg <itp> (bug #595191) +CVE-2021-39521 (An issue was discovered in libredwg through v0.10.1.3751. A NULL point ...) + - libredwg <itp> (bug #595191) +CVE-2021-39520 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/34 +CVE-2021-39519 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/28 +CVE-2021-39518 (An issue was discovered in libjpeg through 2020021. LineBuffer::FetchR ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/35 +CVE-2021-39517 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/33 +CVE-2021-39516 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/42 +CVE-2021-39515 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/37 +CVE-2021-39514 (An issue was discovered in libjpeg through 2020021. An uncaught floati ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/36 +CVE-2021-39513 + RESERVED +CVE-2021-39512 + RESERVED +CVE-2021-39511 + RESERVED +CVE-2021-39510 (An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wirele ...) + NOT-FOR-US: D-Link +CVE-2021-39509 (An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B01 ...) + NOT-FOR-US: D-Link +CVE-2021-39508 + RESERVED +CVE-2021-39507 + RESERVED +CVE-2021-39506 + RESERVED +CVE-2021-39505 + RESERVED +CVE-2021-39504 + RESERVED +CVE-2021-39503 (PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is ...) + NOT-FOR-US: PHPMyWind +CVE-2021-39502 + RESERVED +CVE-2021-39501 (EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect ...) + NOT-FOR-US: EyouCMS +CVE-2021-39500 (Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of i ...) + NOT-FOR-US: EyouCMS +CVE-2021-39499 (A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouC ...) + NOT-FOR-US: EyouCMS +CVE-2021-39498 + RESERVED +CVE-2021-39497 (eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...) + NOT-FOR-US: EyouCMS +CVE-2021-39496 (Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...) + NOT-FOR-US: EyouCMS +CVE-2021-39495 + RESERVED +CVE-2021-39494 + RESERVED +CVE-2021-39493 + RESERVED +CVE-2021-39492 + RESERVED +CVE-2021-39491 + RESERVED +CVE-2021-39490 + RESERVED +CVE-2021-39489 + RESERVED +CVE-2021-39488 + RESERVED +CVE-2021-39487 + RESERVED +CVE-2021-39486 (A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2. ...) + NOT-FOR-US: Gila CMS +CVE-2021-39485 + RESERVED +CVE-2021-39484 + RESERVED +CVE-2021-39483 + RESERVED +CVE-2021-39482 + RESERVED +CVE-2021-39481 + RESERVED +CVE-2021-39480 (Bingrep v0.8.5 was discovered to contain a memory allocation failure w ...) + NOT-FOR-US: bingrep +CVE-2021-39479 + RESERVED +CVE-2021-39478 + RESERVED +CVE-2021-39477 + RESERVED +CVE-2021-39476 + RESERVED +CVE-2021-39475 + RESERVED +CVE-2021-39474 (Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported a ...) + NOT-FOR-US: Docsis UBC1319BA00 Router +CVE-2021-39473 + RESERVED +CVE-2021-39472 + RESERVED +CVE-2021-39471 + RESERVED +CVE-2021-39470 + RESERVED +CVE-2021-39469 + RESERVED +CVE-2021-39468 + RESERVED +CVE-2021-39467 + RESERVED +CVE-2021-39466 + RESERVED +CVE-2021-39465 + RESERVED +CVE-2021-39464 + RESERVED +CVE-2021-39463 + RESERVED +CVE-2021-39462 + RESERVED +CVE-2021-39461 + RESERVED +CVE-2021-39460 + RESERVED +CVE-2021-39459 (Remote code execution in the modules component in Yakamara Media Redax ...) + NOT-FOR-US: Yakamara Media Redaxo CMS +CVE-2021-39458 (Triggering an error page of the import process in Yakamara Media Redax ...) + NOT-FOR-US: Yakamara Media Redaxo CMS +CVE-2021-39457 + RESERVED +CVE-2021-39456 + RESERVED +CVE-2021-39455 + RESERVED +CVE-2021-39454 + RESERVED +CVE-2021-39453 + RESERVED +CVE-2021-39452 + RESERVED +CVE-2021-39451 + RESERVED +CVE-2021-39450 + RESERVED +CVE-2021-39449 + RESERVED +CVE-2021-39448 + RESERVED +CVE-2021-39447 + RESERVED +CVE-2021-39446 + RESERVED +CVE-2021-39445 + RESERVED +CVE-2021-39444 + RESERVED +CVE-2021-39443 + RESERVED +CVE-2021-39442 + RESERVED +CVE-2021-39441 + RESERVED +CVE-2021-39440 + RESERVED +CVE-2021-39439 + RESERVED +CVE-2021-39438 + RESERVED +CVE-2021-39437 + RESERVED +CVE-2021-39436 + RESERVED +CVE-2021-39435 + RESERVED +CVE-2021-39434 + RESERVED +CVE-2021-39433 (A local file inclusion (LFI) vulnerability exists in version BIQS IT B ...) + NOT-FOR-US: BIQS IT Biqs-drive +CVE-2021-39432 + RESERVED +CVE-2021-39431 + RESERVED +CVE-2021-39430 + RESERVED +CVE-2021-39429 + RESERVED +CVE-2021-39428 + RESERVED +CVE-2021-39427 + RESERVED +CVE-2021-39426 + RESERVED +CVE-2021-39425 + RESERVED +CVE-2021-39424 + RESERVED +CVE-2021-39423 + RESERVED +CVE-2021-39422 + RESERVED +CVE-2021-39421 + RESERVED +CVE-2021-39420 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0. ...) + NOT-FOR-US: VFront +CVE-2021-39419 + RESERVED +CVE-2021-39418 + RESERVED +CVE-2021-39417 + RESERVED +CVE-2021-39416 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote C ...) + NOT-FOR-US: Remote Clinic +CVE-2021-39415 + RESERVED +CVE-2021-39414 + RESERVED +CVE-2021-39413 (Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel ...) + NOT-FOR-US: SEO Panel +CVE-2021-39412 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGuruk ...) + NOT-FOR-US: PHPGurukul Shopping +CVE-2021-39411 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGuruku ...) + NOT-FOR-US: PHPGurukul Hospital Management System +CVE-2021-39410 + RESERVED +CVE-2021-39409 + RESERVED +CVE-2021-39408 + RESERVED +CVE-2021-39407 + RESERVED +CVE-2021-39406 + RESERVED +CVE-2021-39405 + RESERVED +CVE-2021-39404 (MaianAffiliate v1.0 allows an authenticated administrative user to sav ...) + NOT-FOR-US: MaianAffiliate +CVE-2021-39403 + RESERVED +CVE-2021-39402 (MaianAffiliate v.1.0 is suffers from code injection by adding a new pr ...) + NOT-FOR-US: MaianAffiliate +CVE-2021-39401 + RESERVED +CVE-2021-39400 + RESERVED +CVE-2021-39399 + RESERVED +CVE-2021-39398 + RESERVED +CVE-2021-39397 + RESERVED +CVE-2021-39396 + RESERVED +CVE-2021-39395 + RESERVED +CVE-2021-39394 + RESERVED +CVE-2021-39393 + RESERVED +CVE-2021-39392 (The management tool in MyLittleBackup up to and including 1.7 allows r ...) + NOT-FOR-US: MyLittleBackup +CVE-2021-39391 (Cross Site Scripting (XSS) vulnerability exists in the admin panel in ...) + NOT-FOR-US: Beego +CVE-2021-39390 + RESERVED +CVE-2021-39389 + RESERVED +CVE-2021-39388 + RESERVED +CVE-2021-39387 + RESERVED +CVE-2021-39386 + RESERVED +CVE-2021-39385 + RESERVED +CVE-2021-39384 + RESERVED +CVE-2021-39383 + RESERVED +CVE-2021-39382 + RESERVED +CVE-2021-39381 + RESERVED +CVE-2021-39380 + RESERVED +CVE-2021-39379 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...) + NOT-FOR-US: openSIS +CVE-2021-39378 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...) + NOT-FOR-US: openSIS +CVE-2021-39377 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...) + NOT-FOR-US: openSIS +CVE-2021-39376 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...) + NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR) +CVE-2021-39375 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...) + NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR) +CVE-2021-39374 + RESERVED +CVE-2021-39373 (Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers t ...) + NOT-FOR-US: Samsung +CVE-2021-39372 + RESERVED +CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an ...) + {DLA-2754-1} + - pywps 4.5.0-1 + [bullseye] - pywps <no-dsa> (Minor issue) + [buster] - pywps <no-dsa> (Minor issue) + NOTE: https://github.com/geopython/OWSLib/issues/790 + NOTE: https://github.com/geopython/pywps/pull/616 +CVE-2021-39370 + RESERVED +CVE-2021-39369 + RESERVED +CVE-2021-39368 (Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter ...) + NOT-FOR-US: Canon Oce Print Exec Workgroup +CVE-2021-39367 (Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. ...) + NOT-FOR-US: Canon Oce Print Exec Workgroup +CVE-2021-39366 + RESERVED +CVE-2021-39365 (In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certifi ...) + {DSA-4964-1 DLA-2762-1} + - grilo 0.3.13-1.1 (bug #992971) + NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ + NOTE: https://gitlab.gnome.org/GNOME/grilo/-/issues/146 +CVE-2021-39364 + RESERVED +CVE-2021-39363 + RESERVED +CVE-2021-39362 (An XSS issue was discovered in ReCaptcha Solver 5.7. A response from A ...) + NOT-FOR-US: ReCaptcha Solver +CVE-2021-39361 (In GNOME evolution-rss through 0.3.96, network-soup.c does not enable ...) + - evolution-rss <unfixed> (bug #996590) + [bullseye] - evolution-rss <no-dsa> (Minor issue) + [buster] - evolution-rss <no-dsa> (Minor issue) + [stretch] - evolution-rss <postponed> (Minor issue, revisit when/if fixed upstream) + NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ + NOTE: https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11 +CVE-2021-39360 (In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS ...) + - libzapojit <unfixed> (bug #993538) + [bullseye] - libzapojit <no-dsa> (Minor issue) + [buster] - libzapojit <no-dsa> (Minor issue) + [stretch] - libzapojit <postponed> (Minor issue, revisit when/if fixed upstream) + NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ + NOTE: https://gitlab.gnome.org/GNOME/libzapojit/-/issues/4 +CVE-2021-39359 (In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS ...) + - libgda5 <unfixed> (bug #993592) + [bullseye] - libgda5 <no-dsa> (Minor issue) + [buster] - libgda5 <no-dsa> (Minor issue) + [stretch] - libgda5 <postponed> (Minor issue, revisit when/if fixed upstream) + NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ + NOTE: https://gitlab.gnome.org/GNOME/libgda/-/issues/249 +CVE-2021-39358 (In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable T ...) + - gfbgraph 0.2.5-1 (bug #993537) + [bullseye] - gfbgraph <no-dsa> (Minor issue) + [buster] - gfbgraph <no-dsa> (Minor issue) + [stretch] - gfbgraph <postponed> (Minor issue, revisit when/if fixed upstream) + NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ + NOTE: https://gitlab.gnome.org/GNOME/libgfbgraph/-/issues/17 +CVE-2021-3731 (LedgerSMB does not sufficiently guard against being wrapped by other s ...) + {DSA-4962-1} + - ledgersmb 1.6.9+ds-2.1 (bug #992817) + NOTE: https://ledgersmb.org/cve-2021-3731-clickjacking +CVE-2021-39357 (The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39356 (The Content Staging WordPress plugin is vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39354 (The Easy Digital Downloads WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39353 (The Easy Registration Forms WordPress plugin is vulnerable to Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39352 (The Catch Themes Demo Import WordPress plugin is vulnerable to arbitra ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated SQL i ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39349 (The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39348 (The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39346 (The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39343 (The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39341 (The OptinMonster WordPress plugin is vulnerable to sensitive informati ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39340 (The Notification WordPress plugin is vulnerable to Stored Cross-Site S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39338 (The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39337 (The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39336 (The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Sc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39335 (The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39334 (The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39333 (The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress containe ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39331 + RESERVED +CVE-2021-39330 + REJECTED +CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39328 (The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39326 + RESERVED +CVE-2021-39325 (The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39324 + RESERVED +CVE-2021-39323 + RESERVED +CVE-2021-39322 (The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39321 (Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerabl ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39320 (The underConstruction plugin <= 1.18 for WordPress echoes out the r ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39319 (The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerabl ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39318 (The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-S ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39317 (A WordPress plugin and several WordPress themes developed by AccessPre ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39316 (The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39315 (The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39314 (The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39313 (The Simple Image Gallery WordPress plugin is vulnerable to Reflected C ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39312 (The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary file ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39311 (The link-list-manager WordPress plugin is vulnerable to Reflected Cros ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39310 (The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Sit ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39309 (The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerabl ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39308 (The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39307 (PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlin ...) + NOT-FOR-US: PDFTron WebViewer UI +CVE-2021-39306 (A stack buffer overflow was discovered on Realtek RTL8195AM device bef ...) + NOT-FOR-US: Realtek +CVE-2021-39305 + RESERVED +CVE-2021-39304 (Proofpoint Enterprise Protection before 8.12.0-2108090000 allows secur ...) + NOT-FOR-US: Proofpoint +CVE-2021-3730 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: firefly-iii +CVE-2021-3729 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: firefly-iii +CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: firefly-iii +CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka P ...) + NOT-FOR-US: Jamf Pro +CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...) + NOT-FOR-US: MISP +CVE-2021-39301 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + NOT-FOR-US: HP +CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + NOT-FOR-US: HP +CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + NOT-FOR-US: HP +CVE-2021-39298 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + NOT-FOR-US: HP +CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + NOT-FOR-US: HP +CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...) + NOT-FOR-US: OpenBMC +CVE-2021-39295 + RESERVED +CVE-2021-3727 (# Vulnerability in `rand-quote` and `hitokoto` plugins **Description** ...) + NOT-FOR-US: ohmyzsh +CVE-2021-3726 (# Vulnerability in `title` function **Description**: the `title` funct ...) + NOT-FOR-US: ohmyzsh +CVE-2021-3725 (Vulnerability in dirhistory plugin Description: the widgets that go ba ...) + NOT-FOR-US: ohmyzsh +CVE-2021-3724 + RESERVED + NOT-FOR-US: Red Hat Serverless +CVE-2021-23161 + RESERVED + NOT-FOR-US: Red Hat Serverless +CVE-2021-23156 + RESERVED + NOT-FOR-US: Red Hat Serverless +CVE-2021-39294 + RESERVED +CVE-2021-39293 (In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted ...) + {DLA-2892-1 DLA-2891-1} + - golang-1.17 1.17.1-1 + - golang-1.16 1.16.8-1 + - golang-1.15 1.15.15-2 + [bullseye] - golang-1.15 1.15.15-1~deb11u1 + - golang-1.11 <removed> + [buster] - golang-1.11 <no-dsa> (Minor issue) + - golang-1.8 <removed> + - golang-1.7 <removed> + NOTE: https://github.com/golang/go/issues/47801 + NOTE: https://github.com/golang/go/commit/1dd24caf08985066b309af6bc461780c73e05c35 (1.17.1) + NOTE: https://github.com/golang/go/commit/6c480017ae600b2c90a264a922e041df04dfa785 (1.16.8) +CVE-2021-39292 + RESERVED +CVE-2021-3723 (A command injection vulnerability was reported in the Integrated Manag ...) + NOT-FOR-US: IBM +CVE-2021-3722 + RESERVED +CVE-2021-3721 + RESERVED +CVE-2021-3720 (An information disclosure vulnerability was reported in the Time Weath ...) + NOT-FOR-US: Lenovo +CVE-2021-3719 (A potential vulnerability in the SMI callback function that saves and ...) + NOT-FOR-US: Lenovo +CVE-2021-3718 (A denial of service vulnerability was reported in some ThinkPad models ...) + NOT-FOR-US: Lenovo +CVE-2021-39291 (Certain NetModule devices allow credentials via GET parameters to CLI- ...) + NOT-FOR-US: NetModule devices +CVE-2021-39290 (Certain NetModule devices allow Limited Session Fixation via PHPSESSID ...) + NOT-FOR-US: NetModule devices +CVE-2021-39289 (Certain NetModule devices have Insecure Password Handling (cleartext o ...) + NOT-FOR-US: NetModule devices +CVE-2021-39288 + RESERVED +CVE-2021-39287 + RESERVED +CVE-2021-39286 (Webrecorder pywb before 2.6.0 allows XSS because it does not ensure th ...) + NOT-FOR-US: Webrecorder pywb +CVE-2021-39285 (A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8 ...) + NOT-FOR-US: Versa +CVE-2021-39284 + RESERVED +CVE-2021-39283 (liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion ...) + - liblivemedia <removed> + [buster] - liblivemedia <ignored> (Minor issue) + [stretch] - liblivemedia <ignored> (Minor issue) + NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021969.html +CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 ...) + - liblivemedia <removed> + [buster] - liblivemedia <ignored> (Minor issue) + [stretch] - liblivemedia <ignored> (Minor issue) + NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021970.html +CVE-2021-39281 + RESERVED +CVE-2021-39280 (Certain Korenix JetWave devices allow authenticated users to execute a ...) + NOT-FOR-US: Korenix JetWave devices +CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via /forms/ ...) + NOT-FOR-US: MOXA +CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import menu. T ...) + NOT-FOR-US: MOXA +CVE-2021-39277 + RESERVED +CVE-2021-39276 + RESERVED +CVE-2021-39275 (ap_escape_quotes() may write beyond the end of a buffer when given mal ...) + {DSA-4982-1 DLA-2776-1} + - apache2 2.4.49-1 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-39275 + NOTE: https://github.com/apache/httpd/commit/d8bce6f575abb29997bba358b31842bf757776c6 (trunk) + NOTE: https://github.com/apache/httpd/commit/e0fec7d48dab1924c5a6b48819ce1cf420733f62 (trunk) + NOTE: https://github.com/apache/httpd/commit/8f09caf9945f3c80563bc4a776b04fbba239ca71 (trunk) + NOTE: https://github.com/apache/httpd/commit/c69d4cc90c0e27703030b3ff09f91bf4dcbcfd51 (2.4.x) + NOTE: https://github.com/apache/httpd/commit/ac62c7e7436560cf4f7725ee586364ce95c07804 (2.4.x) +CVE-2021-3717 + RESERVED + - wildfly <itp> (bug #752018) +CVE-2021-39274 (In XeroSecurity Sn1per 9.0 (free version), insecure directory permissi ...) + NOT-FOR-US: XeroSecurity Sn1per +CVE-2021-39273 (In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) ...) + NOT-FOR-US: XeroSecurity Sn1per +CVE-2021-39272 (Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption i ...) + - fetchmail 6.4.22-1 (bug #993163) + [bullseye] - fetchmail <no-dsa> (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist) + [buster] - fetchmail <no-dsa> (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist) + [stretch] - fetchmail <no-dsa> (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist) + NOTE: https://www.fetchmail.info/fetchmail-SA-2021-02.txt +CVE-2021-39271 (OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code ex ...) + NOT-FOR-US: OrbiTeam BSCW Classic +CVE-2021-39270 (In Ping Identity RSA SecurID Integration Kit before 3.2, user imperson ...) + NOT-FOR-US: Ping Identity RSA SecurID Integration Kit +CVE-2021-39269 + RESERVED +CVE-2021-39268 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...) + NOT-FOR-US: SuiteCRM +CVE-2021-39267 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...) + NOT-FOR-US: SuiteCRM +CVE-2021-39266 + RESERVED +CVE-2021-39265 + RESERVED +CVE-2021-39264 + RESERVED +CVE-2021-39263 (A crafted NTFS image can trigger a heap-based buffer overflow, caused ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39262 (A crafted NTFS image can cause an out-of-bounds access in ntfs_decompr ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39261 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_co ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39260 (A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_s ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39259 (A crafted NTFS image can trigger an out-of-bounds access, caused by an ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39258 (A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find a ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39257 (A crafted NTFS image with an unallocated bitmap can lead to a endless ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39256 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_in ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39255 (A crafted NTFS image can trigger an out-of-bounds read, caused by an i ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39254 (A crafted NTFS image can cause an integer overflow in memmove, leading ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39253 (A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_ ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39252 (A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39251 (A crafted NTFS image can cause a NULL pointer dereference in ntfs_exte ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39250 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...) + NOT-FOR-US: Invision Community +CVE-2021-39249 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...) + NOT-FOR-US: Invision Community +CVE-2021-39248 (Open edX through Lilac.1 allows XSS in common/static/common/js/discuss ...) + NOT-FOR-US: Open edX +CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, ...) + - zint <not-affected> (Introduced and fixed between 2.9.1 and 2.10.0) + NOTE: https://sourceforge.net/p/zint/code/ci/9b02cd52214e80f945bff41fc94bc1e17e15810c/ + NOTE: https://sourceforge.net/p/zint/tickets/232/ + NOTE: Introduced in https://sourceforge.net/p/zint/code/ci/6274140c73aa39c42271644ef8c9b4551ca06fc2/ +CVE-2021-39246 (Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlatio ...) + NOT-FOR-US: Tor Browser +CVE-2021-3716 [NBD_OPT_STRUCTURED_REPLY injection on STARTTLS] + RESERVED + - nbdkit 1.26.5-1 + [bullseye] - nbdkit <no-dsa> (Minor issue) + [buster] - nbdkit <not-affected> (Vulnerable code introduced later) + [stretch] - nbdkit <not-affected> (Vulnerable code introduced later) + NOTE: Introduced by: https://github.com/libguestfs/nbdkit/commit/eaa4c6e9a2c4bdb71aefdd4b1d865e7a9af606a8 (v1.11.8) + NOTE: https://listman.redhat.com/archives/libguestfs/2021-August/msg00077.html +CVE-2021-3715 + RESERVED + - linux 5.5.17-1 + [buster] - linux 4.19.118-1 + [stretch] - linux 4.9.228-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/09/07/1 + NOTE: https://git.kernel.org/linus/ef299cc3fa1a9e1288665a9fdc8bff55629fd359 (5.6) +CVE-2021-3714 + RESERVED +CVE-2021-39245 (Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, ...) + NOT-FOR-US: Altus +CVE-2021-39244 (Authenticated Semi-Blind Command Injection (via Parameter Injection) e ...) + NOT-FOR-US: Altus +CVE-2021-39243 (Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, ...) + NOT-FOR-US: Altus +CVE-2021-39242 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...) + {DSA-4960-1} + - haproxy 2.2.16-1 + [buster] - haproxy <not-affected> (Vulnerable code introduced later) + [stretch] - haproxy <not-affected> (Vulnerable code introduced later) + NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html + NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=b5d2b9e154d78e4075db163826c5e0f6d31b2ab1 +CVE-2021-39241 (An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.1 ...) + {DSA-4960-1} + - haproxy 2.2.16-1 + [buster] - haproxy <not-affected> (Vulnerable code introduced later) + [stretch] - haproxy <not-affected> (Vulnerable code introduced later) + NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html + NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=89265224d314a056d77d974284802c1b8a0dc97f +CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...) + {DSA-4960-1} + - haproxy 2.2.16-1 + [buster] - haproxy <not-affected> (Vulnerable code introduced later) + [stretch] - haproxy <not-affected> (Vulnerable code introduced later) + NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html + NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=4b8852c70d8c4b7e225e24eb58258a15eb54c26e + NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=a495e0d94876c9d39763db319f609351907a31e8 +CVE-2021-39239 (A vulnerability in XML processing in Apache Jena, in versions up to 4. ...) + NOT-FOR-US: Apache Jena +CVE-2021-39238 (Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise Pag ...) + NOT-FOR-US: HP +CVE-2021-39237 (Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide ...) + NOT-FOR-US: HP +CVE-2021-39236 (In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 ...) + NOT-FOR-US: Apache Ozone +CVE-2021-39235 (In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access ...) + NOT-FOR-US: Apache Ozone +CVE-2021-39234 (In Apache Ozone versions prior to 1.2.0, Authenticated users knowing t ...) + NOT-FOR-US: Apache Ozone +CVE-2021-39233 (In Apache Ozone versions prior to 1.2.0, Container related Datanode re ...) + NOT-FOR-US: Apache Ozone +CVE-2021-39232 (In Apache Ozone versions prior to 1.2.0, certain admin related SCM com ...) + NOT-FOR-US: Apache Ozone +CVE-2021-39231 (In Apache Ozone versions prior to 1.2.0, Various internal server-to-se ...) + NOT-FOR-US: Apache Ozone +CVE-2021-3713 (An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) d ...) + {DSA-4980-1 DLA-2753-1} + - qemu 1:6.1+dfsg-2 (bug #992727) + [buster] - qemu <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1994640 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/13b250b12ad3c59114a6a17d59caf073ce45b33a +CVE-2021-39230 (Butter is a system usability utility. Due to a kernel error the JPNS k ...) + NOT-FOR-US: Butter +CVE-2021-39229 (Apprise is an open source library which allows you to send a notificat ...) + NOT-FOR-US: Apprise +CVE-2021-39228 (Tremor is an event processing system for unstructured data. A vulnerab ...) + NOT-FOR-US: Tremor event processing (different from Vorbis Tremor) +CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for Apache ...) + NOT-FOR-US: ZRender +CVE-2021-39226 (Grafana is an open source data visualization platform. In affected ver ...) + - grafana <removed> +CVE-2021-39225 (Nextcloud is an open-source, self-hosted productivity platform. A miss ...) + NOT-FOR-US: Nextcloud Deck +CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) + NOT-FOR-US: Nextcloud OfficeOnline +CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) + NOT-FOR-US: Nextcloud Richdocuments +CVE-2021-39222 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) + NOT-FOR-US: Nextcloud Contacts +CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...) + NOT-FOR-US: Nextcloud Mail +CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtim ...) + NOT-FOR-US: wasmtime +CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...) + NOT-FOR-US: wasmtime +CVE-2021-39217 + RESERVED +CVE-2021-39216 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...) + NOT-FOR-US: wasmtime +CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In versio ...) + - jitsi-meet <itp> (bug #760485) +CVE-2021-39214 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...) + - mitmproxy <unfixed> (bug #994570) + [bullseye] - mitmproxy <no-dsa> (Minor issue) + [buster] - mitmproxy <no-dsa> (Minor issue) + [stretch] - mitmproxy <no-dsa> (Minor issue) + NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38 +CVE-2021-39213 (GLPI is a free Asset and IT management software package. Starting in v ...) + - glpi <removed> (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary distri ...) + - imagemagick <unfixed> (bug #996588) + [bullseye] - imagemagick <no-dsa> (Minor issue) + [buster] - imagemagick <no-dsa> (Minor issue) + [stretch] - imagemagick <no-dsa> (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr + NOTE: https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e +CVE-2021-39211 (GLPI is a free Asset and IT management software package. Starting in v ...) + - glpi <removed> (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2021-39210 (GLPI is a free Asset and IT management software package. In versions p ...) + - glpi <removed> (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2021-39209 (GLPI is a free Asset and IT management software package. In versions p ...) + - glpi <removed> (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p + NOTE: Only supported behind an authenticated HTTP zone +CVE-2021-39208 (SharpCompress is a fully managed C# library to deal with many compress ...) + NOT-FOR-US: SharpCompress +CVE-2021-39207 (parlai is a framework for training and evaluating AI models on a varie ...) + NOT-FOR-US: Facebook ParlAI +CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) + NOT-FOR-US: Pomerium +CVE-2021-39205 (Jitsi Meet is an open source video conferencing application. Versions ...) + - jitsi-meet <itp> (bug #760485) +CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) + NOT-FOR-US: Pomerium +CVE-2021-39203 (WordPress is a free and open-source content management system written ...) + - wordpress <not-affected> (Only affects 5.8 beta 1; vulnerable code introduced later) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-qxvw-qxm9-qvg6 +CVE-2021-39202 (WordPress is a free and open-source content management system written ...) + - wordpress <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297 +CVE-2021-39201 (WordPress is a free and open-source content management system written ...) + {DSA-4985-1} + - wordpress 5.8.1+dfsg1-1 (bug #994059) + [stretch] - wordpress <not-affected> (Vulnerable code added later) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v +CVE-2021-39200 (WordPress is a free and open-source content management system written ...) + - wordpress 5.8.1+dfsg1-1 (bug #994060) + [bullseye] - wordpress 5.7.3+dfsg1-0+deb11u1 + [buster] - wordpress <not-affected> (Vulnerable code introduced later in 5.2) + [stretch] - wordpress <not-affected> (Vulnerable code added later) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5 +CVE-2021-39199 (remark-html is an open source nodejs library which compiles Markdown t ...) + NOT-FOR-US: Node remark-html +CVE-2021-39198 (OroCRM is an open source Client Relationship Management (CRM) applicat ...) + NOT-FOR-US: OroCRM +CVE-2021-39197 (better_errors is an open source replacement for the standard Rails err ...) + - ruby-better-errors <itp> (bug #739168) +CVE-2021-39196 (pcapture is an open source dumpcap web service interface . In affected ...) + NOT-FOR-US: pcapture +CVE-2021-39195 (Misskey is an open source, decentralized microblogging platform. In af ...) + NOT-FOR-US: Misskey +CVE-2021-39194 (kaml is an open source implementation of the YAML format with support ...) + NOT-FOR-US: kaml +CVE-2021-39193 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...) + NOT-FOR-US: Frontier +CVE-2021-39192 (Ghost is a Node.js content management system. An error in the implemen ...) + NOT-FOR-US: Ghost CMS +CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for the Apa ...) + - libapache2-mod-auth-openidc 2.4.9.4-1 (bug #993648) + [bullseye] - libapache2-mod-auth-openidc <no-dsa> (Minor issue; can be fixed via point release) + [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue; can be fixed via point release) + [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) + NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-2pgf-8h6h-gqg2 + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/03e6bfb446f4e3f27c003d30d6a433e5dd8e2b3d + NOTE: https://github.com/zmartzone/mod_auth_openidc/issues/672 +CVE-2021-39190 + RESERVED +CVE-2021-39189 (Pimcore is an open source data & experience management platform. I ...) + NOT-FOR-US: Pimcore +CVE-2021-39188 + RESERVED +CVE-2021-39187 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Parse Server +CVE-2021-39186 (GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior ...) + NOT-FOR-US: Miraheze +CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services. In h ...) + NOT-FOR-US: Https4s +CVE-2021-39184 (Electron is a framework for writing cross-platform desktop application ...) + - electron <itp> (bug #842420) +CVE-2021-39183 (Owncast is an open source, self-hosted live video streaming and chat s ...) + NOT-FOR-US: Owncast +CVE-2021-39182 (EnroCrypt is a Python module for encryption and hashing. Prior to vers ...) + NOT-FOR-US: EnroCrypt +CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior to ver ...) + NOT-FOR-US: OpenOlat +CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...) + NOT-FOR-US: OpenOLAT +CVE-2021-39179 (DHIS 2 is an information system for data capture, management, validati ...) + NOT-FOR-US: DHIS 2 +CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...) + NOT-FOR-US: next.js +CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...) + NOT-FOR-US: geyser +CVE-2021-39176 (detect-character-encoding is a package for detecting character encodin ...) + NOT-FOR-US: detect-character-encoding + NOTE: NPM addon - https://github.com/sonicdoe/detect-character-encoding +CVE-2021-39175 (HedgeDoc is a platform to write and share markdown. In versions prior ...) + NOT-FOR-US: hedgedoc +CVE-2021-39174 (Cachet is an open source status page system. Prior to version 2.5.1, a ...) + - cachet <itp> (bug #851177) +CVE-2021-39173 (Cachet is an open source status page system. Prior to version 2.5.1 au ...) + - cachet <itp> (bug #851177) +CVE-2021-39172 (Cachet is an open source status page system. Prior to version 2.5.1, a ...) + - cachet <itp> (bug #851177) +CVE-2021-39171 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...) + NOT-FOR-US: Node passport-saml +CVE-2021-39170 (Pimcore is an open source data & experience management platform. P ...) + NOT-FOR-US: Pimcore +CVE-2021-39169 (Misskey is a decentralized microblogging platform. In versions of Miss ...) + NOT-FOR-US: Misskey +CVE-2021-39168 (OpenZepplin is a library for smart contract development. In affected v ...) + NOT-FOR-US: OpenZeppelin +CVE-2021-39167 (OpenZepplin is a library for smart contract development. In affected v ...) + NOT-FOR-US: OpenZeppelin +CVE-2021-39166 (Pimcore is an open source data & experience management platform. P ...) + NOT-FOR-US: Pimcore +CVE-2021-39165 (Cachet is an open source status page. With Cachet prior to and includi ...) + - cachet <itp> (bug #851177) +CVE-2021-39164 (Matrix is an ecosystem for open federated Instant Messaging and Voice ...) + - matrix-synapse 1.41.1-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q + NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1) +CVE-2021-39163 (Matrix is an ecosystem for open federated Instant Messaging and Voice ...) + - matrix-synapse 1.41.1-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2 + NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1) +CVE-2021-39162 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) + NOT-FOR-US: Pomerium +CVE-2021-39161 (Discourse is an open source platform for community discussion. In affe ...) + NOT-FOR-US: Discourse +CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git repository one ...) + NOT-FOR-US: nbgitpuller +CVE-2021-39159 (BinderHub is a kubernetes-based cloud service that allows users to sha ...) + NOT-FOR-US: BinderHub +CVE-2021-39158 (NVCaffe's python required dependencies list used to contain `gfortran` ...) + NOT-FOR-US: NVCaffe +CVE-2021-39157 (detect-character-encoding is an open source character encoding inspect ...) + NOT-FOR-US: detect-character-encoding +CVE-2021-39156 (Istio is an open source platform for providing a uniform way to integr ...) + NOT-FOR-US: Istio +CVE-2021-39155 (Istio is an open source platform for providing a uniform way to integr ...) + NOT-FOR-US: Istio +CVE-2021-39154 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68 + NOTE: https://x-stream.github.io/CVE-2021-39154.html +CVE-2021-39153 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v + NOTE: https://x-stream.github.io/CVE-2021-39153.html +CVE-2021-39152 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2 + NOTE: https://x-stream.github.io/CVE-2021-39152.html +CVE-2021-39151 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4 + NOTE: https://x-stream.github.io/CVE-2021-39151.html +CVE-2021-39150 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp + NOTE: https://x-stream.github.io/CVE-2021-39150.html +CVE-2021-39149 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x + NOTE: https://x-stream.github.io/CVE-2021-39149.html +CVE-2021-39148 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2 + NOTE: https://x-stream.github.io/CVE-2021-39148.html +CVE-2021-39147 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc + NOTE: https://x-stream.github.io/CVE-2021-39147.html +CVE-2021-39146 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f + NOTE: https://x-stream.github.io/CVE-2021-39146.html +CVE-2021-39145 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v + NOTE: https://x-stream.github.io/CVE-2021-39145.html +CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh + NOTE: https://x-stream.github.io/CVE-2021-39144.html +CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) + NOT-FOR-US: Spinnaker +CVE-2021-39142 + RESERVED +CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2 + NOTE: https://x-stream.github.io/CVE-2021-39141.html +CVE-2021-39140 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc + NOTE: https://x-stream.github.io/CVE-2021-39140.html +CVE-2021-39139 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44 + NOTE: https://x-stream.github.io/CVE-2021-39139.html +CVE-2021-39138 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Parse Server +CVE-2021-39137 (go-ethereum is the official Go implementation of the Ethereum protocol ...) + NOT-FOR-US: go-ethereum +CVE-2021-39136 (baserCMS is an open source content management system with a focus on J ...) + NOT-FOR-US: baserCMS +CVE-2021-39135 (`@npmcli/arborist`, the library that calculates dependency trees and m ...) + [experimental] - npm 7.24.0+ds-1 + - npm 7.24.0+ds-2 (bug #993405) + [bullseye] - npm <no-dsa> (Minor issue) + [buster] - npm <no-dsa> (Minor issue) + NOTE: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2 +CVE-2021-39134 (`@npmcli/arborist`, the library that calculates dependency trees and m ...) + [experimental] - npm 7.24.0+ds-1 + - npm 7.24.0+ds-2 (bug #993407) + [bullseye] - npm <no-dsa> (Minor issue) + [buster] - npm <no-dsa> (Minor issue) + NOTE: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc +CVE-2021-39133 (Rundeck is an open source automation service with a web console, comma ...) + NOT-FOR-US: Rundeck +CVE-2021-39132 (Rundeck is an open source automation service with a web console, comma ...) + NOT-FOR-US: Rundeck +CVE-2021-39131 (ced detects character encoding using Google’s compact_enc_det li ...) + NOT-FOR-US: Node ced +CVE-2021-39130 + RESERVED +CVE-2021-39129 + RESERVED +CVE-2021-39128 (Affected versions of Atlassian Jira Server or Data Center using the Ji ...) + NOT-FOR-US: Atlassian +CVE-2021-39127 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-39126 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-39125 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-39124 (The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassi ...) + NOT-FOR-US: Atlassian +CVE-2021-39123 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) + NOT-FOR-US: Atlassian +CVE-2021-39122 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-39121 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) + NOT-FOR-US: Atlassian +CVE-2021-39120 + RESERVED +CVE-2021-39119 (Affected versions of Atlassian Jira Server and Data Center allow users ...) + NOT-FOR-US: Atlassian +CVE-2021-39118 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-39117 (The AssociateFieldToScreens page in Atlassian Jira Server and Data Cen ...) + NOT-FOR-US: Atlassian +CVE-2021-39116 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-39115 (Affected versions of Atlassian Jira Service Management Server and Data ...) + NOT-FOR-US: Atlassian +CVE-2021-39114 + RESERVED +CVE-2021-39113 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-39112 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-39111 (The Editor plugin in Atlassian Jira Server and Data Center before vers ...) + NOT-FOR-US: Atlassian +CVE-2021-39110 + RESERVED +CVE-2021-39109 (The renderWidgetResource resource in Atlasian Atlasboard before versio ...) + NOT-FOR-US: Atlassian +CVE-2021-39108 + RESERVED +CVE-2021-39107 + RESERVED +CVE-2021-39106 + RESERVED +CVE-2021-39105 + RESERVED +CVE-2021-39104 + RESERVED +CVE-2021-39103 + RESERVED +CVE-2021-39102 + RESERVED +CVE-2021-39101 + RESERVED +CVE-2021-39100 + RESERVED +CVE-2021-39099 + RESERVED +CVE-2021-39098 + RESERVED +CVE-2021-39097 + RESERVED +CVE-2021-39096 + RESERVED +CVE-2021-39095 + RESERVED +CVE-2021-39094 + RESERVED +CVE-2021-39093 + RESERVED +CVE-2021-39092 + RESERVED +CVE-2021-39091 + RESERVED +CVE-2021-39090 + RESERVED +CVE-2021-39089 + RESERVED +CVE-2021-39088 + RESERVED +CVE-2021-39087 + RESERVED +CVE-2021-39086 + RESERVED +CVE-2021-39085 + RESERVED +CVE-2021-39084 + RESERVED +CVE-2021-39083 + RESERVED +CVE-2021-39082 + RESERVED +CVE-2021-39081 + RESERVED +CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android appli ...) + NOT-FOR-US: IBM +CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to version ...) + NOT-FOR-US: IBM +CVE-2021-39078 + RESERVED +CVE-2021-39077 + RESERVED +CVE-2021-39076 + RESERVED +CVE-2021-39075 + RESERVED +CVE-2021-39074 + RESERVED +CVE-2021-39073 + RESERVED +CVE-2021-39072 + RESERVED +CVE-2021-39071 + RESERVED +CVE-2021-39070 (IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the ad ...) + NOT-FOR-US: IBM +CVE-2021-39069 + RESERVED +CVE-2021-39068 + RESERVED +CVE-2021-39067 + RESERVED +CVE-2021-39066 (IBM Financial Transaction Manager 3.2.4 does not invalidate session an ...) + NOT-FOR-US: IBM +CVE-2021-39065 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...) + NOT-FOR-US: IBM +CVE-2021-39064 (IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authenti ...) + NOT-FOR-US: IBM +CVE-2021-39063 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin ...) + NOT-FOR-US: IBM +CVE-2021-39062 + RESERVED +CVE-2021-39061 + RESERVED +CVE-2021-39060 + RESERVED +CVE-2021-39059 + RESERVED +CVE-2021-39058 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...) + NOT-FOR-US: IBM +CVE-2021-39057 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to s ...) + NOT-FOR-US: IBM +CVE-2021-39056 (The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (E ...) + NOT-FOR-US: IBM +CVE-2021-39055 + RESERVED +CVE-2021-39054 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...) + NOT-FOR-US: IBM +CVE-2021-39053 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...) + NOT-FOR-US: IBM +CVE-2021-39052 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...) + NOT-FOR-US: IBM +CVE-2021-39051 + RESERVED +CVE-2021-39050 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...) + NOT-FOR-US: IBM +CVE-2021-39049 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...) + NOT-FOR-US: IBM +CVE-2021-39048 (IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based ...) + NOT-FOR-US: IBM +CVE-2021-39047 + RESERVED +CVE-2021-39046 + RESERVED +CVE-2021-39045 + RESERVED +CVE-2021-39044 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site re ...) + NOT-FOR-US: IBM +CVE-2021-39043 + RESERVED +CVE-2021-39042 + RESERVED +CVE-2021-39041 + RESERVED +CVE-2021-39040 + RESERVED +CVE-2021-39039 + RESERVED +CVE-2021-39038 + RESERVED +CVE-2021-39037 + RESERVED +CVE-2021-39036 + RESERVED +CVE-2021-39035 + RESERVED +CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by a ...) + NOT-FOR-US: IBM +CVE-2021-39033 + RESERVED +CVE-2021-39032 (IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potential ...) + NOT-FOR-US: IBM +CVE-2021-39031 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 c ...) + NOT-FOR-US: IBM +CVE-2021-39030 + RESERVED +CVE-2021-39029 + RESERVED +CVE-2021-39028 + RESERVED +CVE-2021-39027 + RESERVED +CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...) + NOT-FOR-US: IBM +CVE-2021-39025 + RESERVED +CVE-2021-39024 + RESERVED +CVE-2021-39023 + RESERVED +CVE-2021-39022 + RESERVED +CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...) + NOT-FOR-US: IBM +CVE-2021-39020 + RESERVED +CVE-2021-39019 + RESERVED +CVE-2021-39018 + RESERVED +CVE-2021-39017 + RESERVED +CVE-2021-39016 + RESERVED +CVE-2021-39015 + RESERVED +CVE-2021-39014 + RESERVED +CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could ...) + NOT-FOR-US: IBM +CVE-2021-39012 + RESERVED +CVE-2021-39011 + RESERVED +CVE-2021-39010 + RESERVED +CVE-2021-39009 + RESERVED +CVE-2021-39008 + RESERVED +CVE-2021-39007 + RESERVED +CVE-2021-39006 + RESERVED +CVE-2021-39005 + RESERVED +CVE-2021-39004 + RESERVED +CVE-2021-39003 + RESERVED +CVE-2021-39002 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) + NOT-FOR-US: IBM +CVE-2021-39001 + RESERVED +CVE-2021-39000 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to ob ...) + NOT-FOR-US: IBM +CVE-2021-38999 (IBM MQ Appliance could allow a local attacker to obtain sensitive info ...) + NOT-FOR-US: IBM +CVE-2021-38998 + RESERVED +CVE-2021-38997 + RESERVED +CVE-2021-38996 + RESERVED +CVE-2021-38995 + RESERVED +CVE-2021-38994 + RESERVED +CVE-2021-38993 + RESERVED +CVE-2021-38992 + RESERVED +CVE-2021-38991 (IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2021-38990 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) + NOT-FOR-US: IBM +CVE-2021-38989 + RESERVED +CVE-2021-38988 + RESERVED +CVE-2021-38987 + RESERVED +CVE-2021-38986 + RESERVED +CVE-2021-38985 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) + NOT-FOR-US: IBM +CVE-2021-38984 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...) + NOT-FOR-US: IBM +CVE-2021-38983 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...) + NOT-FOR-US: IBM +CVE-2021-38982 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerabl ...) + NOT-FOR-US: IBM +CVE-2021-38981 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) + NOT-FOR-US: IBM +CVE-2021-38980 (IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle ...) + NOT-FOR-US: IBM +CVE-2021-38979 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-w ...) + NOT-FOR-US: IBM +CVE-2021-38978 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) + NOT-FOR-US: IBM +CVE-2021-38977 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set ...) + NOT-FOR-US: IBM +CVE-2021-38976 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user ...) + NOT-FOR-US: IBM +CVE-2021-38975 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) + NOT-FOR-US: IBM +CVE-2021-38974 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) + NOT-FOR-US: IBM +CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) + NOT-FOR-US: IBM +CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) + NOT-FOR-US: IBM +CVE-2021-38971 + RESERVED +CVE-2021-38970 + RESERVED +CVE-2021-38969 + RESERVED +CVE-2021-38968 + RESERVED +CVE-2021-38967 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged use ...) + NOT-FOR-US: IBM +CVE-2021-38966 (IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site script ...) + NOT-FOR-US: IBM +CVE-2021-38965 (IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remo ...) + NOT-FOR-US: IBM +CVE-2021-38964 + RESERVED +CVE-2021-38963 + RESERVED +CVE-2021-38962 + RESERVED +CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerab ...) + NOT-FOR-US: IBM +CVE-2021-38960 (IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated use ...) + NOT-FOR-US: IBM +CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...) + NOT-FOR-US: IBM +CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service ...) + NOT-FOR-US: IBM +CVE-2021-38957 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sens ...) + NOT-FOR-US: IBM +CVE-2021-38956 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sens ...) + NOT-FOR-US: IBM +CVE-2021-38955 + RESERVED +CVE-2021-38954 + RESERVED +CVE-2021-38953 + RESERVED +CVE-2021-38952 + RESERVED +CVE-2021-38951 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2021-38950 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...) + NOT-FOR-US: IBM +CVE-2021-38949 (IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials ...) + NOT-FOR-US: IBM +CVE-2021-38948 (IBM InfoSphere Information Server 11.7 is vulnerable to an XML Externa ...) + NOT-FOR-US: IBM +CVE-2021-38947 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...) + NOT-FOR-US: IBM +CVE-2021-38946 + RESERVED +CVE-2021-38945 + RESERVED +CVE-2021-38944 + RESERVED +CVE-2021-38943 + RESERVED +CVE-2021-38942 + RESERVED +CVE-2021-38941 + RESERVED +CVE-2021-38940 + RESERVED +CVE-2021-38939 + RESERVED +CVE-2021-38938 + RESERVED +CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authent ...) + NOT-FOR-US: IBM +CVE-2021-38936 + RESERVED +CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...) + NOT-FOR-US: IBM +CVE-2021-38934 + RESERVED +CVE-2021-38933 + RESERVED +CVE-2021-38932 + RESERVED +CVE-2021-38931 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...) + NOT-FOR-US: IBM +CVE-2021-38930 + RESERVED +CVE-2021-38929 + RESERVED +CVE-2021-38928 + RESERVED +CVE-2021-38927 + RESERVED +CVE-2021-38926 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...) + NOT-FOR-US: IBM +CVE-2021-38925 (IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 ...) + NOT-FOR-US: IBM +CVE-2021-38924 + RESERVED +CVE-2021-38923 (IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain ac ...) + NOT-FOR-US: IBM +CVE-2021-38922 + RESERVED +CVE-2021-38921 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than ex ...) + NOT-FOR-US: IBM +CVE-2021-38920 + RESERVED +CVE-2021-38919 + RESERVED +CVE-2021-38918 (IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a spec ...) + NOT-FOR-US: IBM +CVE-2021-38917 (IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker ...) + NOT-FOR-US: IBM +CVE-2021-38916 + RESERVED +CVE-2021-38915 (IBM Data Risk Manager 2.0.6 stores user credentials in plain clear tex ...) + NOT-FOR-US: IBM +CVE-2021-38914 + RESERVED +CVE-2021-38913 + RESERVED +CVE-2021-38912 + RESERVED +CVE-2021-38911 (IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in p ...) + NOT-FOR-US: IBM +CVE-2021-38910 + RESERVED +CVE-2021-38909 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2021-38908 + RESERVED +CVE-2021-38907 + RESERVED +CVE-2021-38906 + RESERVED +CVE-2021-38905 + RESERVED +CVE-2021-38904 + RESERVED +CVE-2021-38903 + RESERVED +CVE-2021-38902 + RESERVED +CVE-2021-38901 (IBM Spectrum Protect Operations Center 7.1, under special configuratio ...) + NOT-FOR-US: IBM +CVE-2021-38900 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...) + NOT-FOR-US: IBM +CVE-2021-38899 (IBM Cloud Pak for Data 2.5 could allow a local user with special privi ...) + NOT-FOR-US: IBM +CVE-2021-38898 + RESERVED +CVE-2021-38897 + RESERVED +CVE-2021-38896 (IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scrip ...) + NOT-FOR-US: IBM +CVE-2021-38895 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cr ...) + NOT-FOR-US: IBM +CVE-2021-38894 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remot ...) + NOT-FOR-US: IBM +CVE-2021-38893 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...) + NOT-FOR-US: IBM +CVE-2021-38892 + REJECTED + NOT-FOR-US: IBM +CVE-2021-38891 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than ...) + NOT-FOR-US: IBM +CVE-2021-38890 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequat ...) + NOT-FOR-US: IBM +CVE-2021-38889 + RESERVED +CVE-2021-38888 + RESERVED +CVE-2021-38887 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) + NOT-FOR-US: IBM +CVE-2021-38886 + RESERVED +CVE-2021-38885 + RESERVED +CVE-2021-38884 + RESERVED +CVE-2021-38883 (IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Bus ...) + NOT-FOR-US: IBM +CVE-2021-38882 (IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admi ...) + NOT-FOR-US: IBM +CVE-2021-38881 + RESERVED +CVE-2021-38880 + RESERVED +CVE-2021-38879 + RESERVED +CVE-2021-38878 + RESERVED +CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross ...) + NOT-FOR-US: IBM +CVE-2021-38876 (IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vu ...) + NOT-FOR-US: IBM +CVE-2021-38875 (IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerabl ...) + NOT-FOR-US: IBM +CVE-2021-38874 + RESERVED +CVE-2021-38873 (IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. ...) + NOT-FOR-US: IBM +CVE-2021-38872 + RESERVED +CVE-2021-38871 + RESERVED +CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vu ...) + NOT-FOR-US: IBM +CVE-2021-38869 + RESERVED +CVE-2021-38868 + RESERVED +CVE-2021-38867 + RESERVED +CVE-2021-38866 + RESERVED +CVE-2021-38865 + RESERVED +CVE-2021-38864 (IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensit ...) + NOT-FOR-US: IBM +CVE-2021-38863 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...) + NOT-FOR-US: IBM +CVE-2021-38862 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...) + NOT-FOR-US: IBM +CVE-2021-38861 + RESERVED +CVE-2021-38860 + RESERVED +CVE-2021-38859 + RESERVED +CVE-2021-3712 (ASN.1 strings are represented internally within OpenSSL as an ASN1_STR ...) + {DSA-4963-1 DLA-2774-1 DLA-2766-1} + - openssl 1.1.1l-1 + - openssl1.0 <removed> + NOTE: https://www.openssl.org/news/secadv/20210824.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d9d838ddc0ed083fb4c26dd067e71aad7c65ad16 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=174ba8048a7f2f5e1fca31cfb93b1730d9db8300 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f54e57406ca17731b9ade3afd561d3c652e07f2 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23446958685a593d4d9434475734b99138902ed2 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8393de42498f8be75cf0353f5c9f906a43a748d2 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4de66925203ca99189c842136ec4a623137ea447 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bb4d2ed4091408404e18b3326e3df67848ef63d0 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2d0e5d4a4a5d4332325b5e5cea492fad2be633e1 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8c74c9d1ade0fbdab5b815ddb747351b8b839641 (OpenSSL_1_1_1l) +CVE-2021-3711 (In order to decrypt SM2 encrypted data an application is expected to c ...) + {DSA-4963-1} + - openssl 1.1.1l-1 + [stretch] - openssl <not-affected> (support for SM2 decryption added in 1.1.1-pre3) + - openssl1.0 <not-affected> (Vulnerability does not affect 1.0.2 series) + NOTE: https://www.openssl.org/news/secadv/20210824.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=733fa41c3fc4bcac37f94aa917f7242420f8a5a6 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=515ac8b5e544dd713a2b4cabfc54b722d122c218 (OpenSSL_1_1_1l) +CVE-2021-38858 + RESERVED +CVE-2021-38857 + RESERVED +CVE-2021-38856 + RESERVED +CVE-2021-38855 + RESERVED +CVE-2021-38854 + RESERVED +CVE-2021-38853 + RESERVED +CVE-2021-38852 + RESERVED +CVE-2021-38851 + RESERVED +CVE-2021-38850 + RESERVED +CVE-2021-38849 + RESERVED +CVE-2021-38848 + RESERVED +CVE-2021-38847 (S-Cart v6.4.1 and below was discovered to contain an arbitrary file up ...) + NOT-FOR-US: S-Cart +CVE-2021-38846 + RESERVED +CVE-2021-38845 + RESERVED +CVE-2021-38844 + RESERVED +CVE-2021-38843 + RESERVED +CVE-2021-38842 + RESERVED +CVE-2021-38841 (Remote Code Execution can occur in Simple Water Refilling Station Mana ...) + NOT-FOR-US: Simple Water Refilling Station Management System +CVE-2021-38840 (SQL Injection can occur in Simple Water Refilling Station Management S ...) + NOT-FOR-US: Simple Water Refilling Station Management System +CVE-2021-38839 + RESERVED +CVE-2021-38838 + RESERVED +CVE-2021-38837 + RESERVED +CVE-2021-38836 + RESERVED +CVE-2021-38835 + RESERVED +CVE-2021-38834 + RESERVED +CVE-2021-38833 (SQL injection vulnerability in PHPGurukul Apartment Visitors Managemen ...) + NOT-FOR-US: PHPGurukul Apartment Visitors Management System (AVMS) +CVE-2021-38832 + RESERVED +CVE-2021-38831 + RESERVED +CVE-2021-38830 + RESERVED +CVE-2021-38829 + RESERVED +CVE-2021-38828 + RESERVED +CVE-2021-38827 + RESERVED +CVE-2021-38826 + RESERVED +CVE-2021-38825 + RESERVED +CVE-2021-38824 + RESERVED +CVE-2021-38823 (The IceHrm 30.0.0 OS website was found vulnerable to Session Managemen ...) + NOT-FOR-US: IceHrm +CVE-2021-38822 (A Stored Cross Site Scripting vulnerability via Malicious File Upload ...) + NOT-FOR-US: IceHrm +CVE-2021-38821 + RESERVED +CVE-2021-38820 + RESERVED +CVE-2021-38819 + RESERVED +CVE-2021-38818 + RESERVED +CVE-2021-38817 + RESERVED +CVE-2021-38816 + RESERVED +CVE-2021-38815 + RESERVED +CVE-2021-38814 + RESERVED +CVE-2021-38813 + RESERVED +CVE-2021-38812 + RESERVED +CVE-2021-38811 + RESERVED +CVE-2021-38810 + RESERVED +CVE-2021-38809 + RESERVED +CVE-2021-38808 + RESERVED +CVE-2021-38807 + RESERVED +CVE-2021-38806 + RESERVED +CVE-2021-38805 + RESERVED +CVE-2021-38804 + RESERVED +CVE-2021-38803 + RESERVED +CVE-2021-38802 + RESERVED +CVE-2021-38801 + RESERVED +CVE-2021-38800 + RESERVED +CVE-2021-38799 + RESERVED +CVE-2021-38798 + RESERVED +CVE-2021-38797 + RESERVED +CVE-2021-38796 + RESERVED +CVE-2021-38795 + RESERVED +CVE-2021-38794 + RESERVED +CVE-2021-38793 + RESERVED +CVE-2021-38792 + RESERVED +CVE-2021-38791 + RESERVED +CVE-2021-38790 + RESERVED +CVE-2021-38789 (Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect acce ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38788 (The Background service in Allwinner R818 SoC Android Q SDK V1.0 is use ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38787 (There is an integer overflow in the ION driver "/dev/ion" of Allwinner ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38786 (There is a NULL pointer dereference in media/libcedarc/vdecoder of All ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38785 (There is a NULL pointer deference in the Allwinner R818 SoC Android Q ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38784 (There is a NULL pointer dereference in the syscall open_exec function ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38783 (There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38782 + RESERVED +CVE-2021-38781 + RESERVED +CVE-2021-38780 + RESERVED +CVE-2021-38779 + RESERVED +CVE-2021-38778 + RESERVED +CVE-2021-38777 + RESERVED +CVE-2021-38776 + RESERVED +CVE-2021-38775 + RESERVED +CVE-2021-38774 + RESERVED +CVE-2021-38773 + RESERVED +CVE-2021-38772 + RESERVED +CVE-2021-38771 + RESERVED +CVE-2021-38770 + RESERVED +CVE-2021-38769 + RESERVED +CVE-2021-38768 + RESERVED +CVE-2021-38767 + RESERVED +CVE-2021-38766 + RESERVED +CVE-2021-38765 + RESERVED +CVE-2021-38764 + RESERVED +CVE-2021-38763 + RESERVED +CVE-2021-38762 + RESERVED +CVE-2021-38761 + RESERVED +CVE-2021-38760 + RESERVED +CVE-2021-38759 (Raspberry Pi OS through 5.10 has the raspberry default password for th ...) + NOT-FOR-US: Raspberry Pi OS +CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...) + NOT-FOR-US: Directory traversal in Online Catering Reservation System +CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...) + NOT-FOR-US: Hospital Management System +CVE-2021-38756 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...) + NOT-FOR-US: Hospital Management System +CVE-2021-38755 (Unauthenticated doctor entry deletion in Hospital Management System in ...) + NOT-FOR-US: Hospital Management System +CVE-2021-38754 (SQL Injection vulnerability in Hospital Management System due to lack ...) + NOT-FOR-US: Hospital Management System +CVE-2021-38753 (An unrestricted file upload on Simple Image Gallery Web App can be exp ...) + NOT-FOR-US: Simple Image Gallery Web App +CVE-2021-38752 (A cross-site scripting (XSS) vulnerability in Online Catering Reservat ...) + NOT-FOR-US: Online Catering Reservation System +CVE-2021-38751 (A HTTP Host header attack exists in ExponentCMS 2.6 and below in /expo ...) + NOT-FOR-US: ExponentCMS +CVE-2021-38750 + RESERVED +CVE-2021-38749 + RESERVED +CVE-2021-38748 + RESERVED +CVE-2021-38747 + RESERVED +CVE-2021-38746 + RESERVED +CVE-2021-38745 + RESERVED +CVE-2021-38744 + RESERVED +CVE-2021-38743 + RESERVED +CVE-2021-38742 + RESERVED +CVE-2021-38741 + RESERVED +CVE-2021-38740 + RESERVED +CVE-2021-38739 + RESERVED +CVE-2021-38738 + RESERVED +CVE-2021-38737 + RESERVED +CVE-2021-38736 + RESERVED +CVE-2021-38735 + RESERVED +CVE-2021-38734 + RESERVED +CVE-2021-38733 + RESERVED +CVE-2021-38732 + RESERVED +CVE-2021-38731 + RESERVED +CVE-2021-38730 + RESERVED +CVE-2021-38729 + RESERVED +CVE-2021-38728 + RESERVED +CVE-2021-38727 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...) + NOT-FOR-US: FUEL CMS +CVE-2021-38726 + RESERVED +CVE-2021-38725 (Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/co ...) + NOT-FOR-US: FUEL CMS +CVE-2021-38724 + RESERVED +CVE-2021-38723 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...) + NOT-FOR-US: FUEL CMS +CVE-2021-38722 + RESERVED +CVE-2021-38721 (FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) ...) + NOT-FOR-US: FUEL CMS +CVE-2021-38720 + RESERVED +CVE-2021-38719 + RESERVED +CVE-2021-38718 + RESERVED +CVE-2021-38717 + RESERVED +CVE-2021-38716 + RESERVED +CVE-2021-38715 + RESERVED +CVE-2021-38714 (In Plib through 1.85, there is an integer overflow vulnerability that ...) + {DLA-2775-1} + - plib 1.8.5-10 (bug #992973) + [bullseye] - plib 1.8.5-8+deb11u1 + [buster] - plib <no-dsa> (Minor issue) + NOTE: https://sourceforge.net/p/plib/bugs/55/ +CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. ...) + NOT-FOR-US: imgURL +CVE-2021-38712 (OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents ...) + NOT-FOR-US: OneNav +CVE-2021-38710 (** DISPUTED ** Static (Persistent) XSS Vulnerability exists in version ...) + NOT-FOR-US: Yclas +CVE-2021-38709 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...) + NOT-FOR-US: ocProducts Composr CMS +CVE-2021-38708 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...) + NOT-FOR-US: ocProducts Composr CMS +CVE-2021-3710 (An information disclosure via path traversal was discovered in apport/ ...) + NOT-FOR-US: Apport +CVE-2021-3709 (Function check_attachment_for_errors() in file data/general-hooks/ubun ...) + NOT-FOR-US: Apport +CVE-2021-38711 (In gitit before 0.15.0.0, the Export feature can be exploited to leak ...) + - gitit <unfixed> (bug #992297) + [bullseye] - gitit <no-dsa> (Minor issue) + [buster] - gitit <no-dsa> (Minor issue) + [stretch] - gitit <no-dsa> (Minor issue) + NOTE: https://github.com/jgm/gitit/commit/eed32638f4f6e3b2f4b8a9a04c4b72001acf9ad8 +CVE-2021-38707 (Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7 ...) + NOT-FOR-US: ClinicCases +CVE-2021-38706 (messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL inject ...) + NOT-FOR-US: ClinicCases +CVE-2021-38705 (ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A ...) + NOT-FOR-US: ClinicCases +CVE-2021-38704 (Multiple reflected cross-site scripting (XSS) vulnerabilities in Clini ...) + NOT-FOR-US: ClinicCases +CVE-2021-38703 (Wireless devices running certain Arcadyan-derived firmware (such as KP ...) + NOT-FOR-US: Wireless devices running certain Arcadyan-derived firmware +CVE-2021-3708 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...) + NOT-FOR-US: D-Link +CVE-2021-3707 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...) + NOT-FOR-US: D-Link +CVE-2021-38702 (Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 a ...) + NOT-FOR-US: Cyberoam NetGenie C0101B1-20141120-NG11VO devices +CVE-2021-38701 (Certain Motorola Solutions Avigilon devices allow XSS in the administr ...) + NOT-FOR-US: Motorola Solutions Avigilon devices +CVE-2021-38700 + RESERVED +CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashb ...) + NOT-FOR-US: TastyIgniter +CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allow ...) + - consul <unfixed> + [bullseye] - consul <no-dsa> (Minor issue) + [buster] - consul <no-dsa> (Minor issue) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 + NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15) +CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted Fi ...) + NOT-FOR-US: SoftVibe SARABAN for INFOMA +CVE-2021-38696 (SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerabi ...) + NOT-FOR-US: SoftVibe SARABAN for INFOMA +CVE-2021-38695 (SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scr ...) + NOT-FOR-US: SoftVibe SARABAN for INFOMA +CVE-2021-38694 (SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. ...) + NOT-FOR-US: SoftVibe SARABAN for INFOMA +CVE-2021-38693 + RESERVED +CVE-2021-38692 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38691 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38690 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38689 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38688 (An improper authentication vulnerability has been reported to affect A ...) + NOT-FOR-US: QNAP +CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...) + NOT-FOR-US: QNAP +CVE-2021-38685 (A command injection vulnerability has been reported to affect QNAP dev ...) + NOT-FOR-US: QNAP +CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38683 + RESERVED +CVE-2021-38682 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38681 (A reflected cross-site scripting (XSS) vulnerability has been reported ...) + NOT-FOR-US: QNAP +CVE-2021-38680 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-38679 (An improper authentication vulnerability has been reported to affect Q ...) + NOT-FOR-US: QNAP +CVE-2021-38678 (An open redirect vulnerability has been reported to affect QNAP device ...) + NOT-FOR-US: QNAP +CVE-2021-38677 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-38676 + RESERVED +CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-38674 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag ...) + NOT-FOR-US: adminlte +CVE-2021-38673 + RESERVED +CVE-2021-38672 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-38670 + RESERVED +CVE-2021-38669 (Microsoft Edge (Chromium-based) Tampering Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38668 + RESERVED +CVE-2021-38667 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-38666 (Remote Desktop Client Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38665 (Remote Desktop Protocol Client Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38664 + RESERVED +CVE-2021-38663 (Windows exFAT File System Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38662 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-38661 (HEVC Video Extensions Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-38659 (Microsoft Office Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38658 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-38657 (Microsoft Office Graphics Component Information Disclosure Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-38656 (Microsoft Word Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38655 (Microsoft Excel Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38654 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-38653 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-38652 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-38651 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-38650 (Microsoft Office Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38649 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...) + NOT-FOR-US: Microsoft +CVE-2021-38648 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...) + NOT-FOR-US: Microsoft +CVE-2021-38647 (Open Management Infrastructure Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38646 (Microsoft Office Access Connectivity Engine Remote Code Execution Vuln ...) + NOT-FOR-US: Microsoft +CVE-2021-38645 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...) + NOT-FOR-US: Microsoft +CVE-2021-38644 (Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38643 + RESERVED +CVE-2021-38642 (Microsoft Edge for iOS Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38641 (Microsoft Edge for Android Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38640 + RESERVED +CVE-2021-38639 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-38638 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) + NOT-FOR-US: Microsoft +CVE-2021-38637 (Windows Storage Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38636 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...) + NOT-FOR-US: Microsoft +CVE-2021-38635 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...) + NOT-FOR-US: Microsoft +CVE-2021-38634 (Microsoft Windows Update Client Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38633 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-38632 (BitLocker Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38631 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-38630 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-38629 (Windows Ancillary Function Driver for WinSock Information Disclosure V ...) + NOT-FOR-US: Microsoft +CVE-2021-38628 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) + NOT-FOR-US: Microsoft +CVE-2021-38627 + RESERVED +CVE-2021-38626 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-38625 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-38624 (Windows Key Storage Provider Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-38623 (The deferred_image_processing (aka Deferred image processing) extensio ...) + NOT-FOR-US: deferred_image_processing (aka Deferred image processing) extension for TYPO3 +CVE-2021-38622 + RESERVED +CVE-2021-38621 (The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index ...) + NOT-FOR-US: Agora Flat Server +CVE-2021-38620 + RESERVED +CVE-2021-38619 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...) + NOT-FOR-US: openBaraza HCM +CVE-2021-38618 (In GFOS Workforce Management 4.8.272.1, the login page of application ...) + NOT-FOR-US: GFOS Workforce Management +CVE-2021-38617 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ us ...) + NOT-FOR-US: Eigen +CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{us ...) + NOT-FOR-US: Eigen +CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/conf ...) + NOT-FOR-US: Eigen +CVE-2021-3705 (Potential security vulnerabilities have been discovered on a certain H ...) + NOT-FOR-US: HP +CVE-2021-3704 (Potential security vulnerabilities have been discovered on a certain H ...) + NOT-FOR-US: HP +CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is u ...) + - polipo <removed> + [buster] - polipo <ignored> (Minor issue) + [stretch] - polipo <ignored> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/28/2 +CVE-2021-38613 (The assets/index.php Image Upload feature of the NASCENT RemKon Device ...) + NOT-FOR-US: NASCENT RemKon Device Manager +CVE-2021-38612 (In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulner ...) + NOT-FOR-US: NASCENT RemKon Device Manager +CVE-2021-38611 (A command-injection vulnerability in the Image Upload function of the ...) + NOT-FOR-US: NASCENT RemKon Device Manager +CVE-2021-38610 + RESERVED +CVE-2021-38609 + RESERVED +CVE-2021-38608 (Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.73 ...) + NOT-FOR-US: Tranquil WAPT Enterprise +CVE-2021-38607 (Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated u ...) + NOT-FOR-US: Crocoblock JetEngine +CVE-2021-38606 (reNgine through 0.5 relies on a predictable directory name. ...) + NOT-FOR-US: reNgine +CVE-2021-38605 + RESERVED +CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/s ...) + - glibc <not-affected> (Vulnerability introduced as side effect of the CVE-2021-33574 fix) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213 + NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641 + NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8 +CVE-2021-38603 (PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Informati ...) + - pluxml <unfixed> + [buster] - pluxml <ignored> (Minor issue) + [stretch] - pluxml <no-dsa> (Minor issue) +CVE-2021-38602 (PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content ...) + - pluxml <unfixed> + [buster] - pluxml <ignored> (Minor issue) + [stretch] - pluxml <no-dsa> (Minor issue) +CVE-2021-38601 + RESERVED +CVE-2021-38600 + RESERVED +CVE-2021-38599 (WAL-G before 1.1, when a non-libsodium build (e.g., one of the officia ...) + NOT-FOR-US: WAL-G +CVE-2021-38598 (OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows ...) + - neutron 2:18.1.0-2 + [bullseye] - neutron 2:17.2.1-0+deb11u1 + [buster] - neutron <ignored> (Minor issue, not backported to rocky branch) + [stretch] - neutron <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/17/4 + NOTE: https://launchpad.net/bugs/1938670 + NOTE: https://review.opendev.org/c/openstack/neutron/+/785917/ +CVE-2021-38597 (wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...) + - wolfssl 5.0.0-1 (bug #992174) + [bullseye] - wolfssl <no-dsa> (Minor issue) + NOTE: https://github.com/wolfSSL/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093 +CVE-2021-38596 + RESERVED +CVE-2021-38595 + RESERVED +CVE-2021-38594 + RESERVED +CVE-2021-38593 (Qt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMapper::c ...) + - qtbase-opensource-src <not-affected> (Vulnerable code introduced later) + - qtbase-opensource-src-gles <not-affected> (Vulnerable code introduced later) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml + NOTE: https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862 (6.1) + NOTE: https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd (6.2) + NOTE: https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c (dev) + NOTE: Introduced by https://github.com/qt/qtbase/commit/6869d2463a2e0d71bd04dbc82f5d6ef4933dc510 (6.0) +CVE-2021-38592 (Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called fro ...) + NOT-FOR-US: Wasm3 +CVE-2021-38591 (An issue was discovered on LG mobile devices with Android OS P and Q s ...) + NOT-FOR-US: LG mobile devices +CVE-2021-38590 (In cPanel before 96.0.8, weak permissions on web stats can lead to inf ...) + NOT-FOR-US: cPanel +CVE-2021-38589 (In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly re ...) + NOT-FOR-US: cPanel +CVE-2021-38588 (In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the in ...) + NOT-FOR-US: cPanel +CVE-2021-38587 (In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creat ...) + NOT-FOR-US: cPanel +CVE-2021-38586 (In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operatio ...) + NOT-FOR-US: cPanel +CVE-2021-38585 (The WHM Locale Upload feature in cPanel before 98.0.1 allows unseriali ...) + NOT-FOR-US: cPanel +CVE-2021-38584 (The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attac ...) + NOT-FOR-US: cPanel +CVE-2021-38583 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...) + NOT-FOR-US: openBaraza HCM +CVE-2021-38582 + RESERVED +CVE-2021-38581 + RESERVED +CVE-2021-38580 + RESERVED +CVE-2021-38579 + RESERVED +CVE-2021-38578 + RESERVED +CVE-2021-38577 + RESERVED +CVE-2021-38576 (A BIOS bug in firmware for a particular PC model leaves the Platform a ...) + - edk2 <undetermined> + NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3499 (private) +CVE-2021-38575 (NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. ...) + - edk2 2021.08-1 + [bullseye] - edk2 <no-dsa> (Minor issue) + [buster] - edk2 <no-dsa> (Minor issue) + [stretch] - edk2 <no-dsa> (Minor issue) + NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 + NOTE: https://edk2.groups.io/g/devel/message/76198 + NOTE: https://github.com/tianocore/edk2/pull/1698 +CVE-2021-38574 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38573 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38572 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38571 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38570 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38569 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38568 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38567 (An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Read ...) + NOT-FOR-US: Foxit +CVE-2021-38566 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) + NOT-FOR-US: Foxit +CVE-2021-38565 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) + NOT-FOR-US: Foxit +CVE-2021-38564 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) + NOT-FOR-US: Foxit +CVE-2021-38563 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) + NOT-FOR-US: Foxit +CVE-2021-3703 + RESERVED + NOT-FOR-US: Red Hat Serverless +CVE-2021-3702 + RESERVED + - ansible-runner <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/0e9aa8a97e7832ef9a1553ef2908632a32d2b8c4 + NOTE: Introduced in https://github.com/ansible/ansible-runner/commit/93e95a3df9021a38010386d07df121392d249253 +CVE-2021-3701 + RESERVED + - ansible-runner 2.1.1-1 + NOTE: https://github.com/ansible/ansible-runner/issues/738 + NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89 +CVE-2021-3700 + RESERVED + - usbredir 0.11.0-1 + [bullseye] - usbredir <no-dsa> (Minor issue) + [buster] - usbredir <no-dsa> (Minor issue) + NOTE: https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba75120e00ebebbf1d5a1f7220ab (usbredir-0.11.0) +CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4. ...) + - request-tracker5 <unfixed> (bug #995167) + - request-tracker4 4.4.4+dfsg-3 (bug #995175) + [bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u1 + [buster] - request-tracker4 4.4.3-2+deb10u1 + [stretch] - request-tracker4 <no-dsa> (Minor issue) + NOTE: https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c (rt-5.0.2) + NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.4.5) + NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.2.17) +CVE-2021-38561 + RESERVED +CVE-2021-38560 (Ivanti Service Manager 2021.1 allows reflected XSS via the appName par ...) + NOT-FOR-US: Ivanti +CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php ...) + - hoteldruid 3.0.3-1 + [bullseye] - hoteldruid <no-dsa> (Minor issue) + [buster] - hoteldruid <no-dsa> (Minor issue) + [stretch] - hoteldruid <no-dsa> (Minor issue) +CVE-2021-38558 + RESERVED +CVE-2021-38557 (raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as ...) + NOT-FOR-US: RaspAP +CVE-2021-38556 (includes/configure_client.php in RaspAP 2.6.6 allows attackers to exec ...) + NOT-FOR-US: RaspAP +CVE-2021-38555 (An XML external entity (XXE) injection vulnerability was discovered in ...) + NOT-FOR-US: Apache Any23 +CVE-2021-38554 (HashiCorp Vault and Vault Enterprise’s UI erroneously cached and ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-38553 (HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized a ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-38552 + RESERVED +CVE-2021-38551 + RESERVED +CVE-2021-38550 + RESERVED +CVE-2021-38549 (MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific ...) + NOT-FOR-US: MIRACASE MHUB500 USB splitters +CVE-2021-38548 (JBL Go 2 devices through 2021-08-09 allow remote attackers to recover ...) + NOT-FOR-US: JBL Go 2 devices +CVE-2021-38547 (Logitech Z120 and S120 speakers through 2021-08-09 allow remote attack ...) + NOT-FOR-US: Logitech +CVE-2021-38546 (CREATIVE Pebble devices through 2021-08-09 allow remote attackers to r ...) + NOT-FOR-US: CREATIVE Pebble devices +CVE-2021-38545 (Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain speci ...) + NOT-FOR-US: Raspberry Pi hardware +CVE-2021-38544 (Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote att ...) + NOT-FOR-US: Sony SRS-XB33 and SRS-XB43 devices +CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in certain spec ...) + NOT-FOR-US: TP-Link +CVE-2021-38542 (Apache James prior to release 3.6.1 is vulnerable to a buffering attac ...) + NOT-FOR-US: Apache James +CVE-2021-38541 + RESERVED +CVE-2021-3699 + RESERVED +CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust. When ...) + - rust-tar 0.4.37-1 (bug #992173) + [bullseye] - rust-tar <no-dsa> (Minor issue) + [buster] - rust-tar <no-dsa> (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0080.html + NOTE: https://github.com/alexcrichton/tar-rs/issues/238 +CVE-2021-38540 (The variable import endpoint was not protected by authentication in Ai ...) + - airflow <itp> (bug #819700) +CVE-2021-38539 (Certain NETGEAR devices are affected by privilege escalation. This aff ...) + NOT-FOR-US: Netgear +CVE-2021-38538 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2021-38537 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) + NOT-FOR-US: Netgear +CVE-2021-38536 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) + NOT-FOR-US: Netgear +CVE-2021-38535 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) + NOT-FOR-US: Netgear +CVE-2021-38534 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) + NOT-FOR-US: Netgear +CVE-2021-38533 (NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. ...) + NOT-FOR-US: Netgear +CVE-2021-38532 (NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect confi ...) + NOT-FOR-US: Netgear +CVE-2021-38531 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-38530 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-38529 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-38528 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-38527 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-38526 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-38525 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-38524 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-38523 (NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based bu ...) + NOT-FOR-US: Netgear +CVE-2021-38522 (NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based bu ...) + NOT-FOR-US: Netgear +CVE-2021-38521 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-38520 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-38519 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-38518 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-38517 (Certain NETGEAR devices are affected by out-of-bounds reads and writes ...) + NOT-FOR-US: Netgear +CVE-2021-38516 (Certain NETGEAR devices are affected by lack of access control at the ...) + NOT-FOR-US: Netgear +CVE-2021-38515 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2021-38514 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-38513 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-38512 (An issue was discovered in the actix-http crate before 3.0.0-beta.9 fo ...) + NOT-FOR-US: Rust crate actix-http +CVE-2021-38510 (The executable file warning was not presented when downloading .inetlo ...) + - firefox <not-affected> (Only affects Mac OSX) + - firefox-esr <not-affected> (Only affects Mac OSX) + - thunderbird <not-affected> (Only affects Mac OSX) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38510 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510 +CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Javascript ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38509 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509 +CVE-2021-38508 (By displaying a form validity message in the correct location at the s ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38508 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508 +CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38507 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507 +CVE-2021-38506 (Through a series of navigations, Firefox could have entered fullscreen ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38506 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38506 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38506 +CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as Cloud Clipbo ...) + - firefox <not-affected> (Only affects Windows) + - firefox-esr <not-affected> (Only affects Windows) + - thunderbird <not-affected> (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38505 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505 +CVE-2021-38504 (When interacting with an HTML input element's file picker dialog with ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38504 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504 +CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT stylesheet ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38503 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38503 +CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...) + {DSA-5034-1 DLA-2874-1} + [experimental] - thunderbird 1:91.2.0-1 + - thunderbird 1:91.2.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502 +CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...) + - firefox 93.0-1 + - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version) + - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38501 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501 +CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...) + {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1} + - firefox 93.0-1 + - firefox-esr 91.2.0esr-1 + [experimental] - thunderbird 1:91.2.0-1 + - thunderbird 1:91.2.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38500 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38500 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38500 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38500 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38500 +CVE-2021-38499 (Mozilla developers reported memory safety bugs present in Firefox 92. ...) + - firefox 93.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38499 +CVE-2021-38498 (During process shutdown, a document could have caused a use-after-free ...) + - firefox 93.0-1 + - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version) + - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38498 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38498 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38498 +CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text valida ...) + - firefox 93.0-1 + - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version) + - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38497 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497 +CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while ...) + {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1} + - firefox 93.0-1 + - firefox-esr 91.2.0esr-1 + [experimental] - thunderbird 1:91.2.0-1 + - thunderbird 1:91.2.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38496 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38496 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38496 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38496 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38496 +CVE-2021-38495 (Mozilla developers reported memory safety bugs present in Thunderbird ...) + - thunderbird <not-affected> (Vulnerable code introduced later) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-41/#CVE-2021-38495 +CVE-2021-38494 (Mozilla developers reported memory safety bugs present in Firefox 91. ...) + - firefox 92.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494 +CVE-2021-38493 (Mozilla developers reported memory safety bugs present in Firefox 91 a ...) + {DSA-4973-1 DSA-4969-1 DLA-2757-1 DLA-2756-1} + - firefox 92.0-1 + - firefox-esr 78.14.0esr-1 + - thunderbird 1:78.14.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38493 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38493 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38493 +CVE-2021-38492 (When delegating navigations to the operating system, Firefox would acc ...) + - firefox <not-affected> (Only affects Windows) + - firefox-esr <not-affected> (Only affects Windows) + - thunderbird <not-affected> (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38492 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38492 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38492 +CVE-2021-38491 (Mixed-content checks were unable to analyze opaque origins which led t ...) + - firefox 92.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38491 +CVE-2021-38490 (Altova MobileTogether Server before 7.3 SP1 allows XML exponential ent ...) + NOT-FOR-US: Altova MobileTogether Server +CVE-2021-38489 + RESERVED +CVE-2021-38488 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38487 + RESERVED +CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38485 (The affected product is vulnerable to improper input validation in the ...) + NOT-FOR-US: Emerson +CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38483 + RESERVED +CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 we ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38481 (The scheduler service running on a specific TCP port enables the user ...) + NOT-FOR-US: AUVESY +CVE-2021-38480 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38479 (Many API function codes receive raw pointers remotely from the user an ...) + NOT-FOR-US: AUVESY +CVE-2021-38478 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38477 (There are multiple API function codes that permit reading and writing ...) + NOT-FOR-US: AUVESY +CVE-2021-38476 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 au ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38475 (The database connection to the server is performed by calling a specif ...) + NOT-FOR-US: AUVESY +CVE-2021-38474 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38473 (The affected product’s code base doesn’t properly control ...) + NOT-FOR-US: AUVESY +CVE-2021-38472 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ma ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38471 (There are multiple API function codes that permit data writing to any ...) + NOT-FOR-US: AUVESY +CVE-2021-38470 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38469 (Many of the services used by the affected product do not specify full ...) + NOT-FOR-US: AUVESY +CVE-2021-38468 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38467 (A specific function code receives a raw pointer supplied by the user a ...) + NOT-FOR-US: AUVESY +CVE-2021-38466 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38465 (The webinstaller is a Golang web server executable that enables the ge ...) + NOT-FOR-US: AUVESY +CVE-2021-38464 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38463 (The affected product does not properly control the allocation of resou ...) + NOT-FOR-US: AUVESY +CVE-2021-38462 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38461 (The affected product uses a hard-coded blowfish key for encryption/dec ...) + NOT-FOR-US: AUVESY +CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network Management s ...) + NOT-FOR-US: Moxa +CVE-2021-38459 (The data of a network capture of the initial handshake phase can be us ...) + NOT-FOR-US: AUVESY +CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network Management s ...) + NOT-FOR-US: Moxa +CVE-2021-38457 (The server permits communication without any authentication procedure, ...) + NOT-FOR-US: AUVESY +CVE-2021-38456 (A use of hard-coded password vulnerability in the Moxa MXview Network ...) + NOT-FOR-US: Moxa +CVE-2021-38455 (The affected product’s OS Service does not verify any given para ...) + NOT-FOR-US: AUVESY +CVE-2021-38454 (A path traversal vulnerability in the Moxa MXview Network Management s ...) + NOT-FOR-US: Moxa +CVE-2021-38453 (Some API functions allow interaction with the registry, which includes ...) + NOT-FOR-US: AUVESY +CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Management s ...) + NOT-FOR-US: Moxa +CVE-2021-38451 (The affected product’s proprietary protocol CSC allows for calli ...) + NOT-FOR-US: AUVESY +CVE-2021-38450 (The affected controllers do not properly sanitize the input containing ...) + NOT-FOR-US: Trane +CVE-2021-38449 (Some API functions permit by-design writing or copying data into a giv ...) + NOT-FOR-US: AUVESY +CVE-2021-38448 (The affected controllers do not properly sanitize the input containing ...) + NOT-FOR-US: Trane +CVE-2021-38447 + RESERVED +CVE-2021-38446 + RESERVED +CVE-2021-38445 + RESERVED +CVE-2021-38444 + RESERVED +CVE-2021-38443 + RESERVED +CVE-2021-38442 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38441 + RESERVED +CVE-2021-38440 (FATEK Automation WinProladder versions 3.30 and prior is vulnerable to ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38439 + RESERVED +CVE-2021-38438 (A use after free vulnerability in FATEK Automation WinProladder versio ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38437 + RESERVED +CVE-2021-38436 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38435 + RESERVED +CVE-2021-38434 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38433 + RESERVED +CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior lacks pr ...) + NOT-FOR-US: FATEK Automation Communication Server +CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in versions 9.0. ...) + NOT-FOR-US: Advantech +CVE-2021-38430 (FATEK Automation WinProladder versions 3.30 and prior proper validatio ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38429 + RESERVED +CVE-2021-38428 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38427 + RESERVED +CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38425 + RESERVED +CVE-2021-38424 (The tag interface of Delta Electronics DIALink versions 1.2.4.0 and pr ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38423 + RESERVED +CVE-2021-38422 (Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38421 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) + NOT-FOR-US: Fuji Electric +CVE-2021-38420 (Delta Electronics DIALink versions 1.2.4.0 and prior default permissio ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38419 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) + NOT-FOR-US: Fuji Electric +CVE-2021-38418 (Delta Electronics DIALink versions 1.2.4.0 and prior runs by default o ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38417 + RESERVED +CVE-2021-38416 (Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38415 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) + NOT-FOR-US: Fuji Electric +CVE-2021-38414 + RESERVED +CVE-2021-38413 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) + NOT-FOR-US: Fuji Electric +CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...) + NOT-FOR-US: Digi PortServer TS +CVE-2021-38411 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38410 + RESERVED +CVE-2021-38409 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) + NOT-FOR-US: Fuji Electric +CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAccess Ver ...) + NOT-FOR-US: Advantech WebAccess +CVE-2021-38407 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) + NOT-FOR-US: Delta Electronic +CVE-2021-38405 + RESERVED +CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) + NOT-FOR-US: Delta Electronic +CVE-2021-38403 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) + NOT-FOR-US: Delta Electronic +CVE-2021-38401 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) + NOT-FOR-US: Fuji Electric +CVE-2021-38400 (An attacker with physical access to Boston Scientific Zoom Latitude Mo ...) + NOT-FOR-US: Boston Scientific Zoom Latitude Model 3120 +CVE-2021-38399 + RESERVED +CVE-2021-38398 (The affected device uses off-the-shelf software components that contai ...) + NOT-FOR-US: Boston Scientific +CVE-2021-38397 + RESERVED +CVE-2021-38396 (The programmer installation utility does not perform a cryptographic a ...) + NOT-FOR-US: Boston Scientific +CVE-2021-38395 + RESERVED +CVE-2021-38394 (An attacker with physical access to the device can extract the binary ...) + NOT-FOR-US: Boston Scientific +CVE-2021-38393 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...) + NOT-FOR-US: Delta Electronics +CVE-2021-38392 (A skilled attacker with physical access to the affected device can gai ...) + NOT-FOR-US: Boston Scientific +CVE-2021-38391 (A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_H ...) + NOT-FOR-US: Delta Electronics +CVE-2021-38390 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...) + NOT-FOR-US: Delta Electronics +CVE-2021-38389 (Advantech WebAccess versions 9.02 and prior are vulnerable to a stack- ...) + NOT-FOR-US: Advantech WebAccess +CVE-2021-38388 (Central Dogma allows privilege escalation with mirroring to the intern ...) + NOT-FOR-US: Central Dogma +CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...) + NOT-FOR-US: Contiki +CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows remote ...) + NOT-FOR-US: Contiki +CVE-2021-38385 (Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship ...) + {DSA-4961-1} + - tor 0.4.5.10-1 + [stretch] - tor <end-of-life> (See DSA 4644) + NOTE: https://blog.torproject.org/node/2062 + NOTE: https://bugs.torproject.org/tpo/core/tor/40078 +CVE-2021-38384 (Serverless Offline 8.0.0 returns a 403 HTTP status code for a route th ...) + NOT-FOR-US: Serverless Offline +CVE-2021-38383 (OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_ ...) + NOT-FOR-US: OwnTone +CVE-2021-38382 (Live555 through 1.08 does not handle Matroska and Ogg files properly. ...) + - liblivemedia <removed> + [buster] - liblivemedia <ignored> (Minor issue) + [stretch] - liblivemedia <no-dsa> (Minor issue) + NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021959.html + NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06] +CVE-2021-38381 (Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sendi ...) + - liblivemedia <removed> + [buster] - liblivemedia <ignored> (Minor issue) + [stretch] - liblivemedia <no-dsa> (Minor issue) + NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021961.html + NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09] +CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 stream, ...) + - liblivemedia <removed> + [buster] - liblivemedia <ignored> (Minor issue) + [stretch] - liblivemedia <no-dsa> (Minor issue) + NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021954.html + NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04] +CVE-2021-38379 (The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permi ...) + NOT-FOR-US: CFEngine Enterprise +CVE-2021-38378 (OX App Suite 7.10.5 allows Information Exposure because a caching mech ...) + NOT-FOR-US: OX App Suite +CVE-2021-38377 (OX App Suite through 7.10.5 allows XSS via JavaScript code in an ancho ...) + NOT-FOR-US: OX App Suite +CVE-2021-38376 (OX App Suite through 7.10.5 has Incorrect Access Control for retrieval ...) + NOT-FOR-US: OX App Suite +CVE-2021-38375 (OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG ...) + NOT-FOR-US: OX App Suite +CVE-2021-38374 (OX App Suite through through 7.10.5 allows XSS via a crafted snippet t ...) + NOT-FOR-US: OX App Suite +CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not hon ...) + - kmail <unfixed> + [bullseye] - kmail <no-dsa> (Minor issue) + [buster] - kmail <no-dsa> (Minor issue) + NOTE: https://bugs.kde.org/show_bug.cgi?id=423423 + NOTE: https://nostarttls.secvuln.info +CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new folders ...) + - trojita <itp> (bug #795701) +CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection ...) + - exim4 <unfixed> (bug #992172) + [bullseye] - exim4 <no-dsa> (Minor issue) + [buster] - exim4 <no-dsa> (Minor issue) + [stretch] - exim4 <postponed> (Minor issue, revisit when fixed upstream) + NOTE: https://nostarttls.secvuln.info + NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt +CVE-2021-38370 (In Alpine through 2.24, untagged responses from an IMAP server are acc ...) + - alpine 2.25+dfsg1-1 (bug #992171) + [bullseye] - alpine <no-dsa> (Minor issue) + [buster] - alpine <no-dsa> (Minor issue) + [stretch] - alpine <postponed> (Minor issue, revisit when/if fixed upstream) + NOTE: https://nostarttls.secvuln.info +CVE-2021-38369 + RESERVED +CVE-2021-38368 + RESERVED +CVE-2021-38367 + RESERVED +CVE-2021-38366 (Sitecore through 10.1, when Update Center is enabled, allows remote au ...) + NOT-FOR-US: Sitecore +CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remo ...) + NOT-FOR-US: Winner (aka ToneWinner) desktop speakers +CVE-2021-3698 [authenticates with revoked certificates] + RESERVED + - cockpit 260-1 + [bullseye] - cockpit <no-dsa> (Minor issue) + [buster] - cockpit <not-affected> (Vulnerable code not present, introduced in 208) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149 + NOTE: Needs sssd 2.6.1 + NOTE: https://cockpit-project.org/blog/cockpit-260.html +CVE-2021-3697 + RESERVED +CVE-2021-3696 + RESERVED +CVE-2021-3695 + RESERVED +CVE-2021-40084 (opensysusers through 0.6 does not safely use eval on files in sysusers ...) + - opensysusers 0.6-3 (bug #992058) + [bullseye] - opensysusers <no-dsa> (Minor issue; if fixed upstream address via point release) +CVE-2021-38364 + RESERVED +CVE-2021-38363 + RESERVED +CVE-2021-38362 + RESERVED +CVE-2021-38361 (The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cro ...) + NOT-FOR-US: WordPess plugin +CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to restrictive loca ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38358 (The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38357 (The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38356 (The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress pl ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38355 (The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38354 (The GNU-Mailman Integration WordPress plugin is vulnerable to Reflecte ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38353 (The Dropdown and scrollable Text WordPress plugin is vulnerable to Ref ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38352 (The Feedify – Web Push Notifications WordPress plugin is vulnera ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38351 (The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38350 (The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38349 (The Integration of Moneybird for WooCommerce WordPress plugin is vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected Cross-S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38346 (The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authe ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38345 (The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38344 (The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerabl ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38343 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Op ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38342 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38341 (The WooCommerce Payment Gateway Per Category WordPress plugin is vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38340 (The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38339 (The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflect ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38338 (The Border Loading Bar WordPress plugin is vulnerable to Reflected Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38337 (The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38336 (The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38335 (The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflect ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38334 (The WP Design Maps & Places WordPress plugin is vulnerable to Refl ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38333 (The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38332 (The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vuln ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38331 (The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Sc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38330 (The Yet Another bol.com Plugin WordPress plugin is vulnerable to Refle ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38329 (The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38328 (The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38327 (The YouTube Video Inserter WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38326 (The Post Title Counter WordPress plugin is vulnerable to Reflected Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38325 (The User Activation Email WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38324 (The SP Rental Manager WordPress plugin is vulnerable to SQL Injection ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38323 (The RentPress WordPress plugin is vulnerable to Reflected Cross-Site S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38322 (The Twitter Friends Widget WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38321 (The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38320 (The simpleSAMLphp Authentication WordPress plugin is vulnerable to Ref ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38319 (The More From Google WordPress plugin is vulnerable to Reflected Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38318 (The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38317 (The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38316 (The WP Academic People List WordPress plugin is vulnerable to Reflecte ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38315 (The SP Project & Document Manager WordPress plugin is vulnerable t ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38314 (The Gutenberg Template Library & Redux Framework plugin <= 4.2. ...) + NOT-FOR-US: Gutenberg Template Library +CVE-2021-38313 + RESERVED +CVE-2021-38312 (The Gutenberg Template Library & Redux Framework plugin <= 4.2. ...) + NOT-FOR-US: Gutenberg Template Library +CVE-2021-38311 (In Contiki 3.0, potential nonterminating acknowledgment loops exist in ...) + NOT-FOR-US: Contiki +CVE-2021-38310 + RESERVED +CVE-2021-38309 + RESERVED +CVE-2021-38308 + RESERVED +CVE-2021-38307 + RESERVED +CVE-2021-38306 (Network Attached Storage on LG N1T1*** 10124 devices allows an unauthe ...) + NOT-FOR-US: LG +CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...) + NOT-FOR-US: 23andMe Yamale +CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL driver in ...) + NOT-FOR-US: National Instruments NI-PAL driver +CVE-2021-38303 (A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0 ...) + NOT-FOR-US: Sureline SUREedge Migrator +CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. ...) + NOT-FOR-US: Newsletter extension for TYPO3 +CVE-2021-38301 + RESERVED +CVE-2021-38300 (arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [stretch] - linux <ignored> (mips not supported in LTS) + NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/5 + NOTE: https://lore.kernel.org/bpf/20210915160437.4080-1-piotras@gmail.com/ +CVE-2021-38299 (Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An ...) + NOT-FOR-US: FIDO2/Webauthn Support for PHP +CVE-2021-38298 (Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XX ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via la ...) + - golang-1.17 1.17.2-1 + - golang-1.16 1.16.9-1 + - golang-1.15 1.15.15-5 + [bullseye] - golang-1.15 1.15.15-1~deb11u2 + - golang-1.11 <removed> + [buster] - golang-1.11 <no-dsa> (Minor issue) + - golang-1.8 <not-affected> (Vulnerable code not present) + - golang-1.7 <not-affected> (Vulnerable code not present) + NOTE: https://github.com/golang/go/commit/77f2750f4398990eed972186706f160631d7dae4 + NOTE: https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A + NOTE: https://github.com/golang/go/issues/48797 +CVE-2021-38296 + RESERVED +CVE-2021-38295 (In Apache CouchDB, a malicious user with permission to create document ...) + - couchdb <removed> +CVE-2021-3694 (LedgerSMB does not sufficiently HTML-encode error messages sent to the ...) + {DSA-4962-1} + - ledgersmb 1.6.9+ds-2.1 (bug #992817) + NOTE: https://ledgersmb.org/cve-2021-3694-cross-site-scripting +CVE-2021-3693 (LedgerSMB does not check the origin of HTML fragments merged into the ...) + {DSA-4962-1} + - ledgersmb 1.6.9+ds-2.1 (bug #992817) + NOTE: https://ledgersmb.org/cve-2021-3693-cross-site-scripting +CVE-2021-3692 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...) + - yii <itp> (bug #597899) +CVE-2021-38294 (A Command Injection vulnerability exists in the getTopologyHistory ser ...) + NOT-FOR-US: Apache Storm +CVE-2021-38293 + RESERVED +CVE-2021-38292 + RESERVED +CVE-2021-38291 (FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) s ...) + {DSA-4998-1 DSA-4990-1 DLA-2818-1} + - ffmpeg 7:4.4.1-1 (unimportant) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e01d306c647b5827102260b885faa223b646d2d1 + NOTE: https://trac.ffmpeg.org/ticket/9312 + NOTE: Negligible security impact +CVE-2021-38290 (A host header attack vulnerability exists in FUEL CMS 1.5.0 through fu ...) + NOT-FOR-US: FUEL CMS +CVE-2021-38289 + RESERVED +CVE-2021-38288 + RESERVED +CVE-2021-38287 + RESERVED +CVE-2021-38286 + RESERVED +CVE-2021-38285 + RESERVED +CVE-2021-38284 + RESERVED +CVE-2021-38283 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...) + NOT-FOR-US: Wipro Holmes Orchestrator +CVE-2021-38282 + RESERVED +CVE-2021-38281 + RESERVED +CVE-2021-38280 + RESERVED +CVE-2021-38279 + RESERVED +CVE-2021-38278 + RESERVED +CVE-2021-38277 + RESERVED +CVE-2021-38276 + RESERVED +CVE-2021-38275 + RESERVED +CVE-2021-38274 + RESERVED +CVE-2021-38273 + RESERVED +CVE-2021-38272 + RESERVED +CVE-2021-38271 + RESERVED +CVE-2021-38270 + RESERVED +CVE-2021-38269 + RESERVED +CVE-2021-38268 + RESERVED +CVE-2021-38267 + RESERVED +CVE-2021-38266 + RESERVED +CVE-2021-38265 + RESERVED +CVE-2021-38264 + RESERVED +CVE-2021-38263 + RESERVED +CVE-2021-38262 + RESERVED +CVE-2021-38261 + RESERVED +CVE-2021-38260 (NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow ...) + NOT-FOR-US: NXP MCUXpresso SDK +CVE-2021-38259 + RESERVED +CVE-2021-38258 (NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow ...) + NOT-FOR-US: NXP MCUXpresso SDK +CVE-2021-38257 + RESERVED +CVE-2021-38256 + RESERVED +CVE-2021-38255 + RESERVED +CVE-2021-38254 + RESERVED +CVE-2021-38253 + RESERVED +CVE-2021-38252 + RESERVED +CVE-2021-38251 + RESERVED +CVE-2021-38250 + RESERVED +CVE-2021-38249 + RESERVED +CVE-2021-38248 + RESERVED +CVE-2021-38247 + RESERVED +CVE-2021-38246 + RESERVED +CVE-2021-38245 + RESERVED +CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability exits in ...) + NOT-FOR-US: cbioportal +CVE-2021-38243 + RESERVED +CVE-2021-38242 + RESERVED +CVE-2021-38241 + RESERVED +CVE-2021-38240 + RESERVED +CVE-2021-38239 + RESERVED +CVE-2021-38238 + RESERVED +CVE-2021-38237 + RESERVED +CVE-2021-38236 + RESERVED +CVE-2021-38235 + RESERVED +CVE-2021-38234 + RESERVED +CVE-2021-38233 + RESERVED +CVE-2021-38232 + RESERVED +CVE-2021-38231 + RESERVED +CVE-2021-38230 + RESERVED +CVE-2021-38229 + RESERVED +CVE-2021-38228 + RESERVED +CVE-2021-38227 + RESERVED +CVE-2021-38226 + RESERVED +CVE-2021-38225 + RESERVED +CVE-2021-38224 + RESERVED +CVE-2021-38223 + RESERVED +CVE-2021-38222 + RESERVED +CVE-2021-38221 + RESERVED +CVE-2021-38220 + RESERVED +CVE-2021-38219 + RESERVED +CVE-2021-38218 + RESERVED +CVE-2021-38217 + RESERVED +CVE-2021-38216 + RESERVED +CVE-2021-38215 + RESERVED +CVE-2021-38214 + RESERVED +CVE-2021-38213 + RESERVED +CVE-2021-38212 + RESERVED +CVE-2021-38211 + RESERVED +CVE-2021-38210 + RESERVED +CVE-2021-3691 + RESERVED +CVE-2021-3690 [buffer leak on incoming websocket PONG message may lead to DoS] + RESERVED + - undertow 2.2.10-1 + NOTE: https://issues.redhat.com/browse/UNDERTOW-1935 +CVE-2021-38209 (net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.1 ...) + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + [stretch] - linux 4.9.272-1 + NOTE: https://git.kernel.org/linus/2671fa4dc0109d3fb581bc3078fdf17b5d9080f6 +CVE-2021-38208 (net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local un ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba +CVE-2021-38207 (drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before ...) + - linux 5.10.46-1 + [buster] - linux <ignored> (Not applicable to any release architecture) + [stretch] - linux <ignored> (Not applicable to any release architecture) + NOTE: https://git.kernel.org/linus/c364df2489b8ef2f5e3159b1dff1ff1fdb16040d +CVE-2021-38206 (The mac80211 subsystem in the Linux kernel before 5.12.13, when a devi ...) + - linux 5.10.46-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/bddc0c411a45d3718ac535a070f349be8eca8d48 +CVE-2021-38205 (drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel befo ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/d0d62baa7f505bd4c59cd169692ff07ec49dde37 +CVE-2021-38204 (drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allow ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 (unimportant) + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/b5fdf5c6e6bee35837e160c00ac89327bdad031b +CVE-2021-38203 (btrfs in the Linux kernel before 5.13.4 allows attackers to cause a de ...) + - linux 5.14.6-1 + [bullseye] - linux <not-affected> (Vulnerability introduced later) + [buster] - linux <not-affected> (Vulnerability introduced later) + [stretch] - linux <not-affected> (Vulnerability introduced later) + NOTE: https://git.kernel.org/linus/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 +CVE-2021-38202 (fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote a ...) + - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/7b08cf62b1239a4322427d677ea9363f0ab677c6 +CVE-2021-38201 (net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attac ...) + - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c +CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on ...) + - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc +CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect co ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c +CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 inco ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/b1bd5cba3306691c771d558e94baa73e8b0b96b7 +CVE-2021-38197 (unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Director ...) + NOT-FOR-US: Go unarr +CVE-2021-38196 (An issue was discovered in the better-macro crate through 2021-07-22 f ...) + NOT-FOR-US: Rust crate better macto +CVE-2021-38195 (An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rus ...) + NOT-FOR-US: Rust crate libsecp256k1 +CVE-2021-38194 (An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rus ...) + NOT-FOR-US: Rust crate ark-r1cs-std +CVE-2021-38192 (An issue was discovered in the prost-types crate before 0.8.0 for Rust ...) + NOT-FOR-US: Rust crate prost-types +CVE-2021-38190 (An issue was discovered in the nalgebra crate before 0.27.1 for Rust. ...) + NOT-FOR-US: Rust crate nalgebra +CVE-2021-38189 (An issue was discovered in the lettre crate before 0.9.6 for Rust. In ...) + NOT-FOR-US: Rust crate lettre +CVE-2021-38188 (An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. ...) + NOT-FOR-US: Rust crate iced-x86 +CVE-2021-38187 (An issue was discovered in the anymap crate through 0.12.1 for Rust. I ...) + - rust-anymap <unfixed> (bug #992046) + [bullseye] - rust-anymap <no-dsa> (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0065.html +CVE-2021-38186 (An issue was discovered in the comrak crate before 0.10.1 for Rust. It ...) + NOT-FOR-US: Rust crate comrak +CVE-2021-38185 (GNU cpio through 2.13 allows attackers to execute arbitrary code via a ...) + - cpio 2.13+dfsg-5 (bug #992045) + [bullseye] - cpio <no-dsa> (Minor issue) + [buster] - cpio <no-dsa> (Minor issue) + [stretch] - cpio <no-dsa> (Minor issue) + NOTE: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b + NOTE: https://github.com/fangqyi/cpiopwn + NOTE: https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html + NOTE: https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00002.html + NOTE: Regression: https://bugs.debian.org/992098 + NOTE: Regression fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dfc801c44a93bed7b3951905b188823d6a0432c8 + NOTE: Regression #2: https://bugs.debian.org/992192 + NOTE: Regression #2 fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=236684f6deb3178043fe72a8e2faca538fa2aae1 +CVE-2021-38184 + RESERVED +CVE-2021-38183 (SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently enc ...) + NOT-FOR-US: SAP +CVE-2021-38182 (Due to insufficient input validation of Kyma, authenticated users can ...) + NOT-FOR-US: Kyma +CVE-2021-38181 (SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, ...) + NOT-FOR-US: SAP +CVE-2021-38180 (SAP Business One - version 10.0, allows an attacker to inject formulas ...) + NOT-FOR-US: SAP +CVE-2021-38179 (Debug function of Admin UI of SAP Business One Integration is enabled ...) + NOT-FOR-US: SAP +CVE-2021-38178 (The software logistics system of SAP NetWeaver AS ABAP and ABAP Platfo ...) + NOT-FOR-US: SAP +CVE-2021-38177 (SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null poin ...) + NOT-FOR-US: SAP +CVE-2021-38176 (Due to improper input sanitization, an authenticated user with certain ...) + NOT-FOR-US: SAP +CVE-2021-38175 (SAP Analysis for Microsoft Office - version 2.8, allows an attacker wi ...) + NOT-FOR-US: SAP +CVE-2021-38174 (When a user opens manipulated files received from untrusted sources in ...) + NOT-FOR-US: SAP +CVE-2021-3689 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...) + - yii <itp> (bug #597899) +CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mishandlin ...) + {DLA-2755-1} + - btrbk 0.27.1-2 + [bullseye] - btrbk 0.27.1-1.1+deb11u1 + [buster] - btrbk 0.27.1-1+deb10u1 + NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2) + NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1) +CVE-2021-38172 (perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially ...) + NOT-FOR-US: perM +CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...) + {DSA-4998-1 DSA-4990-1 DLA-2818-1} + - ffmpeg 7:4.4.1-1 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 +CVE-2021-38170 + RESERVED +CVE-2021-38169 (Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and ...) + NOT-FOR-US: Roxy-WI +CVE-2021-38168 (Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_ ...) + NOT-FOR-US: Roxy-WI +CVE-2021-38167 (Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unaut ...) + NOT-FOR-US: Roxy-WI +CVE-2021-38164 (SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - ...) + NOT-FOR-US: SAP +CVE-2021-38163 (SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7. ...) + NOT-FOR-US: SAP +CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22 ...) + NOT-FOR-US: SAP +CVE-2021-38161 (Improper Authentication vulnerability in TLS origin verification of Ap ...) + - trafficserver 9.1.0+ds-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: Mark first 9.x version as the fixed version as workaround, the issue does + NOTE: not affect the 9.x series. + NOTE: https://github.com/apache/trafficserver/commit/feefc5e4abc5011dfad5dcfef3f22998faf6e2d4 (8.1.x) + NOTE: but reverted pot 8.1.3 in https://github.com/apache/trafficserver/commit/bbbf80d75105313b51153c7fde0bf0edc8cf7783 +CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is a ...) + {DSA-4978-1} + - linux 5.14.6-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) +CVE-2021-38159 (In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0 ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2021-38158 + RESERVED +CVE-2021-38157 (** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 9.x before ...) + NOT-FOR-US: LeoStream Connection Broker +CVE-2021-38156 (In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboar ...) + NOT-FOR-US: Nagios XI +CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...) + - keystone 2:19.0.0-3 (bug #992070) + [bullseye] - keystone 2:18.0.0-3+deb11u1 + [buster] - keystone <no-dsa> (Minor issue) + [stretch] - keystone <end-of-life> (Keystone not supported in stretch) + NOTE: https://launchpad.net/bugs/1688137 +CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, whic ...) + {DSA-4953-1 DLA-2736-1} + [experimental] - lynx 2.9.0dev.9-1 + - lynx 2.9.0dev.6-3 (bug #991971) + [bullseye] - lynx 2.9.0dev.6-3~deb11u1 + NOTE: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html + NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9 + NOTE: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz +CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel be ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46 +CVE-2021-38154 (Certain Canon devices manufactured in 2012 through 2020 (such as image ...) + NOT-FOR-US: Canon +CVE-2021-38153 (Some components in Apache Kafka use `Arrays.equals` to validate a pass ...) + - kafka <itp> (bug #786460) +CVE-2021-38152 (index.php/appointment/insert_patient_add_appointment in Chikitsa Patie ...) + NOT-FOR-US: Chikitsa Patient Management System +CVE-2021-38151 (index.php/appointment/todos in Chikitsa Patient Management System 2.0. ...) + NOT-FOR-US: Chikitsa Patient Management System +CVE-2021-38150 (When an attacker manages to get access to the local memory, or the mem ...) + NOT-FOR-US: SAP +CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 a ...) + NOT-FOR-US: Chikitsa Patient Management System +CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...) + NOT-FOR-US: Obsidian +CVE-2021-38147 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...) + NOT-FOR-US: Wipro Holmes Orchestrator +CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...) + NOT-FOR-US: Wipro Holmes Orchestrator +CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...) + NOT-FOR-US: Form Tools +CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A low-privileged ...) + NOT-FOR-US: Form Tools +CVE-2021-38143 (An issue was discovered in Form Tools through 3.0.20. When an administ ...) + NOT-FOR-US: Form Tools +CVE-2021-38142 (Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and ...) + NOT-FOR-US: Barco MirrorOp Windows Sender +CVE-2021-38141 + RESERVED +CVE-2021-38140 (The set_user extension module before 2.0.1 for PostgreSQL allows a pot ...) + NOT-FOR-US: set_user extension for Postgres +CVE-2021-38139 + RESERVED +CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vend ...) + NOT-FOR-US: OneNav +CVE-2021-38137 (Corero SecureWatch Managed Services 9.7.2.0020 does not correctly chec ...) + NOT-FOR-US: Corero SecureWatch Managed Services +CVE-2021-38136 (Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path T ...) + NOT-FOR-US: Corero SecureWatch Managed Services +CVE-2021-3688 + RESERVED + NOT-FOR-US: Red Hat JBoss Core Services HTTP Server +CVE-2021-38135 + RESERVED +CVE-2021-38134 + RESERVED +CVE-2021-38133 + RESERVED +CVE-2021-38132 + RESERVED +CVE-2021-38131 + RESERVED +CVE-2021-38130 (A potential Information leakage vulnerability has been identified in v ...) + NOT-FOR-US: Micro Focus +CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...) + NOT-FOR-US: Micro Focus +CVE-2021-38128 + RESERVED +CVE-2021-38127 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) + NOT-FOR-US: Micro Focus +CVE-2021-38126 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) + NOT-FOR-US: Micro Focus +CVE-2021-38125 + RESERVED +CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise ...) + NOT-FOR-US: Micro Focus +CVE-2021-38123 (Open Redirect vulnerability in Micro Focus Network Automation, affecti ...) + NOT-FOR-US: Micro Focus +CVE-2021-38122 + RESERVED +CVE-2021-38121 + RESERVED +CVE-2021-38120 + RESERVED +CVE-2021-38119 + RESERVED +CVE-2021-38118 + RESERVED +CVE-2021-38117 + RESERVED +CVE-2021-38116 + RESERVED +CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...) + - libgd2 <unfixed> (bug #991912) + [bullseye] - libgd2 <no-dsa> (Minor issue) + [buster] - libgd2 <no-dsa> (Minor issue) + [stretch] - libgd2 <no-dsa> (Minor issue) + NOTE: https://github.com/libgd/libgd/issues/697 + NOTE: https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032 +CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of ...) + {DSA-4998-1 DSA-4990-1 DLA-2742-1} + - ffmpeg 7:4.4.1-1 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1 +CVE-2021-3687 + RESERVED +CVE-2021-3686 + RESERVED +CVE-2021-3685 + RESERVED +CVE-2021-3684 + RESERVED +CVE-2021-3683 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) + NOT-FOR-US: ShowDoc +CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...) + NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif) +CVE-2021-38112 (In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, a ...) + NOT-FOR-US: Amazon AWS client for Windows +CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a buffer overf ...) + NOT-FOR-US: DEF CON 27 badge +CVE-2021-38110 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...) + NOT-FOR-US: Corel WordPerfect +CVE-2021-38109 (Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Rea ...) + NOT-FOR-US: Corel DrawStandard +CVE-2021-38108 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...) + NOT-FOR-US: Corel WordPerfect +CVE-2021-38107 (CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Ou ...) + NOT-FOR-US: Corel DrawStandard +CVE-2021-38106 (UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) + NOT-FOR-US: Corel Presentations +CVE-2021-38105 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) + NOT-FOR-US: Corel Presentations +CVE-2021-38104 (IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) + NOT-FOR-US: Corel Presentations +CVE-2021-38103 (IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) + NOT-FOR-US: Corel Presentations +CVE-2021-38102 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) + NOT-FOR-US: Corel Presentations +CVE-2021-38101 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...) + NOT-FOR-US: Corel PhotoPaint Standard +CVE-2021-38100 (Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bou ...) + NOT-FOR-US: Corel PhotoPaint Standard +CVE-2021-38099 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...) + NOT-FOR-US: Corel PhotoPaint Standard +CVE-2021-38098 (Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerabilit ...) + NOT-FOR-US: Corel PDF Fusion +CVE-2021-38097 (Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnera ...) + NOT-FOR-US: Corel PDF Fusion +CVE-2021-38096 (Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds ...) + NOT-FOR-US: Corel PDF Fusion +CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthenticated at ...) + NOT-FOR-US: Planview Spigit +CVE-2021-38094 (Integer Overflow vulnerability in function filter_sobel in libavfilter ...) + - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg <not-affected> (vulnerable code is not present) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 + NOTE: https://trac.ffmpeg.org/ticket/8263 + NOTE: Negligible security impact +CVE-2021-38093 (Integer Overflow vulnerability in function filter_robert in libavfilte ...) + - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg <not-affected> (vulnerable code is not present) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 + NOTE: https://trac.ffmpeg.org/ticket/8263 + NOTE: Negligible security impact +CVE-2021-38092 (Integer Overflow vulnerability in function filter_prewitt in libavfilt ...) + - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg <not-affected> (vulnerable code is not present) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 + NOTE: https://trac.ffmpeg.org/ticket/8263 +CVE-2021-38091 (Integer Overflow vulnerability in function filter16_sobel in libavfilt ...) + - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg <not-affected> (vulnerable code is not present) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 + NOTE: https://trac.ffmpeg.org/ticket/8263 +CVE-2021-38090 (Integer Overflow vulnerability in function filter16_roberts in libavfi ...) + - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg <not-affected> (vulnerable code is not present) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 + NOTE: https://trac.ffmpeg.org/ticket/8263 +CVE-2021-38089 + REJECTED +CVE-2021-3682 (A flaw was found in the USB redirector device emulation of QEMU in ver ...) + {DSA-4980-1 DLA-2753-1} + - qemu 1:6.0+dfsg-3 (bug #991911) + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/491 + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/b2d1fe67d09d2b6c7da647fbcea6ca0148c206d3 (v1.4.0-rc0) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/5e796671e6b8d5de4b0b423dce1b3eba144a92c9 (v6.1.0-rc2) +CVE-2021-38088 (Acronis Cyber Protect 15 for Windows prior to build 27009 allowed loca ...) + NOT-FOR-US: Acronis Cyber Protect +CVE-2021-38087 (Reflected cross-site scripting (XSS) was possible on the login page in ...) + NOT-FOR-US: Acronis Cyber Protect +CVE-2021-38086 (Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis ...) + NOT-FOR-US: Acronis Cyber Protect +CVE-2021-38085 (The Canon TR150 print driver through 3.71.2.10 is vulnerable to a priv ...) + NOT-FOR-US: Canon +CVE-2021-38084 (An issue was discovered in the POP3 component of Courier Mail Server b ...) + - courier <unfixed> (bug #989375) + [bullseye] - courier <no-dsa> (Minor issue) + [buster] - courier <no-dsa> (Minor issue) + [stretch] - courier <postponed> (Minor issue, include in next update) + NOTE: https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583 + NOTE: https://sourceforge.net/p/courier/mailman/message/37329216/ + NOTE: https://sourceforge.net/p/courier/courier-libs.git/ci/97ed62b17a2616c758d09105b5a14dd1038cff6f/ (1.1.5) +CVE-2021-38083 + RESERVED +CVE-2021-38082 + RESERVED +CVE-2021-38081 + RESERVED +CVE-2021-38080 + RESERVED +CVE-2021-38079 + RESERVED +CVE-2021-38078 + RESERVED +CVE-2021-38077 + RESERVED +CVE-2021-38076 + RESERVED +CVE-2021-38075 + RESERVED +CVE-2021-38074 + RESERVED +CVE-2021-38073 + RESERVED +CVE-2021-38072 + RESERVED +CVE-2021-38071 + RESERVED +CVE-2021-38070 + RESERVED +CVE-2021-38069 + RESERVED +CVE-2021-38068 + RESERVED +CVE-2021-38067 + RESERVED +CVE-2021-38066 + RESERVED +CVE-2021-38065 + RESERVED +CVE-2021-38064 + RESERVED +CVE-2021-38063 + RESERVED +CVE-2021-38062 + RESERVED +CVE-2021-38061 + RESERVED +CVE-2021-38060 + RESERVED +CVE-2021-38059 + RESERVED +CVE-2021-38058 + RESERVED +CVE-2021-38057 + RESERVED +CVE-2021-38056 + RESERVED +CVE-2021-38055 + RESERVED +CVE-2021-38054 + RESERVED +CVE-2021-38053 + RESERVED +CVE-2021-38052 + RESERVED +CVE-2021-38051 + RESERVED +CVE-2021-38050 + RESERVED +CVE-2021-38049 + RESERVED +CVE-2021-38048 + RESERVED +CVE-2021-38047 + RESERVED +CVE-2021-38046 + RESERVED +CVE-2021-38045 + RESERVED +CVE-2021-38044 + RESERVED +CVE-2021-38043 + RESERVED +CVE-2021-38042 + RESERVED +CVE-2021-38041 + RESERVED +CVE-2021-38040 + RESERVED +CVE-2021-38039 + RESERVED +CVE-2021-38038 + RESERVED +CVE-2021-38037 + RESERVED +CVE-2021-38036 + RESERVED +CVE-2021-38035 + RESERVED +CVE-2021-38034 + RESERVED +CVE-2021-38033 + RESERVED +CVE-2021-38032 + RESERVED +CVE-2021-38031 + RESERVED +CVE-2021-38030 + RESERVED +CVE-2021-38029 + RESERVED +CVE-2021-38028 + RESERVED +CVE-2021-38027 + RESERVED +CVE-2021-38026 + RESERVED +CVE-2021-38025 + RESERVED +CVE-2021-38024 + RESERVED +CVE-2021-38023 + RESERVED +CVE-2021-38022 (Inappropriate implementation in WebAuthentication in Google Chrome pri ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38021 (Inappropriate implementation in referrer in Google Chrome prior to 96. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38020 (Insufficient policy enforcement in contacts picker in Google Chrome on ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38019 (Insufficient policy enforcement in CORS in Google Chrome prior to 96.0 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38018 (Inappropriate implementation in navigation in Google Chrome prior to 9 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38017 (Insufficient policy enforcement in iframe sandbox in Google Chrome pri ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38016 (Insufficient policy enforcement in background fetch in Google Chrome p ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38015 (Inappropriate implementation in input in Google Chrome prior to 96.0.4 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38014 (Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38013 (Heap buffer overflow in fingerprint recognition in Google Chrome on Ch ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38012 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38011 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38010 (Inappropriate implementation in service workers in Google Chrome prior ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38009 (Inappropriate implementation in cache in Google Chrome prior to 96.0.4 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38008 (Use after free in media in Google Chrome prior to 96.0.4664.45 allowed ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38007 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38006 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38005 (Use after free in loader in Google Chrome prior to 96.0.4664.45 allowe ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38002 (Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38001 (Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-38000 (Insufficient validation of untrusted input in Intents in Google Chrome ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37999 (Insufficient data validation in New Tab Page in Google Chrome prior to ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37998 (Use after free in Garbage Collection in Google Chrome prior to 95.0.46 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37997 (Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allow ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37996 (Insufficient validation of untrusted input Downloads in Google Chrome ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37995 (Inappropriate implementation in WebApp Installer in Google Chrome prio ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37994 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37993 (Use after free in PDF Accessibility in Google Chrome prior to 95.0.463 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37992 (Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37991 (Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote att ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37990 (Inappropriate implementation in WebView in Google Chrome on Android pr ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37989 (Inappropriate implementation in Blink in Google Chrome prior to 95.0.4 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37988 (Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allo ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37987 (Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37986 (Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.5 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37985 (Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37984 (Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37983 (Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 all ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37982 (Use after free in Incognito in Google Chrome prior to 95.0.4638.54 all ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37981 (Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 al ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37980 (Inappropriate implementation in Sandbox in Google Chrome prior to 94.0 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37979 (heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37978 (Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37977 (Use after free in Garbage Collection in Google Chrome prior to 94.0.46 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37976 (Inappropriate implementation in Memory in Google Chrome prior to 94.0. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37975 (Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37974 (Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37973 (Use after free in Portals in Google Chrome prior to 94.0.4606.61 allow ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37972 (Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.460 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37971 (Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37970 (Use after free in File System API in Google Chrome prior to 94.0.4606. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37969 (Inappropriate implementation in Google Updater in Google Chrome on Win ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37968 (Inappropriate implementation in Background Fetch API in Google Chrome ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37967 (Inappropriate implementation in Background Fetch API in Google Chrome ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37966 (Inappropriate implementation in Compositing in Google Chrome on Androi ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37965 (Inappropriate implementation in Background Fetch API in Google Chrome ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37964 (Inappropriate implementation in ChromeOS Networking in Google Chrome o ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37963 (Side-channel information leakage in DevTools in Google Chrome prior to ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37962 (Use after free in Performance Manager in Google Chrome prior to 94.0.4 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37961 (Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 all ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37960 + REJECTED +CVE-2021-37959 (Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37958 (Inappropriate implementation in Navigation in Google Chrome on Windows ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37957 (Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowe ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37956 (Use after free in Offline use in Google Chrome on Android prior to 94. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-37955 + RESERVED +CVE-2021-37954 + RESERVED +CVE-2021-37953 + RESERVED +CVE-2021-37952 + RESERVED +CVE-2021-37951 + RESERVED +CVE-2021-37950 + RESERVED +CVE-2021-37949 + RESERVED +CVE-2021-37948 + RESERVED +CVE-2021-37947 + RESERVED +CVE-2021-37946 + RESERVED +CVE-2021-37945 + RESERVED +CVE-2021-37944 + RESERVED +CVE-2021-37943 + RESERVED +CVE-2021-37942 + RESERVED +CVE-2021-37941 (A local privilege escalation issue was found with the APM Java agent, ...) + NOT-FOR-US: Elastic APM Java agent +CVE-2021-37940 (An information disclosure via GET request server-side request forgery ...) + NOT-FOR-US: Workplace Search GHES integration +CVE-2021-37939 (It was discovered that Kibana’s JIRA connector & IBM Resilie ...) + NOT-FOR-US: IBM +CVE-2021-37938 (It was discovered that on Windows operating systems specifically, Kiba ...) + - kibana <itp> (bug #700337) +CVE-2021-37937 + RESERVED +CVE-2021-37936 + RESERVED +CVE-2021-37935 (An information disclosure vulnerability in the login page of Huntflow ...) + NOT-FOR-US: Huntflow Enterprise +CVE-2021-37934 (Due to insufficient server-side login-attempt limit enforcement, a vul ...) + NOT-FOR-US: Huntflow Enterprise +CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...) + NOT-FOR-US: Huntflow Enterprise +CVE-2021-37932 + RESERVED +CVE-2021-3681 + RESERVED + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1989407 + TODO: check, needs verifying the affected ansible/ansible-base components +CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...) + NOT-FOR-US: ShowDoc +CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a +CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...) + NOT-FOR-US: ShowDoc +CVE-2021-37931 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37930 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37929 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37928 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37927 (Zoho ManageEngine ADManager Plus version 7110 and prior allows account ...) + NOT-FOR-US: Zoho ManageEngine ADManager Plus +CVE-2021-37926 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37925 (Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Aut ...) + NOT-FOR-US: Zoho ManageEngine ADManager Plus +CVE-2021-37924 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37923 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37922 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37921 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37920 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37919 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37918 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37917 + RESERVED +CVE-2021-37916 (Joplin before 2.0.9 allows XSS via button and form in the note body. ...) + NOT-FOR-US: Joplin +CVE-2021-37915 (An issue was discovered on the Grandstream HT801 Analog Telephone Adap ...) + NOT-FOR-US: Grandstream +CVE-2021-37914 (In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled an ...) + NOT-FOR-US: Argo Workflows +CVE-2021-37913 (The HGiga OAKlouds mobile portal does not filter special characters of ...) + NOT-FOR-US: HGiga OAKlouds mobile portal +CVE-2021-37912 (The HGiga OAKlouds mobile portal does not filter special characters of ...) + NOT-FOR-US: HGiga OAKlouds mobile portal +CVE-2021-37911 (The management interface of BenQ smart wireless conference projector d ...) + NOT-FOR-US: BenQ smart wireless conference projector +CVE-2021-37910 (ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has i ...) + NOT-FOR-US: ASUS routers +CVE-2021-37909 (WriteRegistry function in TSSServiSign component does not filter and v ...) + NOT-FOR-US: TSSServiSignAdapter Windows +CVE-2021-37908 + RESERVED +CVE-2021-37907 + RESERVED +CVE-2021-37906 + RESERVED +CVE-2021-37905 + RESERVED +CVE-2021-37904 + RESERVED +CVE-2021-37903 + RESERVED +CVE-2021-37902 + RESERVED +CVE-2021-37901 + RESERVED +CVE-2021-37900 + RESERVED +CVE-2021-37899 + RESERVED +CVE-2021-37898 + RESERVED +CVE-2021-37897 + RESERVED +CVE-2021-37896 + RESERVED +CVE-2021-37895 + RESERVED +CVE-2021-37894 + RESERVED +CVE-2021-37893 + RESERVED +CVE-2021-37892 + RESERVED +CVE-2021-37891 + RESERVED +CVE-2021-37890 + RESERVED +CVE-2021-37889 + RESERVED +CVE-2021-37888 + RESERVED +CVE-2021-37887 + RESERVED +CVE-2021-37886 + RESERVED +CVE-2021-37885 + RESERVED +CVE-2021-37884 + RESERVED +CVE-2021-37883 + RESERVED +CVE-2021-37882 + RESERVED +CVE-2021-37881 + RESERVED +CVE-2021-37880 + RESERVED +CVE-2021-37879 + RESERVED +CVE-2021-37878 + RESERVED +CVE-2021-37877 + RESERVED +CVE-2021-37876 + RESERVED +CVE-2021-37875 + RESERVED +CVE-2021-37874 + RESERVED +CVE-2021-37873 + RESERVED +CVE-2021-37872 + RESERVED +CVE-2021-37871 + RESERVED +CVE-2021-37870 + RESERVED +CVE-2021-37869 + RESERVED +CVE-2021-37868 + RESERVED +CVE-2021-37867 (Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...) + NOT-FOR-US: Mattermost Boards plugin +CVE-2021-37866 (Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...) + NOT-FOR-US: Mattermost Boards plugin +CVE-2021-37865 (Mattermost 6.2 and earlier fails to sufficiently process a specificall ...) + - mattermost-server <itp> (bug #823556) + NOTE: https://cve.report/CVE-2021-37865 (MMSA-2021-0081) +CVE-2021-37864 (Mattermost 6.1 and earlier fails to sufficiently validate permissions ...) + - mattermost-server <itp> (bug #823556) + NOTE: https://cve.report/CVE-2021-37864 (MMSA-2021-0076) +CVE-2021-37863 (Mattermost 6.0 and earlier fails to sufficiently validate parameters d ...) + - mattermost-server <itp> (bug #823556) + NOTE: https://cve.report/CVE-2021-37863 (MMSA-2021-0075) +CVE-2021-37862 (Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...) + - mattermost-server <itp> (bug #823556) + NOTE: https://cve.report/CVE-2021-37862 (MMSA-2021-0074) +CVE-2021-37861 (Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's pas ...) + - mattermost-server <itp> (bug #823556) +CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ...) + - mattermost-server <itp> (bug #823556) +CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting vulnerability affe ...) + - mattermost-server <itp> (bug #823556) +CVE-2021-37858 + REJECTED +CVE-2021-37857 + REJECTED +CVE-2021-37856 + REJECTED +CVE-2021-37855 + REJECTED +CVE-2021-37854 + REJECTED +CVE-2021-37853 + REJECTED +CVE-2021-37852 (ESET products for Windows allows untrusted process to impersonate the ...) + NOT-FOR-US: ESET +CVE-2021-37851 + RESERVED +CVE-2021-37850 (ESET was made aware of a vulnerability in its consumer and business pr ...) + NOT-FOR-US: ESET +CVE-2021-37849 + RESERVED +CVE-2021-37848 (common/password.c in Pengutronix barebox through 2021.07.0 leaks timin ...) + NOT-FOR-US: Pengutronix Barebox +CVE-2021-37847 (crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing ...) + NOT-FOR-US: Pengutronix Barebox +CVE-2021-37846 + RESERVED +CVE-2021-37845 + RESERVED + - citadel <removed> + [buster] - citadel <ignored> (Minor issue) + [stretch] - citadel <postponed> (Minor issue, revisit when fixed upstream) + NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259 + NOTE: https://nostarttls.secvuln.info/ + NOTE: CVE-2020-29547 and CVE-2021-37845 seem like dupes +CVE-2021-37844 + RESERVED +CVE-2021-3677 [Memory disclosure in certain queries] + RESERVED + - postgresql-13 13.4-1 + [bullseye] - postgresql-13 13.4-0+deb11u1 + - postgresql-11 <removed> + [buster] - postgresql-11 11.13-0+deb10u1 + NOTE: https://www.postgresql.org/about/news/postgresql-134-128-1113-1018-9623-and-14-beta-3-released-2277/ +CVE-2021-3676 + RESERVED +CVE-2021-3675 + RESERVED +CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a remote att ...) + NOT-FOR-US: resolution SAML SSO apps for Atlassian products +CVE-2021-37842 (metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensiti ...) + NOT-FOR-US: Couchbase Server +CVE-2021-37841 (Docker Desktop before 3.6.0 suffers from incorrect access control. If ...) + NOT-FOR-US: Docker Desktop on Windows +CVE-2021-37840 (aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) in ...) + NOT-FOR-US: aaPanel +CVE-2021-37839 + RESERVED +CVE-2021-3674 + RESERVED +CVE-2021-3673 (A vulnerability was found in Radare2 in version 5.3.1. Improper input ...) + - radare2 5.5.0+dfsg-1 + NOTE: https://github.com/radareorg/radare2/issues/18923 + NOTE: https://github.com/radareorg/radare2/commit/d7ea20fb2e1433ebece9f004d87ad8f2377af23d +CVE-2021-37838 + RESERVED +CVE-2021-37837 + RESERVED +CVE-2021-37836 + RESERVED +CVE-2021-37835 + RESERVED +CVE-2021-37834 + RESERVED +CVE-2021-37833 (A reflected cross-site scripting (XSS) vulnerability exists in multipl ...) + - hoteldruid 3.0.3-1 (bug #991910) + [bullseye] - hoteldruid <no-dsa> (Minor issue) + [buster] - hoteldruid <no-dsa> (Minor issue) + [stretch] - hoteldruid <no-dsa> (Minor issue) + NOTE: https://github.com/dievus/CVE-2021-37833 +CVE-2021-37832 (A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid w ...) + - hoteldruid 3.0.3-1 (bug #991910) + [bullseye] - hoteldruid <no-dsa> (Minor issue) + [buster] - hoteldruid <no-dsa> (Minor issue) + [stretch] - hoteldruid <no-dsa> (Minor issue) + NOTE: https://github.com/dievus/CVE-2021-37832 +CVE-2021-37831 + RESERVED +CVE-2021-37830 + RESERVED +CVE-2021-37829 + RESERVED +CVE-2021-37828 + RESERVED +CVE-2021-37827 + RESERVED +CVE-2021-37826 + RESERVED +CVE-2021-37825 + RESERVED +CVE-2021-37824 + RESERVED +CVE-2021-37823 + RESERVED +CVE-2021-37822 + RESERVED +CVE-2021-37821 + RESERVED +CVE-2021-37820 + RESERVED +CVE-2021-37819 + RESERVED +CVE-2021-37818 + RESERVED +CVE-2021-37817 + RESERVED +CVE-2021-37816 + RESERVED +CVE-2021-37815 + RESERVED +CVE-2021-37814 + RESERVED +CVE-2021-37813 + RESERVED +CVE-2021-37812 + RESERVED +CVE-2021-37811 + RESERVED +CVE-2021-37810 + RESERVED +CVE-2021-37809 + RESERVED +CVE-2021-37808 (SQL Injection vulnerabilities exist in https://phpgurukul.com News Por ...) + NOT-FOR-US: PHPGurukul +CVE-2021-37807 (An SQL Injection vulneraility exists in https://phpgurukul.com Online ...) + NOT-FOR-US: PHPGurukul +CVE-2021-37806 (An SQL Injection vulnerability exists in https://phpgurukul.com Vehicl ...) + NOT-FOR-US: PHPGurukul +CVE-2021-37805 (A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodes ...) + NOT-FOR-US: Sourcecodeste Vehicle Parking Management System +CVE-2021-37804 + RESERVED +CVE-2021-37803 (An SQL Injection vulnerability exists in Sourcecodester Online Covid V ...) + NOT-FOR-US: Sourcecodester Online Covid Vaccination Scheduler System +CVE-2021-37802 + RESERVED +CVE-2021-37801 + RESERVED +CVE-2021-37800 + RESERVED +CVE-2021-37799 + RESERVED +CVE-2021-37798 + RESERVED +CVE-2021-37797 + RESERVED +CVE-2021-37796 + RESERVED +CVE-2021-37795 + RESERVED +CVE-2021-37794 (A stored cross-site scripting (XSS) vulnerability exists in FileBrowse ...) + NOT-FOR-US: FileBrowser +CVE-2021-37793 + RESERVED +CVE-2021-37792 + RESERVED +CVE-2021-37791 + RESERVED +CVE-2021-37790 + RESERVED +CVE-2021-37789 + RESERVED +CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could all ...) + NOT-FOR-US: Gurock TestRail +CVE-2021-37787 + RESERVED +CVE-2021-37786 (Certain Federal Office of Information Technology Systems and Telecommu ...) + NOT-FOR-US: Covid certificate app in Switzerland. +CVE-2021-37785 + RESERVED +CVE-2021-37784 + RESERVED +CVE-2021-37783 + RESERVED +CVE-2021-37782 + RESERVED +CVE-2021-37781 + RESERVED +CVE-2021-37780 + RESERVED +CVE-2021-37779 + RESERVED +CVE-2021-37778 + RESERVED +CVE-2021-37777 (Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR ...) + NOT-FOR-US: Gila CMS +CVE-2021-37776 + RESERVED +CVE-2021-37775 + RESERVED +CVE-2021-37774 + RESERVED +CVE-2021-37773 + RESERVED +CVE-2021-37772 + RESERVED +CVE-2021-37771 + RESERVED +CVE-2021-37770 + RESERVED +CVE-2021-37769 + RESERVED +CVE-2021-37768 + RESERVED +CVE-2021-37767 + RESERVED +CVE-2021-37766 + RESERVED +CVE-2021-37765 + RESERVED +CVE-2021-37764 + RESERVED +CVE-2021-37763 + RESERVED +CVE-2021-37762 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37761 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37760 (A Session ID leak in the audit log in Graylog before 4.1.2 allows atta ...) + - graylog2 <itp> (bug #652273) +CVE-2021-37759 (A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows ...) + - graylog2 <itp> (bug #652273) +CVE-2021-37758 + RESERVED +CVE-2021-37757 + RESERVED +CVE-2021-37756 + RESERVED +CVE-2021-37755 + RESERVED +CVE-2021-37754 + RESERVED +CVE-2021-37753 + RESERVED +CVE-2021-37752 + RESERVED +CVE-2021-37751 + RESERVED +CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before ...) + {DLA-2771-1} + - krb5 1.18.3-7 (bug #992607) + [bullseye] - krb5 1.18.3-6+deb11u1 + [buster] - krb5 1.17-3+deb10u3 + NOTE: https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49 +CVE-2021-37749 (MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16 ...) + NOT-FOR-US: Hexagon GeoMedia WebMap +CVE-2021-37748 (Multiple buffer overflows in the limited configuration shell (/sbin/gs ...) + NOT-FOR-US: Grandstream +CVE-2021-37747 + RESERVED +CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before 3.18.0, ...) + - claws-mail 3.18.0-1 (bug #991722) + [bullseye] - claws-mail <no-dsa> (Minor issue) + [buster] - claws-mail <no-dsa> (Minor issue) + [stretch] - claws-mail <no-dsa> (Minor issue) + - sylpheed <unfixed> (bug #991723) + [bullseye] - sylpheed <no-dsa> (Minor issue) + [buster] - sylpheed <no-dsa> (Minor issue) + [stretch] - sylpheed <no-dsa> (Minor issue) + NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431 +CVE-2021-3672 (A flaw was found in c-ares library, where a missing input validation c ...) + {DSA-4954-1 DLA-2738-1} + - c-ares 1.17.1-1.1 (bug #992053) + [bullseye] - c-ares 1.17.1-1+deb11u1 + NOTE: https://c-ares.haxx.se/adv_20210810.html + NOTE: https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83 + NOTE: https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14 +CVE-2021-37745 + RESERVED +CVE-2021-37744 + RESERVED +CVE-2021-37743 (app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored X ...) + NOT-FOR-US: MISP +CVE-2021-37742 (app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.14 ...) + NOT-FOR-US: MISP +CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vul ...) + NOT-FOR-US: ManageEngine +CVE-2021-37740 + RESERVED +CVE-2021-37739 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was discove ...) + NOT-FOR-US: Aruba +CVE-2021-37737 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) + NOT-FOR-US: Aruba +CVE-2021-37736 (A remote authentication bypass vulnerability was discovered in Aruba C ...) + NOT-FOR-US: Aruba +CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...) + NOT-FOR-US: Aruba +CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...) + NOT-FOR-US: Aruba +CVE-2021-37733 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...) + NOT-FOR-US: Aruba +CVE-2021-37732 (A remote arbitrary command execution vulnerability was discovered in H ...) + NOT-FOR-US: Aruba +CVE-2021-37731 (A local path traversal vulnerability was discovered in Aruba SD-WAN So ...) + NOT-FOR-US: Aruba +CVE-2021-37730 (A remote arbitrary command execution vulnerability was discovered in H ...) + NOT-FOR-US: Aruba +CVE-2021-37729 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...) + NOT-FOR-US: Aruba +CVE-2021-37728 (A remote path traversal vulnerability was discovered in Aruba Operatin ...) + NOT-FOR-US: Aruba +CVE-2021-37727 (A remote arbitrary command execution vulnerability was discovered in H ...) + NOT-FOR-US: Aruba +CVE-2021-37726 (A remote buffer overflow vulnerability was discovered in HPE Aruba Ins ...) + NOT-FOR-US: Aruba +CVE-2021-37725 (A remote cross-site request forgery (csrf) vulnerability was discovere ...) + NOT-FOR-US: Aruba +CVE-2021-37724 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37723 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37722 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37721 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37720 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37719 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37718 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37717 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37716 (A remote buffer overflow vulnerability was discovered in Aruba SD-WAN ...) + NOT-FOR-US: Aruba +CVE-2021-37715 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) + NOT-FOR-US: Aruba +CVE-2021-3671 (A null pointer de-reference was found in the way samba kerberos server ...) + - heimdal 7.7.0+dfsg-3 (bug #996586) + [bullseye] - heimdal <no-dsa> (Minor issue) + [buster] - heimdal <no-dsa> (Minor issue) + [stretch] - heimdal <no-dsa> (Minor issue) + - samba 2:4.13.13+dfsg-1 + [bullseye] - samba 2:4.13.13+dfsg-1~deb11u1 + [buster] - samba <no-dsa> (Minor issue) + [stretch] - samba <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2013080 + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14770 + NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a + NOTE: Followup: https://github.com/heimdal/heimdal/commit/773802aecfb4b6a73817fa522faeb55b2a7cdb2a + NOTE: "Equivalent" issue for CVE-2021-37750 for the MIT krb5 vulnerability. + NOTE: Fixed by (Samba): https://gitlab.com/samba-team/samba/-/commit/0cb4b939f192376bf5e33637863a91a20f74c5a5 +CVE-2021-3670 + RESERVED +CVE-2021-37714 (jsoup is a Java library for working with HTML. Those using jsoup versi ...) + - jsoup 1.14.2-1 (bug #992590) + [bullseye] - jsoup <no-dsa> (Minor issue) + [buster] - jsoup <no-dsa> (Minor issue) + [stretch] - jsoup <no-dsa> (Minor issue) + NOTE: https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c +CVE-2021-37713 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...) + - node-tar <not-affected> (Only affects node-tar on Windows) + NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh +CVE-2021-37712 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...) + {DSA-5008-1} + - node-tar 6.1.11+~cs11.3.10-1 (bug #993981) + [stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p +CVE-2021-37711 (Versions prior to 6.4.3.1 contain an authenticated server-side request ...) + NOT-FOR-US: Shopware +CVE-2021-37710 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) + NOT-FOR-US: Shopware +CVE-2021-37709 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) + NOT-FOR-US: Shopware +CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) + NOT-FOR-US: Shopware +CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) + NOT-FOR-US: Shopware +CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...) + - asterisk <unfixed> + - pjproject <removed> + - ring <unfixed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984 + NOTE: https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865 +CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...) + NOT-FOR-US: OneFuzz +CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...) + NOT-FOR-US: PhpFastCache +CVE-2021-37703 (Discourse is an open-source platform for community discussion. In Disc ...) + NOT-FOR-US: Discourse +CVE-2021-37702 (Pimcore is an open source data & experience management platform. P ...) + NOT-FOR-US: Pimcore +CVE-2021-37701 (The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, an ...) + {DSA-5008-1} + - node-tar 6.1.7+~cs11.3.10-1 + [stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc +CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown objects. ...) + NOT-FOR-US: Node paste-markdown +CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...) + NOT-FOR-US: next.js +CVE-2021-37698 (Icinga is a monitoring system which checks the availability of network ...) + {DLA-2816-1} + - icinga2 2.13.1-1 + [bullseye] - icinga2 <no-dsa> (Minor issue) + [buster] - icinga2 <no-dsa> (Minor issue) + NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-cxfm-8j5v-5qr2 + NOTE: https://icinga.com/blog/2021/08/19/icinga-2-13-1-security-release/ + NOTE: https://github.com/Icinga/icinga2/commit/8910abc5882774c067dfc22cdf8bf8b830257608 (v2.12.6) + NOTE: https://github.com/Icinga/icinga2/commit/bf535969ac23962b65b72ea3893c6b384e1d3218 (v2.12.6) + NOTE: https://github.com/Icinga/icinga2/commit/d7133ae4298d133a088b25c9a71ffeb1f8164a8d (v2.12.6) + NOTE: https://github.com/Icinga/icinga2/commit/6db8795ca4b6a853f49615279f068d4cf2b42087 (v2.12.6) + NOTE: https://github.com/Icinga/icinga2/commit/b7dd909a30367a4b8389e9362f05a856bbd7b081 (v2.12.6) +CVE-2021-37697 (tmerc-cogs are a collection of open source plugins for the Red Discord ...) + NOT-FOR-US: tmerc-cogs +CVE-2021-37696 (tmerc-cogs are a collection of open source plugins for the Red Discord ...) + NOT-FOR-US: tmerc-cogs +CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...) + {DLA-2813-1} + - ckeditor 4.16.2+dfsg-1 (bug #992290) + [bullseye] - ckeditor <no-dsa> (Minor issue) + [buster] - ckeditor <no-dsa> (Minor issue) + NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc + NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58 +CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...) + NOT-FOR-US: @asyncapi/java-spring-cloud-stream-template +CVE-2021-37693 (Discourse is an open-source platform for community discussion. In Disc ...) + NOT-FOR-US: Discourse +CVE-2021-37692 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37691 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37690 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37689 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37688 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37687 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37686 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37685 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37684 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37683 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37682 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37681 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37680 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37679 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37678 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37677 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37676 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37675 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37674 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37673 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37672 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37671 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37670 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37669 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37668 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37667 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37666 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37665 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37664 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37663 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37662 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37661 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37660 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37659 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37658 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37657 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37656 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37655 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37654 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37653 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37652 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37651 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37650 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37649 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37648 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37647 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37646 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37645 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37644 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37643 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37642 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37641 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37640 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37639 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37638 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37637 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37636 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37635 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-37634 (Leafkit is a templating language with Swift-inspired syntax. Versions ...) + NOT-FOR-US: Leafkit +CVE-2021-37633 (Discourse is an open source discussion platform. In versions prior to ...) + NOT-FOR-US: Discourse +CVE-2021-37632 (SuperMartijn642's Config Lib is a library used by a number of mods for ...) + NOT-FOR-US: SuperMartijn642's Config Lib (lib for Minecraft) +CVE-2021-37631 (Deck is an open source kanban style organization tool aimed at persona ...) + NOT-FOR-US: Nextcloud Deck +CVE-2021-37630 (Nextcloud Circles is an open source social network built for the nextc ...) + NOT-FOR-US: Nextcloud Cirles +CVE-2021-37629 (Nextcloud Richdocuments is an open source collaborative office suite. ...) + NOT-FOR-US: Nextcloud Richdocuments +CVE-2021-37628 (Nextcloud Richdocuments is an open source collaborative office suite. ...) + NOT-FOR-US: Nextcloud Richdocuments +CVE-2021-37627 (Contao is an open source CMS that allows creation of websites and scal ...) + NOT-FOR-US: Contao CMS +CVE-2021-37626 (Contao is an open source CMS that allows you to create websites and sc ...) + NOT-FOR-US: Contao CMS +CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4 ...) + NOT-FOR-US: Skytable +CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) + - freeswitch <itp> (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3 +CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) + [stretch] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq + NOTE: https://github.com/Exiv2/exiv2/pull/1790 +CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) + [stretch] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv + NOTE: https://github.com/Exiv2/exiv2/pull/1788 +CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) + [stretch] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg + NOTE: https://github.com/Exiv2/exiv2/pull/1778 +CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) + [stretch] - exiv2 <ignored> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728 + NOTE: https://github.com/Exiv2/exiv2/pull/1769 +CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) + [stretch] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v + NOTE: https://github.com/Exiv2/exiv2/pull/1752 +CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) + [stretch] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2 + NOTE: https://github.com/Exiv2/exiv2/pull/1759 +CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) + - nextcloud-desktop <not-affected> (Doesn't affect Nextcloud client as shipped in Debian) + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v +CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) + [stretch] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w + NOTE: https://github.com/Exiv2/exiv2/pull/1758 +CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) + [stretch] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w + NOTE: https://github.com/Exiv2/exiv2/pull/1758 +CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0 ...) + NOT-FOR-US: MOVEit Transfer +CVE-2021-37613 (Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial ...) + NOT-FOR-US: Stormshield Network Security (SNS) +CVE-2021-37612 + RESERVED +CVE-2021-37611 + RESERVED +CVE-2021-37610 + RESERVED +CVE-2021-37609 + RESERVED +CVE-2021-37608 (Unrestricted Upload of File with Dangerous Type vulnerability in Apach ...) + NOT-FOR-US: Apache OFBiz +CVE-2021-37607 + RESERVED +CVE-2021-3669 [reading /proc/sysvipc/shm does not scale with large shared memory segment counts] + RESERVED + - linux 5.15.3-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1986473 +CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery by an a ...) + NOT-FOR-US: Meow hash +CVE-2021-37605 (In version 6.5 Microchip MiWi software and all previous versions inclu ...) + NOT-FOR-US: Microchip MiWi +CVE-2021-37604 (In version 6.5 of Microchip MiWi software and all previous versions in ...) + NOT-FOR-US: Microchip MiWi +CVE-2021-37603 + RESERVED +CVE-2021-37602 + RESERVED +CVE-2021-37599 (The exporter/Login.aspx login form in the Exporter in Nuance Winscribe ...) + NOT-FOR-US: Nuance +CVE-2021-3668 + RESERVED +CVE-2021-37600 (** DISPUTED ** An integer overflow in util-linux through 2.37.1 can po ...) + - util-linux 2.36.1-8 (low; bug #991619) + [buster] - util-linux <no-dsa> (Minor issue) + [stretch] - util-linux <no-dsa> (Minor issue) + NOTE: https://github.com/karelzak/util-linux/issues/1395 + NOTE: https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c +CVE-2021-37598 (WP Cerber before 8.9.3 allows bypass of /wp-json access control via a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-37597 (WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash ...) + NOT-FOR-US: WordPress plugin +CVE-2021-37596 (Telegram Web K Alpha 0.6.1 allows XSS via a document name. ...) + NOT-FOR-US: Telegram Web K Alpha +CVE-2021-37595 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...) + - freerdp2 <not-affected> (Windows-specific) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 +CVE-2021-37594 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...) + - freerdp2 <not-affected> (Windows-specific) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 +CVE-2021-37593 (PEEL Shopping version 9.4.0 allows remote SQL injection. A public user ...) + NOT-FOR-US: PEEL Shopping +CVE-2021-37592 (Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a cl ...) + - suricata 1:6.0.4-1 + [bullseye] - suricata <no-dsa> (Minor issue) + [buster] - suricata <no-dsa> (Minor issue) + [stretch] - suricata <no-dsa> (Minor issue) + NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 + NOTE: https://redmine.openinfosecfoundation.org/issues/4569 (not public) +CVE-2021-37591 + RESERVED +CVE-2021-37590 + RESERVED +CVE-2021-37589 + RESERVED +CVE-2021-37588 (In Charm 0.43, any two users can collude to achieve the ability to dec ...) + NOT-FOR-US: Charm +CVE-2021-37587 (In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 dat ...) + NOT-FOR-US: Charm +CVE-2021-37586 (The PowerPlay Web component of Mitel Interaction Recording Multitenanc ...) + NOT-FOR-US: Mitel +CVE-2021-37585 + RESERVED +CVE-2021-37584 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37583 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37582 + RESERVED +CVE-2021-37581 + RESERVED +CVE-2021-37580 (A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in S ...) + NOT-FOR-US: Apache ShenYu Admin +CVE-2021-37579 (The Dubbo Provider will check the incoming request and the correspondi ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-3667 + RESERVED + - libvirt 7.6.0-1 (bug #991594) + [bullseye] - libvirt <no-dsa> (Minor issue) + [buster] - libvirt <no-dsa> (Minor issue) + [stretch] - libvirt <not-affected> (Introduced in 4.1) + NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87 (v7.6.0-rc1) + NOTE: Introduced in https://libvirt.org/git/?p=libvirt.git;a=commit;h=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 +CVE-2021-37578 (Apache jUDDI uses several classes related to Java's Remote Method Invo ...) + NOT-FOR-US: Apache jUDDI +CVE-2021-37577 + RESERVED +CVE-2021-37575 + RESERVED +CVE-2021-37574 + RESERVED +CVE-2021-37573 (A reflected cross-site scripting (XSS) vulnerability in the web server ...) + NOT-FOR-US: TTiny Java Web Server and Servlet Container (TJWS) +CVE-2021-37572 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37571 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37570 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37569 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37568 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37567 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37566 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37565 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37564 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37563 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37562 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37561 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37560 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37559 + RESERVED +CVE-2021-37558 (A SQL injection vulnerability in a MediaWiki script in Centreon before ...) + - centreon-web <itp> (bug #913903) +CVE-2021-37557 (A SQL injection vulnerability in image generation in Centreon before 2 ...) + - centreon-web <itp> (bug #913903) +CVE-2021-37556 (A SQL injection vulnerability in reporting export in Centreon before 2 ...) + - centreon-web <itp> (bug #913903) +CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell a ...) + NOT-FOR-US: TX9 Automatic Food Dispenser +CVE-2021-37554 (In JetBrains YouTrack before 2021.3.21051, a user could see boards wit ...) + NOT-FOR-US: JetBrains +CVE-2021-37553 (In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. ...) + NOT-FOR-US: JetBrains +CVE-2021-37552 (In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. ...) + NOT-FOR-US: JetBrains +CVE-2021-37551 (In JetBrains YouTrack before 2021.2.16363, system user passwords were ...) + NOT-FOR-US: JetBrains +CVE-2021-37550 (In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons wer ...) + NOT-FOR-US: JetBrains +CVE-2021-37549 (In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was ...) + NOT-FOR-US: JetBrains +CVE-2021-37548 (In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes ...) + NOT-FOR-US: JetBrains +CVE-2021-37547 (In JetBrains TeamCity before 2020.2.4, insufficient checks during file ...) + NOT-FOR-US: JetBrains +CVE-2021-37546 (In JetBrains TeamCity before 2021.1, an insecure key generation mechan ...) + NOT-FOR-US: JetBrains +CVE-2021-37545 (In JetBrains TeamCity before 2021.1.1, insufficient authentication che ...) + NOT-FOR-US: JetBrains +CVE-2021-37544 (In JetBrains TeamCity before 2020.2.4, there was an insecure deseriali ...) + NOT-FOR-US: JetBrains +CVE-2021-37543 (In JetBrains RubyMine before 2021.1.1, code execution without user con ...) + NOT-FOR-US: JetBrains +CVE-2021-37542 (In JetBrains TeamCity before 2020.2.3, XSS was possible. ...) + NOT-FOR-US: JetBrains +CVE-2021-37541 (In JetBrains Hub before 2021.1.13402, HTML injection in the password r ...) + NOT-FOR-US: JetBrains +CVE-2021-37540 (In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP f ...) + NOT-FOR-US: JetBrains +CVE-2021-37539 (Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestri ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modification of ...) + NOT-FOR-US: Node body-parser-xml +CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...) + {DSA-4978-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + [stretch] - linux <ignored> (powerpc architectures not included in LTS) + NOTE: https://git.kernel.org/linus/f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a (5.14-rc3) +CVE-2021-37538 (Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for ...) + NOT-FOR-US: PrestaShop +CVE-2021-37537 + RESERVED +CVE-2021-37536 + RESERVED +CVE-2021-37535 (SAP NetWeaver Application Server Java (JMS Connector Service) - versio ...) + NOT-FOR-US: SAP +CVE-2021-37534 (app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when ...) + NOT-FOR-US: MISP +CVE-2021-37533 + RESERVED +CVE-2021-37532 (SAP Business One version - 10, due to improper input validation, allow ...) + NOT-FOR-US: SAP +CVE-2021-37531 (SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7. ...) + NOT-FOR-US: SAP +CVE-2021-37530 (A denial of service vulnerabiity exists in fig2dev through 3.28a due t ...) + - fig2dev 1:3.2.8b-1 + [bullseye] - fig2dev <no-dsa> (Minor issue) + [buster] - fig2dev <no-dsa> (Minor issue) + [stretch] - fig2dev <no-dsa> (Minor issue) + - transfig <removed> + NOTE: https://sourceforge.net/p/mcj/tickets/126/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/ff103511e49c44c83fc58e2092aa37e9019a3a9f/ +CVE-2021-37529 (A double-free vulnerability exists in fig2dev through 3.28a is affecte ...) + - fig2dev 1:3.2.8b-1 + [bullseye] - fig2dev <no-dsa> (Minor issue) + [buster] - fig2dev <no-dsa> (Minor issue) + [stretch] - fig2dev <no-dsa> (Minor issue) + - transfig <removed> + NOTE: https://sourceforge.net/p/mcj/tickets/125/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/899ea1277387ca9e9853bf61d29b7419d5692691/ +CVE-2021-37528 + RESERVED +CVE-2021-37527 + RESERVED +CVE-2021-37526 + RESERVED +CVE-2021-37525 + RESERVED +CVE-2021-37524 + RESERVED +CVE-2021-37523 + RESERVED +CVE-2021-37522 + RESERVED +CVE-2021-37521 + RESERVED +CVE-2021-37520 + RESERVED +CVE-2021-37519 + RESERVED +CVE-2021-37518 + RESERVED +CVE-2021-37517 + RESERVED +CVE-2021-37516 + RESERVED +CVE-2021-37515 + RESERVED +CVE-2021-37514 + RESERVED +CVE-2021-37513 + RESERVED +CVE-2021-37512 + RESERVED +CVE-2021-37511 + RESERVED +CVE-2021-37510 + RESERVED +CVE-2021-37509 + RESERVED +CVE-2021-37508 + RESERVED +CVE-2021-37507 + RESERVED +CVE-2021-37506 + RESERVED +CVE-2021-37505 + RESERVED +CVE-2021-37504 + RESERVED +CVE-2021-37503 + RESERVED +CVE-2021-37502 + RESERVED +CVE-2021-37501 + RESERVED +CVE-2021-37500 + RESERVED +CVE-2021-37499 + RESERVED +CVE-2021-37498 + RESERVED +CVE-2021-37497 + RESERVED +CVE-2021-37496 + RESERVED +CVE-2021-37495 + RESERVED +CVE-2021-37494 + RESERVED +CVE-2021-37493 + RESERVED +CVE-2021-37492 + RESERVED +CVE-2021-37491 + RESERVED +CVE-2021-37490 + RESERVED +CVE-2021-37489 + RESERVED +CVE-2021-37488 + RESERVED +CVE-2021-37487 + RESERVED +CVE-2021-37486 + RESERVED +CVE-2021-37485 + RESERVED +CVE-2021-37484 + RESERVED +CVE-2021-37483 + RESERVED +CVE-2021-37482 + RESERVED +CVE-2021-37481 + RESERVED +CVE-2021-37480 + RESERVED +CVE-2021-37479 + RESERVED +CVE-2021-37478 (In NavigateCMS version 2.9.4 and below, function `block` is vulnerable ...) + NOT-FOR-US: NavigateCMS +CVE-2021-37477 (In NavigateCMS version 2.9.4 and below, function in `structure.php` is ...) + NOT-FOR-US: NavigateCMS +CVE-2021-37476 (In NavigateCMS version 2.9.4 and below, function in `product.php` is v ...) + NOT-FOR-US: NavigateCMS +CVE-2021-37475 (In NavigateCMS version 2.9.4 and below, function in `templates.php` is ...) + NOT-FOR-US: NavigateCMS +CVE-2021-37474 + RESERVED +CVE-2021-37473 (In NavigateCMS version 2.9.4 and below, function in `product.php` is v ...) + NOT-FOR-US: NavigateCMS +CVE-2021-37472 + RESERVED +CVE-2021-37471 (Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulne ...) + NOT-FOR-US: Cradlepoint +CVE-2021-37470 (In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists ...) + NOT-FOR-US: NCH +CVE-2021-37469 (In NCH WebDictate v2.13 and earlier, authenticated users can abuse log ...) + NOT-FOR-US: NCH +CVE-2021-37468 (NCH Reflect CRM 3.01 allows local users to discover cleartext user acc ...) + NOT-FOR-US: NCH +CVE-2021-37467 (In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploa ...) + NOT-FOR-US: NCH +CVE-2021-37466 (In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (refle ...) + NOT-FOR-US: NCH +CVE-2021-37465 (In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflec ...) + NOT-FOR-US: NCH +CVE-2021-37464 (In NCH Quorum v2.03 and earlier, XSS exists via Conference Description ...) + NOT-FOR-US: NCH +CVE-2021-37463 (In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (sto ...) + NOT-FOR-US: NCH +CVE-2021-37462 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37461 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37460 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37459 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37458 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37457 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37456 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37455 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37454 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37453 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37452 (NCH Quorum v2.03 and earlier allows local users to discover cleartext ...) + NOT-FOR-US: NCH +CVE-2021-37451 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) + NOT-FOR-US: NCH +CVE-2021-37450 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) + NOT-FOR-US: NCH +CVE-2021-37449 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) + NOT-FOR-US: NCH +CVE-2021-37448 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) + NOT-FOR-US: NCH +CVE-2021-37447 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...) + NOT-FOR-US: NCH +CVE-2021-37446 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...) + NOT-FOR-US: NCH +CVE-2021-37445 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...) + NOT-FOR-US: NCH +CVE-2021-37444 (NCH IVM Attendant v5.12 and earlier suffers from a directory traversal ...) + NOT-FOR-US: NCH +CVE-2021-37443 (NCH IVM Attendant v5.12 and earlier allows path traversal via the logd ...) + NOT-FOR-US: NCH +CVE-2021-37442 (NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile ...) + NOT-FOR-US: NCH +CVE-2021-37441 (NCH Axon PBX v2.22 and earlier allows path traversal for file deletion ...) + NOT-FOR-US: NCH +CVE-2021-37440 (NCH Axon PBX v2.22 and earlier allows path traversal for file disclosu ...) + NOT-FOR-US: NCH +CVE-2021-37439 (NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vu ...) + NOT-FOR-US: NCH +CVE-2021-37438 + REJECTED +CVE-2021-37437 + RESERVED +CVE-2021-37436 (Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, ...) + NOT-FOR-US: Amazon Echo +CVE-2021-37435 + RESERVED +CVE-2021-37434 + RESERVED +CVE-2021-37433 + RESERVED +CVE-2021-37432 + RESERVED +CVE-2021-37431 + RESERVED +CVE-2021-37430 + RESERVED +CVE-2021-37429 + RESERVED +CVE-2021-37428 + RESERVED +CVE-2021-37427 + RESERVED +CVE-2021-37426 + RESERVED +CVE-2021-37425 (Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such a ...) + NOT-FOR-US: Altova MobileTogether Server +CVE-2021-37424 (ManageEngine ADSelfService Plus before 6112 is vulnerable to domain us ...) + NOT-FOR-US: ManageEngine +CVE-2021-37423 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to l ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to S ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37420 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail ...) + NOT-FOR-US: ManageEngine +CVE-2021-37419 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF ...) + NOT-FOR-US: ManageEngine +CVE-2021-37418 + REJECTED +CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAP ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnera ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authe ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37414 (Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37413 + RESERVED +CVE-2021-37412 (The TechRadar app 1.1 for Confluence Server allows XSS via the Title f ...) + NOT-FOR-US: TechRadar app for Confluence Server +CVE-2021-37411 + RESERVED +CVE-2021-3665 + RESERVED +CVE-2021-3664 (url-parse is vulnerable to URL Redirection to Untrusted Site ...) + - node-url-parse 1.5.3-1 (bug #991577) + [buster] - node-url-parse <no-dsa> (Minor issue) + [stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://huntr.dev/bounties/1625557993985-unshiftio/url-parse/ + NOTE: https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0 +CVE-2021-26250 + RESERVED +CVE-2021-23208 + RESERVED +CVE-2021-23183 + RESERVED +CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers t ...) + - prosody 0.11.9-2 + [buster] - prosody <no-dsa> (Minor issue) + [stretch] - prosody <not-affected> (Vulnerable code not present) + NOTE: https://prosody.im/security/advisory_20210722/ +CVE-2021-37404 + RESERVED +CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive Authent ...) + NOT-FOR-US: firefly-iii +CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to ...) + NOT-FOR-US: HP +CVE-2021-3661 + RESERVED +CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) + NOT-FOR-US: OX App Suite +CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) + NOT-FOR-US: OX App Suite +CVE-2021-3660 + RESERVED + - cockpit 254-1 + [bullseye] - cockpit <ignored> (Minor issue) + [buster] - cockpit <ignored> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980688 +CVE-2021-37401 (An attacker may obtain the user credentials from file servers, backup ...) + NOT-FOR-US: IDEC +CVE-2021-37400 (An attacker may obtain the user credentials from the communication bet ...) + NOT-FOR-US: IDEC +CVE-2021-37399 + RESERVED +CVE-2021-37398 + RESERVED +CVE-2021-37397 + RESERVED +CVE-2021-37396 + RESERVED +CVE-2021-37395 + RESERVED +CVE-2021-37394 (In RPCMS v1.8 and below, attackers can interact with API and change va ...) + NOT-FOR-US: RPCMS +CVE-2021-37393 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...) + NOT-FOR-US: RPCMS +CVE-2021-37392 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...) + NOT-FOR-US: RPCMS +CVE-2021-37391 (A user without privileges in Chamilo LMS 1.11.14 can send an invitatio ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-37390 (A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/socia ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-37389 (Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/ ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-37388 (A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr paramet ...) + NOT-FOR-US: D-Link +CVE-2021-37387 + RESERVED +CVE-2021-37386 + RESERVED +CVE-2021-37385 + RESERVED +CVE-2021-37384 + RESERVED +CVE-2021-37383 + RESERVED +CVE-2021-37382 + RESERVED +CVE-2021-37381 (Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access ...) + NOT-FOR-US: Southsoft GMIS +CVE-2021-37380 + RESERVED +CVE-2021-37379 + RESERVED +CVE-2021-37378 + RESERVED +CVE-2021-37377 + RESERVED +CVE-2021-37376 + RESERVED +CVE-2021-37375 + RESERVED +CVE-2021-37374 + RESERVED +CVE-2021-37373 + RESERVED +CVE-2021-37372 (Online Student Admission System 1.0 is affected by an insecure file up ...) + NOT-FOR-US: Online Student Admission System +CVE-2021-37371 (Online Student Admission System 1.0 is affected by an unauthenticated ...) + NOT-FOR-US: Online Student Admission System +CVE-2021-37370 + RESERVED +CVE-2021-37369 + RESERVED +CVE-2021-37368 + RESERVED +CVE-2021-37367 (CTparental before 4.45.07 is affected by a code execution vulnerabilit ...) + NOT-FOR-US: CTparental +CVE-2021-37366 (CTparental before 4.45.03 is vulnerable to cross-site request forgery ...) + NOT-FOR-US: CTparental +CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) ...) + NOT-FOR-US: CTparental +CVE-2021-37364 (OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default ...) + NOT-FOR-US: OpenClinic +CVE-2021-37363 (An Insecure Permissions issue exists in Gestionale Open 11.00.00. A lo ...) + NOT-FOR-US: Gestionale Open +CVE-2021-37362 + RESERVED +CVE-2021-37361 + RESERVED +CVE-2021-37360 + RESERVED +CVE-2021-37359 + RESERVED +CVE-2021-37358 (SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers t ...) + NOT-FOR-US: SEACMS +CVE-2021-37357 + RESERVED +CVE-2021-37356 + RESERVED +CVE-2021-37355 + RESERVED +CVE-2021-37354 (Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer ov ...) + NOT-FOR-US: Xerox +CVE-2021-37353 (Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due ...) + NOT-FOR-US: Nagios XI +CVE-2021-37352 (An open redirect vulnerability exists in Nagios XI before version 5.8. ...) + NOT-FOR-US: Nagios XI +CVE-2021-37351 (Nagios XI before version 5.8.5 is vulnerable to insecure permissions a ...) + NOT-FOR-US: Nagios XI +CVE-2021-37350 (Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerab ...) + NOT-FOR-US: Nagios XI +CVE-2021-37349 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...) + NOT-FOR-US: Nagios XI +CVE-2021-37348 (Nagios XI before version 5.8.5 is vulnerable to local file inclusion t ...) + NOT-FOR-US: Nagios XI +CVE-2021-37347 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...) + NOT-FOR-US: Nagios XI +CVE-2021-37346 (Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remo ...) + NOT-FOR-US: Nagios XI +CVE-2021-37345 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...) + NOT-FOR-US: Nagios XI +CVE-2021-37344 (Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote c ...) + NOT-FOR-US: Nagios XI +CVE-2021-37343 (A path traversal vulnerability exists in Nagios XI below version 5.8.5 ...) + NOT-FOR-US: Nagios XI +CVE-2021-37342 + RESERVED +CVE-2021-37341 + RESERVED +CVE-2021-37340 + RESERVED +CVE-2021-37339 + RESERVED +CVE-2021-37338 + RESERVED +CVE-2021-37337 + RESERVED +CVE-2021-37336 + RESERVED +CVE-2021-37335 + RESERVED +CVE-2021-37334 (Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vu ...) + NOT-FOR-US: Umbraco Forms +CVE-2021-37333 (Laravel Booking System Booking Core 2.0 is vulnerable to Session Manag ...) + NOT-FOR-US: Laravel Booking System Booking Core +CVE-2021-37332 + RESERVED +CVE-2021-37331 (Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Acc ...) + NOT-FOR-US: Laravel Booking System Booking Core +CVE-2021-37330 (Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Sc ...) + NOT-FOR-US: Laravel Booking System Booking Core +CVE-2021-37329 + RESERVED +CVE-2021-37328 + RESERVED +CVE-2021-37327 + RESERVED +CVE-2021-37326 (NetSarang Xshell 7 before Build 0077 includes unintended code strings ...) + NOT-FOR-US: NetSarang Xshell +CVE-2021-37325 + RESERVED +CVE-2021-37324 + RESERVED +CVE-2021-37323 + RESERVED +CVE-2021-37322 (GCC c++filt v2.26 was discovered to contain a use-after-free vulnerabi ...) + - binutils 2.27.51.20161102-1 (unimportant) + NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 + NOTE: binutils not covered by security support +CVE-2021-37321 + RESERVED +CVE-2021-37320 + RESERVED +CVE-2021-37319 + RESERVED +CVE-2021-37318 + RESERVED +CVE-2021-37317 + RESERVED +CVE-2021-37316 + RESERVED +CVE-2021-37315 + RESERVED +CVE-2021-37314 + RESERVED +CVE-2021-37313 + RESERVED +CVE-2021-37312 + RESERVED +CVE-2021-37311 + RESERVED +CVE-2021-37310 + RESERVED +CVE-2021-37309 + RESERVED +CVE-2021-37308 + RESERVED +CVE-2021-37307 + RESERVED +CVE-2021-37306 + RESERVED +CVE-2021-37305 + RESERVED +CVE-2021-37304 + RESERVED +CVE-2021-37303 + RESERVED +CVE-2021-37302 + RESERVED +CVE-2021-37301 + RESERVED +CVE-2021-37300 + RESERVED +CVE-2021-37299 + RESERVED +CVE-2021-37298 (Laravel v5.1 was discovered to contain a deserialization vulnerability ...) + - php-laravel-framework <undetermined> + NOTE: https://github.com/Stakcery/happywd/issues/1 + TODO: check, unclear status of report to upstream +CVE-2021-37297 + RESERVED +CVE-2021-37296 + RESERVED +CVE-2021-37295 + RESERVED +CVE-2021-37294 + RESERVED +CVE-2021-37293 + RESERVED +CVE-2021-37292 + RESERVED +CVE-2021-37291 + RESERVED +CVE-2021-37290 + RESERVED +CVE-2021-37289 + RESERVED +CVE-2021-37288 + RESERVED +CVE-2021-37287 + RESERVED +CVE-2021-37286 + RESERVED +CVE-2021-37285 + RESERVED +CVE-2021-37284 + RESERVED +CVE-2021-37283 + RESERVED +CVE-2021-37282 + RESERVED +CVE-2021-37281 + RESERVED +CVE-2021-37280 + RESERVED +CVE-2021-37279 + RESERVED +CVE-2021-37278 + RESERVED +CVE-2021-37277 + RESERVED +CVE-2021-37276 + RESERVED +CVE-2021-37275 + RESERVED +CVE-2021-37274 (Kingdee KIS Professional Edition has a privilege escalation vulnerabil ...) + NOT-FOR-US: Kingdee KIS Professional Edition +CVE-2021-37273 (A Denial of Service issue exists in China Telecom Corporation EPON Tia ...) + NOT-FOR-US: Tianyi Gateway +CVE-2021-37272 + RESERVED +CVE-2021-37271 (Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, w ...) + NOT-FOR-US: UEditor +CVE-2021-37270 (There is an unauthorized access vulnerability in the CMS Enterprise We ...) + NOT-FOR-US: CMS Enterprise Website Construction System +CVE-2021-37269 + RESERVED +CVE-2021-37268 + RESERVED +CVE-2021-37267 (Cross Site Scripting (XSS) vulnerability exists in all versions of Kin ...) + NOT-FOR-US: KindEditor +CVE-2021-37266 + RESERVED +CVE-2021-37265 + RESERVED +CVE-2021-37264 + RESERVED +CVE-2021-37263 + RESERVED +CVE-2021-37262 (JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Den ...) + NOT-FOR-US: JFinal_cms +CVE-2021-37261 + RESERVED +CVE-2021-37260 + RESERVED +CVE-2021-37259 + RESERVED +CVE-2021-37258 + RESERVED +CVE-2021-37257 + RESERVED +CVE-2021-37256 + RESERVED +CVE-2021-37255 + RESERVED +CVE-2021-37254 (In M-Files Web product with versions before 20.10.9524.1 and 20.10.944 ...) + NOT-FOR-US: M-Files +CVE-2021-37253 (** DISPUTED ** M-Files Web before 20.10.9524.1 allows a denial of serv ...) + NOT-FOR-US: M-Files Web +CVE-2021-37252 + RESERVED +CVE-2021-37251 + RESERVED +CVE-2021-37250 + RESERVED +CVE-2021-37249 + RESERVED +CVE-2021-37248 + RESERVED +CVE-2021-37247 + RESERVED +CVE-2021-37246 + RESERVED +CVE-2021-37245 + RESERVED +CVE-2021-37244 + RESERVED +CVE-2021-37243 + RESERVED +CVE-2021-37242 + RESERVED +CVE-2021-37241 + RESERVED +CVE-2021-37240 + RESERVED +CVE-2021-37239 + RESERVED +CVE-2021-37238 + RESERVED +CVE-2021-37237 + RESERVED +CVE-2021-37236 + RESERVED +CVE-2021-37235 + RESERVED +CVE-2021-37234 + RESERVED +CVE-2021-37233 + RESERVED +CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.204813 ...) + - atomicparsley 20210715.151551.e7ad03a-1 (bug #993366) + [bullseye] - atomicparsley <no-dsa> (Minor issue) + [buster] - atomicparsley <no-dsa> (Minor issue) + [stretch] - atomicparsley <no-dsa> (Minor issue) + - gtkpod <unfixed> (bug #993376) + [bullseye] - gtkpod <ignored> (Minor issue) + [buster] - gtkpod <ignored> (Minor issue) + [stretch] - gtkpod <ignored> (Minor issue) + NOTE: https://github.com/wez/atomicparsley/commit/d72ccf06c98259d7261e0f3ac4fd8717778782c1 + NOTE: https://github.com/wez/atomicparsley/issues/32 +CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499 ...) + - atomicparsley 20210715.151551.e7ad03a-1 (bug #993372) + [bullseye] - atomicparsley <no-dsa> (Minor issue) + [buster] - atomicparsley <no-dsa> (Minor issue) + [stretch] - atomicparsley <no-dsa> (Minor issue) + - gtkpod <unfixed> (bug #993375) + [bullseye] - gtkpod <ignored> (Minor issue) + [buster] - gtkpod <ignored> (Minor issue) + [stretch] - gtkpod <ignored> (Minor issue) + NOTE: https://github.com/wez/atomicparsley/issues/30 + NOTE: https://github.com/wez/atomicparsley/pull/31#issue-687280335 +CVE-2021-37230 + RESERVED +CVE-2021-37229 + RESERVED +CVE-2021-37228 + RESERVED +CVE-2021-37227 + RESERVED +CVE-2021-37226 + RESERVED +CVE-2021-37225 + RESERVED +CVE-2021-37224 + RESERVED +CVE-2021-37223 (Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request ...) + NOT-FOR-US: Nagios XI +CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow remote at ...) + NOT-FOR-US: RCDCAP +CVE-2021-37221 (A file upload vulnerability exists in Sourcecodester Customer Relation ...) + NOT-FOR-US: Sourcecodester Customer Relationship Management System +CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cached col ...) + - mupdf 1.17.0+ds1-2 (bug #991402) + [buster] - mupdf <no-dsa> (Minor issue; can be fixed via point release) + [stretch] - mupdf <not-affected> (Vulnerable code not present) + NOTE: http://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703791 + NOTE: On Stretch, an earlier version of the code exits early instead of crashing. +CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows no ...) + - consul <unfixed> + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 +CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server ...) + - nomad <unfixed> + [bullseye] - nomad <no-dsa> (Minor issue) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023 + NOTE: https://github.com/hashicorp/nomad/pull/11089 (main) + NOTE: https://github.com/hashicorp/nomad/commit/768d7c72a77e9c0415d92900753fc83e8822145a (release-1.1.4) + NOTE: https://github.com/hashicorp/nomad/commit/61a922afcf12784281757402c8e0b61686ff855d (release-1.0.11) +CVE-2021-37217 + RESERVED +CVE-2021-3659 [NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c] + RESERVED + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + [stretch] - linux 4.9.272-1 + NOTE: https://git.kernel.org/linus/1165affd484889d4986cf3b724318935a0b120d8 +CVE-2021-3658 + RESERVED + - bluez 5.61-1 (bug #991596) + [bullseye] - bluez <no-dsa> (Minor issue) + [buster] - bluez <no-dsa> (Minor issue) + [stretch] - bluez <not-affected> (Vulnerable code introduced later) + NOTE: Introduced by https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d04eb02f9bad8795297210ef80e262be16ea8f07 (5.51) + NOTE: Fixed by https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055 +CVE-2021-37216 (QSAN Storage Manager header page parameters does not filter special ch ...) + NOT-FOR-US: QSAN Storage Manager +CVE-2021-37215 (The employee management page of Flygo contains an Insecure Direct Obje ...) + NOT-FOR-US: Flygo +CVE-2021-37214 (The employee management page of Flygo contains Insecure Direct Object ...) + NOT-FOR-US: Flygo +CVE-2021-37213 (The check-in record page of Flygo contains Insecure Direct Object Refe ...) + NOT-FOR-US: Flygo +CVE-2021-37212 (The bulletin function of Flygo contains Insecure Direct Object Referen ...) + NOT-FOR-US: Flygo +CVE-2021-37211 (The bulletin function of Flygo does not filter special characters whil ...) + NOT-FOR-US: Flygo +CVE-2021-37210 + RESERVED +CVE-2021-37209 + RESERVED +CVE-2021-37208 + RESERVED +CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) + NOT-FOR-US: Siemens +CVE-2021-37205 (A vulnerability has been identified in SIMATIC Drive Controller family ...) + NOT-FOR-US: Siemens +CVE-2021-37204 (A vulnerability has been identified in SIMATIC Drive Controller family ...) + NOT-FOR-US: Siemens +CVE-2021-37203 (A vulnerability has been identified in NX 1980 Series (All versions &l ...) + NOT-FOR-US: Siemens +CVE-2021-37202 (A vulnerability has been identified in NX 1980 Series (All versions &l ...) + NOT-FOR-US: Siemens +CVE-2021-37201 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions), ...) + NOT-FOR-US: Siemens +CVE-2021-37198 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) + NOT-FOR-US: Siemens +CVE-2021-37197 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) + NOT-FOR-US: Siemens +CVE-2021-37196 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) + NOT-FOR-US: Siemens +CVE-2021-37195 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) + NOT-FOR-US: Siemens +CVE-2021-37194 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) + NOT-FOR-US: Siemens +CVE-2021-37193 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2021-37192 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2021-37191 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2021-37190 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2021-37189 (An issue was discovered on Digi TransPort Gateway devices through 5.2. ...) + NOT-FOR-US: Digi TransPort Gateway devices +CVE-2021-37188 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...) + NOT-FOR-US: Digi TransPort devices +CVE-2021-37187 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...) + NOT-FOR-US: Digi TransPort devices +CVE-2021-37186 (A vulnerability has been identified in LOGO! CMR2020 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-37185 (A vulnerability has been identified in SIMATIC Drive Controller family ...) + NOT-FOR-US: Siemens +CVE-2021-37184 (A vulnerability has been identified in Industrial Edge Management (All ...) + NOT-FOR-US: Siemens +CVE-2021-37183 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2021-37182 + RESERVED +CVE-2021-37181 (A vulnerability has been identified in Cerberus DMS V4.0 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-37180 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...) + NOT-FOR-US: Siemens +CVE-2021-37179 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...) + NOT-FOR-US: Siemens +CVE-2021-37178 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...) + NOT-FOR-US: Siemens +CVE-2021-37177 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2021-37176 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-37175 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2021-37174 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2021-37173 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2021-37172 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...) + NOT-FOR-US: Siemens +CVE-2021-37171 + RESERVED +CVE-2021-37170 + RESERVED +CVE-2021-37169 + RESERVED +CVE-2021-37168 + RESERVED +CVE-2021-37167 (An insecure permissions issue was discovered in HMI3 Control Panel in ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37166 (A buffer overflow issue leading to denial of service was discovered in ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37165 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37164 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37163 (An insecure permissions issue was discovered in HMI3 Control Panel in ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37162 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37161 (A buffer overflow issue was discovered in the HMI3 Control Panel conta ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37160 (A firmware validation issue was discovered in HMI3 Control Panel in Sw ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37158 (An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021- ...) + NOT-FOR-US: OpenGamePanel +CVE-2021-37157 (An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021- ...) + NOT-FOR-US: OpenGamePanel +CVE-2021-37156 (Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon ...) + - redmine <not-affected> (Only affected 4.2.0 and 4.2.1 upstream) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: https://github.com/redmine/redmine/commit/ee0d822517154878a2ad33be66b820c6b68d077b +CVE-2021-37155 (wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure ou ...) + - wolfssl 5.0.0-1 (bug #991443) + [bullseye] - wolfssl <no-dsa> (Minor issue) + NOTE: https://github.com/wolfSSL/wolfssl/pull/3990 + NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable +CVE-2021-37154 (In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementa ...) + NOT-FOR-US: ForgeRock Access Management (AM) +CVE-2021-37153 (ForgeRock Access Management (AM) before 7.0.2, when configured with Ac ...) + NOT-FOR-US: ForgeRock Access Management (AM) +CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 befor ...) + NOT-FOR-US: Sonatype +CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authentication at ...) + NOT-FOR-US: CyberArk Identity +CVE-2021-3657 (A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate ...) + - isync 1.4.4-1 + [bullseye] - isync 1.3.0-2.2+deb11u1 + [buster] - isync <no-dsa> (Minor issue) + [stretch] - isync <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/1 +CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel throu ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html +CVE-2021-37150 + RESERVED +CVE-2021-37149 (Improper Input Validation vulnerability in header parsing of Apache Tr ...) + - trafficserver 9.1.1+ds-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/pull/8458/ + NOTE: https://github.com/apache/trafficserver/commit/2addc8ca71449ceac0d5b80172460ee09c938f5e (8.1.x) + NOTE: https://github.com/apache/trafficserver/commit/83c89f3d217d473ecb000b68c910c0f183c3a355 (master) +CVE-2021-37148 (Improper input validation vulnerability in header parsing of Apache Tr ...) + - trafficserver 9.1.1+ds-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/pull/8457/ + NOTE: https://github.com/apache/trafficserver/commit/6e5070118a20772a30c3fccee2cf1c44f0a21fc0 (master) + NOTE: https://github.com/apache/trafficserver/commit/e2c9ac217f24dc3e91ff2c9f52b52093e8fb32d5 (8.1.x) +CVE-2021-37147 (Improper input validation vulnerability in header parsing of Apache Tr ...) + - trafficserver 9.1.1+ds-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/commit/64f25678bfbbd1433cce703e3c43bcc49a53de56 (master) + NOTE: https://github.com/apache/trafficserver/commit/5cad961c87cb07fbb8fa6890685d9878a169378d (8.1.x) + NOTE: https://github.com/apache/trafficserver/pull/8460 +CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...) + [experimental] - ros-ros-comm 1.15.13+ds1-1 + - ros-ros-comm 1.15.13+ds1-2 + [bullseye] - ros-ros-comm 1.15.9+ds1-7+deb11u1 + [buster] - ros-ros-comm <no-dsa> (Minor issue) + [stretch] - ros-ros-comm <no-dsa> (Minor issue) + NOTE: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446 + NOTE: https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447 + NOTE: https://github.com/ros/ros_comm/pull/2185 + NOTE: https://github.com/ros/ros_comm/commit/41a956c092b2f15405945f40f43dea09516df202 (1.15.12) + NOTE: https://github.com/ros/ros_comm/pull/2186 + NOTE: https://github.com/ros/ros_comm/commit/71ff62670d15eeec39efd16c3ec4d19b6db8380a (1.14.12) +CVE-2021-37145 (** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in a ...) + NOT-FOR-US: Poly (formerly Polycom) +CVE-2021-37144 (CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in ...) + NOT-FOR-US: CSZ CMS +CVE-2021-37143 + RESERVED +CVE-2021-37142 + RESERVED +CVE-2021-37141 + RESERVED +CVE-2021-37140 + RESERVED +CVE-2021-3656 [KVM: nSVM: always intercept VMLOAD/VMSAVE when nested] + RESERVED + {DSA-4978-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1 +CVE-2021-37139 + RESERVED +CVE-2021-37138 + RESERVED +CVE-2021-37137 (The Snappy frame decoder function doesn't restrict the chunk length wh ...) + - netty <unfixed> + [bullseye] - netty <no-dsa> (Minor issue) + [buster] - netty <no-dsa> (Minor issue) + [stretch] - netty <no-dsa> (Minor issue) + NOTE: https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 + NOTE: Fixed by: https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f (netty-4.1.68.Final) +CVE-2021-37136 (The Bzip2 decompression decoder function doesn't allow setting size re ...) + - netty <unfixed> + [bullseye] - netty <no-dsa> (Minor issue) + [buster] - netty <no-dsa> (Minor issue) + [stretch] - netty <no-dsa> (Minor issue) + NOTE: https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv + NOTE: Fixed by: https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020 (netty-4.1.68.Final) +CVE-2021-37135 + RESERVED +CVE-2021-37134 (Location-related APIs exists a Race Condition vulnerability.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-37133 (There is an Unauthorized file access vulnerability in Smartphones.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-37132 (PackageManagerService has a Permissions, Privileges, and Access Contro ...) + NOT-FOR-US: Huawei +CVE-2021-37131 (There is a CSV injection vulnerability in ManageOne, iManager NetEco a ...) + NOT-FOR-US: Huawei +CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The ...) + NOT-FOR-US: Huawei +CVE-2021-37129 (There is an out of bounds write vulnerability in some Huawei products. ...) + NOT-FOR-US: Huawei +CVE-2021-37128 (HwPCAssistant has a Path Traversal vulnerability .Successful exploitat ...) + NOT-FOR-US: Huawei +CVE-2021-37127 (There is a signature management vulnerability in some huawei products. ...) + NOT-FOR-US: Huawei +CVE-2021-37126 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...) + NOT-FOR-US: Huawei +CVE-2021-37125 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...) + NOT-FOR-US: Huawei +CVE-2021-37124 (There is a path traversal vulnerability in Huawei PC product. Because ...) + NOT-FOR-US: Huawei +CVE-2021-37123 (There is an improper authentication vulnerability in Hero-CT060 before ...) + NOT-FOR-US: Hero-CT060 +CVE-2021-37122 (There is a use-after-free (UAF) vulnerability in Huawei products. An a ...) + NOT-FOR-US: Huawei +CVE-2021-37121 (There is a Configuration defects in Smartphone.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2021-37120 (There is a Double free vulnerability in Smartphone.Successful exploita ...) + NOT-FOR-US: Huawei +CVE-2021-37119 (There is a Service logic vulnerability in Smartphone.Successful exploi ...) + NOT-FOR-US: Huawei +CVE-2021-37118 (The HwNearbyMain module has a Improper Handling of Exceptional Conditi ...) + NOT-FOR-US: Huawei +CVE-2021-37117 (There is a Service logic vulnerability in Smartphone.Successful exploi ...) + NOT-FOR-US: Huawei +CVE-2021-37116 (PCManager has a Weaknesses Introduced During Design vulnerability .Suc ...) + NOT-FOR-US: Huawei +CVE-2021-37115 (There is an unauthorized rewriting vulnerability with the memory acces ...) + NOT-FOR-US: Huawei +CVE-2021-37114 (There is an Out-of-bounds read vulnerability in Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-37113 (There is a Privilege escalation vulnerability with the file system com ...) + NOT-FOR-US: Huawei +CVE-2021-37112 (Hisuite module has a External Control of System or Configuration Setti ...) + NOT-FOR-US: Huawei +CVE-2021-37111 (There is a Memory leakage vulnerability in Smartphone.Successful explo ...) + NOT-FOR-US: Huawei +CVE-2021-37110 (There is a Timing design defects in Smartphone.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2021-37109 (There is a security protection bypass vulnerability with the modem.Suc ...) + NOT-FOR-US: Huawei +CVE-2021-37108 + RESERVED +CVE-2021-37107 (There is an improper memory access permission configuration on ACPU.Su ...) + NOT-FOR-US: Huawei +CVE-2021-37106 (There is a command injection vulnerability in CMA service module of Fu ...) + NOT-FOR-US: FusionCompute (Huawei) +CVE-2021-37105 (There is an improper file upload control vulnerability in FusionComput ...) + NOT-FOR-US: FusionCompute (Huawei) +CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI P40 ver ...) + NOT-FOR-US: Huawei +CVE-2021-37103 + RESERVED +CVE-2021-37102 (There is a command injection vulnerability in CMA service module of Fu ...) + NOT-FOR-US: Huawei +CVE-2021-37101 (There is an improper authorization vulnerability in AIS-BW50-00 9.0.6. ...) + NOT-FOR-US: Huawei +CVE-2021-37100 (There is a Improper Authentication vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-37099 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37098 (Hilinksvc service exists a Data Processing Errors vulnerability .Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37097 (There is a Code Injection vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37096 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37095 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...) + NOT-FOR-US: Huawei +CVE-2021-37094 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37093 (There is a Improper Access Control vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-37092 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37091 (There is a Permissions,Privileges,and Access Controls vulnerability in ...) + NOT-FOR-US: Huawei +CVE-2021-37090 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37089 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37088 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37087 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37086 (There is a Improper Preservation of Permissions vulnerability in Huawe ...) + NOT-FOR-US: Huawei +CVE-2021-37085 (There is a Encoding timing vulnerability in Huawei Smartphone.Successf ...) + NOT-FOR-US: Huawei +CVE-2021-37084 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37083 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...) + NOT-FOR-US: Huawei +CVE-2021-37082 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37081 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37080 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37079 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37078 (There is a Uncaught Exception vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37077 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...) + NOT-FOR-US: Huawei +CVE-2021-37076 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37075 (There is a Credentials Management Errors vulnerability in Huawei Smart ...) + NOT-FOR-US: Huawei +CVE-2021-37074 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37073 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37072 (There is a Incorrect Calculation of Buffer Size vulnerability in Huawe ...) + NOT-FOR-US: Huawei +CVE-2021-37071 (There is a Business Logic Errors vulnerability in Huawei Smartphone.Su ...) + NOT-FOR-US: Huawei +CVE-2021-37070 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37069 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37068 (There is a Resource Management Errors vulnerability in Huawei Smartpho ...) + NOT-FOR-US: Huawei +CVE-2021-37067 (There is a Exposure of Sensitive Information to an Unauthorized Actor ...) + NOT-FOR-US: Huawei +CVE-2021-37066 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37065 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...) + NOT-FOR-US: Huawei +CVE-2021-37064 (There is a Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Huawei +CVE-2021-37063 (There is a Cryptographic Issues vulnerability in Huawei Smartphone.Suc ...) + NOT-FOR-US: Huawei +CVE-2021-37062 (There is a Improper Validation of Array Index vulnerability in Huawei ...) + NOT-FOR-US: Huawei +CVE-2021-37061 (There is a Uncontrolled Resource Consumption vulnerability in Huawei S ...) + NOT-FOR-US: Huawei +CVE-2021-37060 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37059 (There is a Weaknesses Introduced During Design ...) + NOT-FOR-US: HarmonyOS +CVE-2021-37058 (There is a Permissions,Privileges,and Access Controls vulnerability in ...) + NOT-FOR-US: Huawei +CVE-2021-37057 (There is a Improper Validation of Array Index vulnerability in Huawei ...) + NOT-FOR-US: Huawei +CVE-2021-37056 (There is an Improper permission control vulnerability in Huawei Smartp ...) + NOT-FOR-US: Huawei +CVE-2021-37055 (There is a Logic bypass vulnerability in Huawei Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-37054 (There is an Identity spoofing and authentication bypass vulnerability ...) + NOT-FOR-US: Huawei +CVE-2021-37053 (There is a Service logic vulnerability in Huawei Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-37052 (There is an Exception log vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37051 (There is an Out-of-bounds read vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-37050 (There is a Missing sensitive data encryption vulnerability in Huawei S ...) + NOT-FOR-US: Huawei +CVE-2021-37049 (There is a Heap-based buffer overflow vulnerability in Huawei Smartpho ...) + NOT-FOR-US: Huawei +CVE-2021-37048 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37047 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-37046 (There is a Memory leak vulnerability with the codec detection module i ...) + NOT-FOR-US: Huawei +CVE-2021-37045 (There is an UAF vulnerability in Huawei Smartphone.Successful exploita ...) + NOT-FOR-US: Huawei +CVE-2021-37044 (There is a Permission control vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37043 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) + NOT-FOR-US: Huawei +CVE-2021-37042 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-37041 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-37040 (There is a Parameter injection vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-37039 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-37038 (There is an Improper access control vulnerability in Huawei Smartphone ...) + NOT-FOR-US: Huawei +CVE-2021-37037 (There is an Invalid address access vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-37036 (There is an information leakage vulnerability in FusionCompute 6.5.1, ...) + NOT-FOR-US: Huawei +CVE-2021-37035 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...) + NOT-FOR-US: Huawei +CVE-2021-37034 (There is an Unstandardized field names in Huawei Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-37033 (There is an Injection attack vulnerability in Huawei Smartphone.Succes ...) + NOT-FOR-US: Huawei +CVE-2021-37032 (There is a Bypass vulnerability in Huawei Smartphone.Successful exploi ...) + NOT-FOR-US: Huawei +CVE-2021-37031 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...) + NOT-FOR-US: Huawei +CVE-2021-37030 (There is an Improper permission vulnerability in Huawei Smartphone.Suc ...) + NOT-FOR-US: Huawei +CVE-2021-37029 (There is an Identity verification vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q product. Whe ...) + NOT-FOR-US: Huawei +CVE-2021-37027 + RESERVED +CVE-2021-37026 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37025 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37024 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37023 (There is a Improper Access Control vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-37022 (There is a Heap-based Buffer Overflow vulnerability in Huawei Smartpho ...) + NOT-FOR-US: Huawei +CVE-2021-37021 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) + NOT-FOR-US: Huawei +CVE-2021-37020 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) + NOT-FOR-US: Huawei +CVE-2021-37019 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37018 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-37017 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37016 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37015 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37014 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) + NOT-FOR-US: Huawei +CVE-2021-37013 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37012 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-37011 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) + NOT-FOR-US: Huawei +CVE-2021-37010 (There is a Exposure of Sensitive Information to an Unauthorized Actor ...) + NOT-FOR-US: Huawei +CVE-2021-37009 (There is a Configuration vulnerability in Huawei Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-37008 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37007 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37006 (There is a Improper Preservation of Permissions vulnerability in Huawe ...) + NOT-FOR-US: Huawei +CVE-2021-37005 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37004 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37003 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37002 (There is a Memory out-of-bounds access vulnerability in Huawei Smartph ...) + NOT-FOR-US: Huawei +CVE-2021-37001 (There is a Register tampering vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37000 + RESERVED +CVE-2021-36999 (There is a Buffer overflow vulnerability in Huawei Smartphone.Successf ...) + NOT-FOR-US: Huawei +CVE-2021-36998 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-36997 (There is a Low memory error in Huawei Smartphone due to the unlimited ...) + NOT-FOR-US: Huawei +CVE-2021-36996 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-36995 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-36994 (There is a issue that trustlist strings being repeatedly inserted into ...) + NOT-FOR-US: Huawei +CVE-2021-36993 (There is a Memory leaks vulnerability in Huawei Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-36992 (There is a Public key verification vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-36991 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-36990 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...) + NOT-FOR-US: Huawei +CVE-2021-36989 (There is a Kernel crash vulnerability in Huawei Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-36988 (There is a Parameter verification issue in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-36987 (There is a issue that nodes in the linked list being freed for multipl ...) + NOT-FOR-US: Huawei +CVE-2021-36986 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...) + NOT-FOR-US: Huawei +CVE-2021-36985 (There is a Code injection vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-36984 + RESERVED +CVE-2021-36983 (replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to ...) + NOT-FOR-US: ReplaySorcery +CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...) + NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices +CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java deserial ...) + NOT-FOR-US: SerNet verinice +CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.10.46-3 + [buster] - linux 4.19.208-1 +CVE-2021-3654 [novnc allows open redirection] + RESERVED + - nova 2:23.0.2-3 (bug #991441) + [bullseye] - nova <no-dsa> (Minor issue) + [buster] - nova <no-dsa> (Minor issue) + [stretch] - nova <no-dsa> (Minor issue) + NOTE: https://bugs.launchpad.net/nova/+bug/1927677 + NOTE: Errata: https://www.openwall.com/lists/oss-security/2021/09/27/1 +CVE-2021-26263 + RESERVED +CVE-2021-23203 + RESERVED +CVE-2021-23184 + RESERVED +CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-f ...) + - openvswitch 2.15.0+ds1-10 (bug #991308) + [bullseye] - openvswitch <no-dsa> (Minor issue) + [buster] - openvswitch <not-affected> (Vulnerable code not present, introduced in 2.11) + [stretch] - openvswitch <not-affected> (Vulnerable code not present, introduced in 2.11) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml + NOTE: https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f + NOTE: https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3 + NOTE: https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35 + NOTE: https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2 + NOTE: https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575 + NOTE: https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2 + NOTE: Introduced in: https://github.com/openvswitch/ovs/commit/418a7a84245f5fbe589dd1267463fc9ba27a1dd6 +CVE-2021-36979 (Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (cal ...) + NOT-FOR-US: Unicorn Engine +CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer ...) + - qpdf 10.1.0-1 + [buster] - qpdf <no-dsa> (Minor issue) + [stretch] - qpdf <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml + NOTE: Fixed by: https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5 (release-qpdf-10.1.0) +CVE-2021-36977 (matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based bu ...) + - libmatio <not-affected> (Vulnerable code not yet present) + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2021-440.yaml +CVE-2021-36976 (libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (ca ...) + - libarchive <unfixed> (bug #991442) + [bullseye] - libarchive <no-dsa> (Minor issue) + [buster] - libarchive <no-dsa> (Minor issue) + [stretch] - libarchive <not-affected> (Vulnerable code introduced by 47bb818 in version 3.4.1) + NOTE: https://github.com/libarchive/libarchive/issues/1554 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml +CVE-2021-36975 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-36974 (Windows SMB Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36973 (Windows Redirected Drive Buffering System Elevation of Privilege Vulne ...) + NOT-FOR-US: Microsoft +CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-36971 + RESERVED +CVE-2021-36970 (Windows Print Spooler Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36969 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...) + NOT-FOR-US: Microsoft +CVE-2021-36968 (Windows DNS Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36967 (Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36966 (Windows Subsystem for Linux Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36965 (Windows WLAN AutoConfig Service Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36964 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-36963 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-36962 (Windows Installer Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36961 (Windows Installer Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36960 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-36959 (Windows Authenticode Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36958 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-36957 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36956 (Azure Sphere Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36955 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-36954 (Windows Bind Filter Driver Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36953 (Windows TCP/IP Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36952 (Visual Studio Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36951 + RESERVED +CVE-2021-36950 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-36949 (Microsoft Azure Active Directory Connect Authentication Bypass Vulnera ...) + NOT-FOR-US: Microsoft +CVE-2021-36948 (Windows Update Medic Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36947 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-36946 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36945 (Windows 10 Update Assistant Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36944 + RESERVED +CVE-2021-36943 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...) + NOT-FOR-US: Microsoft +CVE-2021-36942 (Windows LSA Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36941 (Microsoft Word Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36940 (Microsoft SharePoint Server Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36939 + RESERVED +CVE-2021-36938 (Windows Cryptographic Primitives Library Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-36937 (Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36936 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-36935 + RESERVED +CVE-2021-36934 (Windows Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36933 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) + NOT-FOR-US: Microsoft +CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) + NOT-FOR-US: Microsoft +CVE-2021-36931 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) + NOT-FOR-US: Microsoft +CVE-2021-36930 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) + NOT-FOR-US: Microsoft +CVE-2021-36929 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-36928 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) + NOT-FOR-US: Microsoft +CVE-2021-36927 (Windows Digital TV Tuner device registration application Elevation of ...) + NOT-FOR-US: Microsoft +CVE-2021-36926 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) + NOT-FOR-US: Microsoft +CVE-2021-36925 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) + NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio +CVE-2021-36924 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) + NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio +CVE-2021-36923 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) + NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio +CVE-2021-36922 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) + NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio +CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...) + NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices +CVE-2021-36920 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabil ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36918 + RESERVED +CVE-2021-36917 (WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36916 (The SQL injection vulnerability in the Hide My WP WordPress plugin (ve ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36915 + RESERVED +CVE-2021-36914 + RESERVED +CVE-2021-36913 + RESERVED +CVE-2021-36912 + RESERVED +CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36910 + RESERVED +CVE-2021-36909 (Authenticated Database Reset vulnerability in WordPress WP Reset PRO P ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36908 (Cross-Site Request Forgery (CSRF) vulnerability leading to Database Re ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36907 + RESERVED +CVE-2021-36906 + RESERVED +CVE-2021-36905 + RESERVED +CVE-2021-36904 + RESERVED +CVE-2021-36903 + RESERVED +CVE-2021-36902 + RESERVED +CVE-2021-36901 + RESERVED +CVE-2021-36900 + RESERVED +CVE-2021-36899 + RESERVED +CVE-2021-36898 + RESERVED +CVE-2021-36897 + RESERVED +CVE-2021-36896 + RESERVED +CVE-2021-36895 + RESERVED +CVE-2021-36894 + RESERVED +CVE-2021-36893 + RESERVED +CVE-2021-36892 + RESERVED +CVE-2021-36891 + RESERVED +CVE-2021-36890 + RESERVED +CVE-2021-36889 (Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabiliti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading to full ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36887 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36886 (Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36885 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36884 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability disc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36883 + RESERVED +CVE-2021-36882 + RESERVED +CVE-2021-36881 + RESERVED +CVE-2021-36880 (Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36879 (Unauthenticated Privilege Escalation vulnerability in WordPress uListi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36878 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36877 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36876 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36875 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36874 (Authenticated Insecure Direct Object References (IDOR) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36868 + RESERVED +CVE-2021-36867 + RESERVED +CVE-2021-36866 + RESERVED +CVE-2021-36865 + RESERVED +CVE-2021-36864 + RESERVED +CVE-2021-36863 + RESERVED +CVE-2021-36862 + RESERVED +CVE-2021-36861 + RESERVED +CVE-2021-36860 + RESERVED +CVE-2021-36859 + RESERVED +CVE-2021-36858 + RESERVED +CVE-2021-36857 + RESERVED +CVE-2021-36856 + RESERVED +CVE-2021-36855 + RESERVED +CVE-2021-36854 + RESERVED +CVE-2021-36853 + RESERVED +CVE-2021-36852 + RESERVED +CVE-2021-36851 + RESERVED +CVE-2021-36850 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media Fil ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36849 + RESERVED +CVE-2021-36848 + RESERVED +CVE-2021-36847 + RESERVED +CVE-2021-36846 + RESERVED +CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36844 + RESERVED +CVE-2021-36843 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability discover ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36842 + RESERVED +CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36840 + RESERVED +CVE-2021-36839 + RESERVED +CVE-2021-36838 + RESERVED +CVE-2021-36837 + RESERVED +CVE-2021-36836 + RESERVED +CVE-2021-36835 + RESERVED +CVE-2021-36834 + RESERVED +CVE-2021-36833 + RESERVED +CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin ̵ ...) + NOT-FOR-US: Wordpress plugins +CVE-2021-36831 + RESERVED +CVE-2021-36830 + RESERVED +CVE-2021-36829 + RESERVED +CVE-2021-36828 + RESERVED +CVE-2021-36827 + RESERVED +CVE-2021-36826 + RESERVED +CVE-2021-36825 + RESERVED +CVE-2021-36824 + RESERVED +CVE-2021-36823 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36822 + RESERVED +CVE-2021-36821 + RESERVED +CVE-2021-36820 + RESERVED +CVE-2021-36819 + RESERVED +CVE-2021-36818 + RESERVED +CVE-2021-36817 + RESERVED +CVE-2021-36816 + RESERVED +CVE-2021-36815 + RESERVED +CVE-2021-36814 + RESERVED +CVE-2021-36813 + RESERVED +CVE-2021-36812 + RESERVED +CVE-2021-36811 + RESERVED +CVE-2021-36810 + RESERVED +CVE-2021-36809 + RESERVED +CVE-2021-36808 (A local attacker could bypass the app password using a race condition ...) + NOT-FOR-US: Sophos +CVE-2021-36807 (An authenticated user could potentially execute code via an SQLi vulne ...) + NOT-FOR-US: Sophos +CVE-2021-36806 + RESERVED +CVE-2021-36805 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...) + NOT-FOR-US: Akaunting +CVE-2021-36804 (Akaunting version 2.1.12 and earlier suffers from a password reset spo ...) + NOT-FOR-US: Akaunting +CVE-2021-36803 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...) + NOT-FOR-US: Akaunting +CVE-2021-36802 (Akaunting version 2.1.12 and earlier suffers from a denial-of-service ...) + NOT-FOR-US: Akaunting +CVE-2021-36801 (Akaunting version 2.1.12 and earlier suffers from an authentication by ...) + NOT-FOR-US: Akaunting +CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code injection iss ...) + NOT-FOR-US: Akaunting +CVE-2021-36799 (** UNSUPPORTED WHEN ASSIGNED ** KNX ETS5 through 5.7.6 uses the hard-c ...) + NOT-FOR-US: KNX ETS5 +CVE-2021-36798 (A Denial-of-Service (DoS) vulnerability was discovered in Team Server ...) + NOT-FOR-US: HelpSystems Cobalt Strike +CVE-2021-36797 (** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is ...) + NOT-FOR-US: Victron Energy Venus OS +CVE-2021-36796 + RESERVED +CVE-2021-36795 (A permission issue in the Cohesity Linux agent may allow privilege esc ...) + NOT-FOR-US: Cohesity +CVE-2021-36794 (In Siren Investigate before 11.1.4, when enabling the cluster feature ...) + NOT-FOR-US: Siren Investigate +CVE-2021-36793 (The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, ...) + NOT-FOR-US: routes (aka Extbase Yaml Routes) extension for TYPO3 +CVE-2021-36792 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has ...) + NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 +CVE-2021-36791 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...) + NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 +CVE-2021-36790 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...) + NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 +CVE-2021-36789 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...) + NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 +CVE-2021-36788 (The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows ...) + NOT-FOR-US: yoast_seo (aka Yoast SEO) extension for TYPO3 +CVE-2021-36787 (The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 al ...) + NOT-FOR-US: femanager extension for TYPO3 +CVE-2021-36786 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...) + NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3 +CVE-2021-36785 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...) + NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3 +CVE-2021-36784 + RESERVED +CVE-2021-36783 + RESERVED +CVE-2021-36782 + RESERVED +CVE-2021-36781 (A Incorrect Default Permissions vulnerability in the parsec package of ...) + NOT-FOR-US: Parsec +CVE-2021-36780 (A Improper Access Control vulnerability in longhorn of SUSE Longhorn a ...) + NOT-FOR-US: Longhorn +CVE-2021-36779 (A Improper Access Control vulnerability inf SUSE Longhorn allows any w ...) + NOT-FOR-US: Longhorn +CVE-2021-36778 + RESERVED +CVE-2021-36777 + RESERVED +CVE-2021-36776 + RESERVED +CVE-2021-36775 + RESERVED +CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1 +CVE-2021-36774 (Apache Kylin allows users to read data from other database systems usi ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...) + - ublock-origin 1.37.0+dfsg-1 (bug #991386) + [bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1 + [buster] - ublock-origin 1.37.0+dfsg-1~deb10u1 + [stretch] - ublock-origin <no-dsa> (Minor issue) + - umatrix <unfixed> (bug #991344) + [buster] - umatrix <no-dsa> (Minor issue) + NOTE: https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc +CVE-2021-36772 (Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. ...) + NOT-FOR-US: Zoho +CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. ...) + NOT-FOR-US: Zoho +CVE-2021-36770 (Encode.pm, as distributed in Perl through 5.34.0, allows local users t ...) + - libencode-perl 3.08-2 + [bullseye] - libencode-perl 3.08-1+deb11u1 + [buster] - libencode-perl <not-affected> (Vulnerable code introduced later) + [stretch] - libencode-perl <not-affected> (Vulnerable code introduced later) + - perl 5.32.1-5 + [bullseye] - perl 5.32.1-4+deb11u1 + [buster] - perl <not-affected> (Vulnerable code introduced later) + [stretch] - perl <not-affected> (Vulnerable code introduced later) + NOTE: Introduced by: https://github.com/dankogai/p5-encode/commit/9c5f5a307863b66da3701f6c7d13139aa20179b8 (3.05) + NOTE: Fixed by: https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74 (3.12) + NOTE: Introduced by: https://github.com/Perl/perl5/commit/8ced1423dbb2a874f2d95e9c5c4c46960c2bf318 (v5.32.0-RC0) + NOTE: Fixed by: https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9 +CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...) + [experimental] - telegram-desktop 2.9.0+ds-1 + - telegram-desktop 2.9.2+ds-1 (bug #991493) + [bullseye] - telegram-desktop <no-dsa> (Minor issue) + [buster] - telegram-desktop <no-dsa> (Minor issue) + NOTE: https://mtpsym.github.io/ +CVE-2021-36768 + RESERVED +CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succeed] + RESERVED + - 389-ds-base 1.4.4.17-1 (bug #991405) + [bullseye] - 389-ds-base <no-dsa> (Minor issue) + [buster] - 389-ds-base <no-dsa> (Minor issue) + [stretch] - 389-ds-base <no-dsa> (Minor issue) + NOTE: https://github.com/389ds/389-ds-base/issues/4817 + NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master) + NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x) +CVE-2021-36767 (In Digi RealPort through 4.10.490, authentication relies on a challeng ...) + NOT-FOR-US: Digi RealPort +CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...) + NOT-FOR-US: Concrete5 +CVE-2021-36765 (In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests ma ...) + NOT-FOR-US: CODESYS EtherNetIP +CVE-2021-36764 (In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Derefe ...) + NOT-FOR-US: CODESYS Gateway +CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or directories are ac ...) + NOT-FOR-US: CODESYS V3 web server +CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack through ...) + NOT-FOR-US: HCC Embedded InterNiche NicheStack +CVE-2021-36761 + RESERVED +CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server ...) + NOT-FOR-US: WSO2 +CVE-2021-36759 + RESERVED +CVE-2021-3651 + RESERVED +CVE-2021-36758 (1Password Connect server before 1.2 is missing validation checks, perm ...) + NOT-FOR-US: 1Password +CVE-2021-36757 + RESERVED +CVE-2021-36756 (CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate ...) + NOT-FOR-US: CFEngine Enterprise +CVE-2021-36755 (Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via ...) + NOT-FOR-US: Nightscout Web Monitor +CVE-2021-36754 (PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to cra ...) + - pdns <not-affected> (Vulnerable code introduced in 4.5.0) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/26/2 +CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current working d ...) + NOT-FOR-US: sharkdp BAT +CVE-2021-36752 + RESERVED +CVE-2021-36751 (ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such ...) + NOT-FOR-US: ENC DataVault +CVE-2021-36750 (ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, ma ...) + NOT-FOR-US: ENC +CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...) + - druid <itp> (bug #825797) + NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1 +CVE-2021-3650 + RESERVED +CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression Complexity ...) + NOT-FOR-US: chatwoot +CVE-2021-36748 (A SQL Injection issue in the list controller of the Prestahome Blog (a ...) + NOT-FOR-US: Prestahome Blog +CVE-2021-36747 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...) + NOT-FOR-US: Blackboard Learn +CVE-2021-36746 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...) + NOT-FOR-US: Blackboard Learn +CVE-2021-36745 (A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerPr ...) + NOT-FOR-US: Trend Micro +CVE-2021-36744 (Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a dire ...) + NOT-FOR-US: Trend Micro +CVE-2021-36743 + RESERVED +CVE-2021-36742 (A improper input validation vulnerability in Trend Micro Apex One, Ape ...) + NOT-FOR-US: Trend Micro +CVE-2021-36741 (An improper input validation vulnerability in Trend Micro Apex One, Ap ...) + NOT-FOR-US: Trend Micro +CVE-2021-3648 + REJECTED +CVE-2021-3647 (URI.js is vulnerable to URL Redirection to Untrusted Site ...) + NOT-FOR-US: URI.js +CVE-2021-3646 (btcpayserver is vulnerable to Improper Neutralization of Input During ...) + NOT-FOR-US: btcpayserver +CVE-2021-3645 (merge is vulnerable to Improperly Controlled Modification of Object Pr ...) + NOT-FOR-US: Node viking04/merge +CVE-2021-3644 + RESERVED + - wildfly <itp> (bug #752018) +CVE-2021-36739 (The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCB ...) + NOT-FOR-US: Apache Pluto MVCBean JSP portlet +CVE-2021-36738 (The input fields in the JSP version of the Apache Pluto Applicant MVCB ...) + NOT-FOR-US: Apache Pluto Applicant MVCBean CDI portlet +CVE-2021-36737 (The input fields of the Apache Pluto UrlTestPortlet are vulnerable to ...) + NOT-FOR-US: Apache Pluto UrlTestPortlet +CVE-2021-36736 + REJECTED +CVE-2021-36735 + REJECTED +CVE-2021-36734 + REJECTED +CVE-2021-36733 + RESERVED +CVE-2021-36732 + RESERVED +CVE-2021-36731 + RESERVED +CVE-2021-36730 + RESERVED +CVE-2021-36729 + RESERVED +CVE-2021-36728 + RESERVED +CVE-2021-36727 + RESERVED +CVE-2021-36740 (Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL a ...) + - varnish 6.5.2-1 (bug #991040) + [stretch] - varnish <ignored> (HTTP/2 support is marked experimental in 5.0 and enabling is not recommended, code is quite different) + NOTE: https://varnish-cache.org/security/VSV00007.html + NOTE: https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf (6.0.8) + NOTE: https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be (6.5.2) +CVE-2021-36726 + RESERVED +CVE-2021-36725 + RESERVED +CVE-2021-36724 (ForeScout - SecureConnector Local Service DoS - A low privilaged user ...) + NOT-FOR-US: ForeScout - SecureConnector +CVE-2021-36723 (Emuse - eServices / eNvoice Exposure Of Private Personal Information d ...) + NOT-FOR-US: Emuse - eServices / eNvoice +CVE-2021-36722 (Emuse - eServices / eNvoice SQL injection can be used in various ways ...) + NOT-FOR-US: Emuse - eServices / eNvoice +CVE-2021-36721 (Sysaid API User Enumeration - Attacker sending requests to specific ap ...) + NOT-FOR-US: Sysaid API +CVE-2021-36720 (PineApp - Mail Secure - Attacker sending a request to :/blocking.php?u ...) + NOT-FOR-US: PineApp - Mail Secure +CVE-2021-36719 (PineApp - Mail Secure - The attacker must be logged in as a user to th ...) + NOT-FOR-US: PineApp - Mail Secure +CVE-2021-36718 (SYNEL - eharmonynew / Synel Reports - The attacker can log in to the s ...) + NOT-FOR-US: SYNEL - eharmonynew / Synel Reports +CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vulnerabi ...) + NOT-FOR-US: Synerion TimeNet +CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in the S ...) + NOT-FOR-US: Node is-email +CVE-2021-3643 + RESERVED +CVE-2021-38193 (An issue was discovered in the ammonia crate before 3.1.0 for Rust. XS ...) + - rust-ammonia 3.1.2-1 (bug #991497) + NOTE: https://github.com/rust-ammonia/ammonia/commit/4b8426b89b861d9bea20e126576b0febb9d13515 + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0074.html +CVE-2021-38191 (An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon ...) + - rust-tokio <not-affected> (Introduced in 0.3.0) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0072.html + NOTE: https://github.com/tokio-rs/tokio/issues/3929 + NOTE: https://github.com/tokio-rs/tokio/pull/3934 + NOTE: https://github.com/tokio-rs/tokio/pull/3934/commits/84394949228d11d1f68925e26f36c435946b9d11 +CVE-2021-36715 + RESERVED +CVE-2021-36714 + RESERVED +CVE-2021-36713 + RESERVED +CVE-2021-36712 + RESERVED +CVE-2021-36711 + RESERVED +CVE-2021-36710 + RESERVED +CVE-2021-36709 + RESERVED +CVE-2021-36708 (In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in th ...) + NOT-FOR-US: ProLink +CVE-2021-36707 (In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in th ...) + NOT-FOR-US: ProLink +CVE-2021-36706 (In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the ...) + NOT-FOR-US: ProLink +CVE-2021-36705 (In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the a ...) + NOT-FOR-US: ProLink +CVE-2021-36704 + RESERVED +CVE-2021-36703 (The "blog title" field in the "Settings" menu "config" page of "dashbo ...) + NOT-FOR-US: htmly +CVE-2021-36702 (The "content" field in the "regular post" page of the "add content" me ...) + NOT-FOR-US: htmly +CVE-2021-36701 (In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on ...) + NOT-FOR-US: htmly +CVE-2021-36700 + RESERVED +CVE-2021-36699 + RESERVED +CVE-2021-36698 (Pandora FMS through 755 allows XSS via a new Event Filter with a craft ...) + NOT-FOR-US: Pandora FMS +CVE-2021-36697 (With an admin account, the .htaccess file in Artica Pandora FMS <=7 ...) + NOT-FOR-US: Pandora FMS +CVE-2021-36696 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...) + NOT-FOR-US: Deskpro +CVE-2021-36695 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...) + NOT-FOR-US: Deskpro +CVE-2021-36694 + RESERVED +CVE-2021-36693 + RESERVED +CVE-2021-36692 (libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/c ...) + - jpeg-xl <not-affected> (Fixed before initial upload to Debian) + NOTE: https://github.com/libjxl/libjxl/issues/308 + NOTE: https://github.com/libjxl/libjxl/pull/313 + NOTE: https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b (v0.5) +CVE-2021-36691 (libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image ...) + - jpeg-xl <unfixed> + NOTE: https://github.com/libjxl/libjxl/issues/422 + NOTE: Special case of https://github.com/libjxl/libjxl/issues/762 +CVE-2021-36690 (** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ...) + - sqlite3 3.36.0-2 (unimportant) + [stretch] - sqlite3 <not-affected> (vulnerable code is not present) + NOTE: https://www.sqlite.org/forum/forumpost/718c0a8d17 +CVE-2021-36689 + RESERVED +CVE-2021-36688 + RESERVED +CVE-2021-36687 + RESERVED +CVE-2021-36686 + RESERVED +CVE-2021-36685 + RESERVED +CVE-2021-36684 + RESERVED +CVE-2021-36683 + RESERVED +CVE-2021-36682 + RESERVED +CVE-2021-36681 + RESERVED +CVE-2021-36680 + RESERVED +CVE-2021-36679 + RESERVED +CVE-2021-36678 + RESERVED +CVE-2021-36677 + RESERVED +CVE-2021-36676 + RESERVED +CVE-2021-36675 + RESERVED +CVE-2021-36674 + RESERVED +CVE-2021-36673 + RESERVED +CVE-2021-36672 + RESERVED +CVE-2021-36671 + RESERVED +CVE-2021-36670 + RESERVED +CVE-2021-36669 + RESERVED +CVE-2021-36668 + RESERVED +CVE-2021-36667 + RESERVED +CVE-2021-36666 + RESERVED +CVE-2021-36665 + RESERVED +CVE-2021-36664 + RESERVED +CVE-2021-36663 + RESERVED +CVE-2021-36662 + RESERVED +CVE-2021-36661 + RESERVED +CVE-2021-36660 + RESERVED +CVE-2021-36659 + RESERVED +CVE-2021-36658 + RESERVED +CVE-2021-36657 + RESERVED +CVE-2021-36656 + RESERVED +CVE-2021-36655 + RESERVED +CVE-2021-36654 (CMSuno 1.7 is vulnerable to an authenticated stored cross site scripti ...) + NOT-FOR-US: CMSuno +CVE-2021-36653 + RESERVED +CVE-2021-36652 + RESERVED +CVE-2021-36651 + RESERVED +CVE-2021-36650 + RESERVED +CVE-2021-36649 + RESERVED +CVE-2021-36648 + RESERVED +CVE-2021-36647 + RESERVED +CVE-2021-36646 + RESERVED +CVE-2021-36645 + RESERVED +CVE-2021-36644 + RESERVED +CVE-2021-36643 + RESERVED +CVE-2021-36642 + RESERVED +CVE-2021-36641 + RESERVED +CVE-2021-36640 + RESERVED +CVE-2021-36639 + RESERVED +CVE-2021-36638 + RESERVED +CVE-2021-36637 + RESERVED +CVE-2021-36636 + RESERVED +CVE-2021-36635 + RESERVED +CVE-2021-36634 + RESERVED +CVE-2021-36633 + RESERVED +CVE-2021-36632 + RESERVED +CVE-2021-36631 + RESERVED +CVE-2021-36630 + RESERVED +CVE-2021-36629 + RESERVED +CVE-2021-36628 + RESERVED +CVE-2021-36627 + RESERVED +CVE-2021-36626 + RESERVED +CVE-2021-36625 + RESERVED +CVE-2021-36624 (Sourcecodester Phone Shop Sales Managements System version 1.0 suffers ...) + NOT-FOR-US: Sourcecodester +CVE-2021-36623 (Arbitrary File Upload in Sourcecodester Phone Shop Sales Management Sy ...) + NOT-FOR-US: Sourcecodester +CVE-2021-36622 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affect ...) + NOT-FOR-US: Sourcecodester +CVE-2021-36621 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulner ...) + NOT-FOR-US: Sourcecodester +CVE-2021-36620 + RESERVED +CVE-2021-36619 + RESERVED +CVE-2021-36618 + RESERVED +CVE-2021-36617 + RESERVED +CVE-2021-36616 + RESERVED +CVE-2021-36615 + RESERVED +CVE-2021-36614 + RESERVED +CVE-2021-36613 + RESERVED +CVE-2021-36612 + RESERVED +CVE-2021-36611 + RESERVED +CVE-2021-36610 + RESERVED +CVE-2021-36609 + RESERVED +CVE-2021-36608 + RESERVED +CVE-2021-36607 + RESERVED +CVE-2021-36606 + RESERVED +CVE-2021-36605 (engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is ...) + NOT-FOR-US: engineercms +CVE-2021-36604 + RESERVED +CVE-2021-36603 + RESERVED +CVE-2021-36602 + RESERVED +CVE-2021-36601 (GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerabilit ...) + NOT-FOR-US: GetSimpleCMS +CVE-2021-36600 + RESERVED +CVE-2021-36599 + RESERVED +CVE-2021-36598 + RESERVED +CVE-2021-36597 + RESERVED +CVE-2021-36596 + RESERVED +CVE-2021-36595 + RESERVED +CVE-2021-36594 + RESERVED +CVE-2021-36593 + RESERVED +CVE-2021-36592 + RESERVED +CVE-2021-36591 + RESERVED +CVE-2021-36590 + RESERVED +CVE-2021-36589 + RESERVED +CVE-2021-36588 + RESERVED +CVE-2021-36587 + RESERVED +CVE-2021-36586 + RESERVED +CVE-2021-36585 + RESERVED +CVE-2021-36584 (An issue was discovered in GPAC 1.0.1. There is a heap-based buffer ov ...) + - gpac <unfixed> (bug #991965) + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + [stretch] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/1842 + NOTE: https://github.com/gpac/gpac/commit/13442ec1c401a4181ba6d7f79c27df6054c817c7 +CVE-2021-36583 + RESERVED +CVE-2021-36582 (In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., ...) + NOT-FOR-US: Kooboo CMS +CVE-2021-36581 (Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possib ...) + NOT-FOR-US: Kooboo CMS +CVE-2021-36580 + RESERVED +CVE-2021-36579 + RESERVED +CVE-2021-36578 + RESERVED +CVE-2021-36577 + RESERVED +CVE-2021-36576 + RESERVED +CVE-2021-36575 + RESERVED +CVE-2021-36574 + RESERVED +CVE-2021-36573 + RESERVED +CVE-2021-36572 + RESERVED +CVE-2021-36571 + RESERVED +CVE-2021-36570 + RESERVED +CVE-2021-36569 + RESERVED +CVE-2021-36568 + RESERVED +CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...) + NOT-FOR-US: ThinkPHP +CVE-2021-36566 + RESERVED +CVE-2021-36565 + RESERVED +CVE-2021-36564 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...) + NOT-FOR-US: ThinkPHP +CVE-2021-36563 (The CheckMK management web console (versions 1.5.0 to 2.0.0) does not ...) + - check-mk <removed> +CVE-2021-36562 + RESERVED +CVE-2021-36561 + RESERVED +CVE-2021-36560 (Phone Shop Sales Managements System using PHP with Source Code 1.0 is ...) + NOT-FOR-US: Phone Shop Sales Managements System +CVE-2021-36559 + RESERVED +CVE-2021-36558 + RESERVED +CVE-2021-36557 + RESERVED +CVE-2021-36556 + RESERVED +CVE-2021-36555 + RESERVED +CVE-2021-36554 + RESERVED +CVE-2021-36553 + RESERVED +CVE-2021-36552 + RESERVED +CVE-2021-36551 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...) + - tikiwiki <removed> +CVE-2021-36550 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...) + - tikiwiki <removed> +CVE-2021-36549 + RESERVED +CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component /admin/in ...) + NOT-FOR-US: Monstra CMS +CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component /codebase ...) + NOT-FOR-US: Mara CMS +CVE-2021-36546 + RESERVED +CVE-2021-36545 + RESERVED +CVE-2021-36544 + RESERVED +CVE-2021-36543 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDo ...) + NOT-FOR-US: SeedDMS +CVE-2021-36542 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocu ...) + NOT-FOR-US: SeedDMS +CVE-2021-36541 + RESERVED +CVE-2021-36540 + RESERVED +CVE-2021-36539 + RESERVED +CVE-2021-36538 + RESERVED +CVE-2021-36537 + RESERVED +CVE-2021-36536 + RESERVED +CVE-2021-36535 + RESERVED +CVE-2021-36534 + RESERVED +CVE-2021-36533 + RESERVED +CVE-2021-36532 + RESERVED +CVE-2021-36531 (ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLI ...) + NOT-FOR-US: ngiflib +CVE-2021-36530 (ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NG ...) + NOT-FOR-US: ngiflib +CVE-2021-36529 + RESERVED +CVE-2021-36528 + RESERVED +CVE-2021-36527 + RESERVED +CVE-2021-36526 + RESERVED +CVE-2021-36525 + RESERVED +CVE-2021-36524 + RESERVED +CVE-2021-36523 + RESERVED +CVE-2021-36522 + RESERVED +CVE-2021-36521 + RESERVED +CVE-2021-36520 + RESERVED +CVE-2021-36519 + RESERVED +CVE-2021-36518 + RESERVED +CVE-2021-36517 + RESERVED +CVE-2021-36516 + RESERVED +CVE-2021-36515 + RESERVED +CVE-2021-36514 + RESERVED +CVE-2021-36513 (An issue was discovered in function sofia_handle_sip_i_notify in sofia ...) + - freeswitch <itp> (bug #389591) +CVE-2021-36512 (An issue was discovered in function scanallsubs in src/sbbs3/scansubs. ...) + NOT-FOR-US: Synchronet BBS +CVE-2021-36511 + RESERVED +CVE-2021-36510 + RESERVED +CVE-2021-36509 + RESERVED +CVE-2021-36508 + RESERVED +CVE-2021-36507 + RESERVED +CVE-2021-36506 + RESERVED +CVE-2021-36505 + RESERVED +CVE-2021-36504 + RESERVED +CVE-2021-36503 + RESERVED +CVE-2021-36502 + RESERVED +CVE-2021-36501 + RESERVED +CVE-2021-36500 + RESERVED +CVE-2021-36499 + RESERVED +CVE-2021-36498 + RESERVED +CVE-2021-36497 + RESERVED +CVE-2021-36496 + RESERVED +CVE-2021-36495 + RESERVED +CVE-2021-36494 + RESERVED +CVE-2021-36493 + RESERVED +CVE-2021-36492 + RESERVED +CVE-2021-36491 + RESERVED +CVE-2021-36490 + RESERVED +CVE-2021-36489 + RESERVED +CVE-2021-36488 + RESERVED +CVE-2021-36487 + RESERVED +CVE-2021-36486 + RESERVED +CVE-2021-36485 + RESERVED +CVE-2021-36484 + RESERVED +CVE-2021-36483 (DevExpress.XtraReports.UI through v21.1 allows attackers to execute ar ...) + NOT-FOR-US: DevExpress.XtraReports.UI +CVE-2021-36482 + RESERVED +CVE-2021-36481 + RESERVED +CVE-2021-36480 + RESERVED +CVE-2021-36479 + RESERVED +CVE-2021-36478 + RESERVED +CVE-2021-36477 + RESERVED +CVE-2021-36476 + RESERVED +CVE-2021-36475 + RESERVED +CVE-2021-36474 + RESERVED +CVE-2021-36473 + RESERVED +CVE-2021-36472 + RESERVED +CVE-2021-36471 + RESERVED +CVE-2021-36470 + RESERVED +CVE-2021-36469 + RESERVED +CVE-2021-36468 + RESERVED +CVE-2021-36467 + RESERVED +CVE-2021-36466 + RESERVED +CVE-2021-36465 + RESERVED +CVE-2021-36464 + RESERVED +CVE-2021-36463 + RESERVED +CVE-2021-36462 + RESERVED +CVE-2021-36461 + RESERVED +CVE-2021-36460 + RESERVED +CVE-2021-36459 + RESERVED +CVE-2021-36458 + RESERVED +CVE-2021-36457 + RESERVED +CVE-2021-36456 + RESERVED +CVE-2021-36455 (SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quick ...) + NOT-FOR-US: Naviwebs Navigate CMS +CVE-2021-36454 (Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 ...) + NOT-FOR-US: Naviwebs Navigate CMS +CVE-2021-36453 + RESERVED +CVE-2021-36452 + RESERVED +CVE-2021-36451 + RESERVED +CVE-2021-36450 (Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the co ...) + NOT-FOR-US: Verint +CVE-2021-36449 + RESERVED +CVE-2021-36448 + RESERVED +CVE-2021-36447 + RESERVED +CVE-2021-36446 + RESERVED +CVE-2021-36445 + RESERVED +CVE-2021-36444 + RESERVED +CVE-2021-36443 + RESERVED +CVE-2021-36442 + RESERVED +CVE-2021-36441 + RESERVED +CVE-2021-36440 (Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to ...) + NOT-FOR-US: ShowDoc +CVE-2021-36439 + RESERVED +CVE-2021-36438 + RESERVED +CVE-2021-36437 + RESERVED +CVE-2021-36436 + RESERVED +CVE-2021-36435 + RESERVED +CVE-2021-36434 + RESERVED +CVE-2021-36433 + RESERVED +CVE-2021-36432 + RESERVED +CVE-2021-36431 + RESERVED +CVE-2021-36430 + RESERVED +CVE-2021-36429 + RESERVED +CVE-2021-36428 + RESERVED +CVE-2021-36427 + RESERVED +CVE-2021-36426 + RESERVED +CVE-2021-36425 + RESERVED +CVE-2021-36424 + RESERVED +CVE-2021-36423 + RESERVED +CVE-2021-36422 + RESERVED +CVE-2021-36421 + RESERVED +CVE-2021-36420 + RESERVED +CVE-2021-3642 (A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final ...) + NOT-FOR-US: WildFly Elytron +CVE-2021-36419 + RESERVED +CVE-2021-36418 + RESERVED +CVE-2021-36417 (A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in th ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1846 + NOTE: https://github.com/gpac/gpac/commit/737e1f39da80e02912953269966d89afd196ad30 +CVE-2021-36416 + RESERVED +CVE-2021-36415 + RESERVED +CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1840 + NOTE: https://github.com/gpac/gpac/commit/6007c7145eb0fcd29fe05b6e5983a065b42c6b21 +CVE-2021-36413 + RESERVED +CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...) + - gpac <unfixed> + NOTE: https://github.com/gpac/gpac/issues/1838 + NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e +CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...) + - libde265 <unfixed> + [bullseye] - libde265 <no-dsa> (Minor issue) + [buster] - libde265 <no-dsa> (Minor issue) + [stretch] - libde265 <no-dsa> (Minor issue) + NOTE: https://github.com/strukturag/libde265/issues/302 +CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...) + - libde265 <unfixed> + [bullseye] - libde265 <no-dsa> (Minor issue) + [buster] - libde265 <no-dsa> (Minor issue) + [stretch] - libde265 <no-dsa> (Minor issue) + NOTE: https://github.com/strukturag/libde265/issues/301 +CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...) + NOT-FOR-US: Bitdefender +CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...) + - libde265 <unfixed> + [bullseye] - libde265 <no-dsa> (Minor issue) + [buster] - libde265 <no-dsa> (Minor issue) + [stretch] - libde265 <no-dsa> (Minor issue) + NOTE: https://github.com/strukturag/libde265/issues/300 +CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...) + - libde265 <unfixed> + [bullseye] - libde265 <no-dsa> (Minor issue) + [buster] - libde265 <no-dsa> (Minor issue) + [stretch] - libde265 <no-dsa> (Minor issue) + NOTE: https://github.com/strukturag/libde265/issues/299 +CVE-2021-36407 + RESERVED +CVE-2021-36406 + RESERVED +CVE-2021-36405 + RESERVED +CVE-2021-36404 + RESERVED +CVE-2021-36403 + RESERVED +CVE-2021-36402 + RESERVED +CVE-2021-36401 + RESERVED +CVE-2021-36400 + RESERVED +CVE-2021-36399 + RESERVED +CVE-2021-36398 + RESERVED +CVE-2021-36397 + RESERVED +CVE-2021-36396 + RESERVED +CVE-2021-36395 + RESERVED +CVE-2021-36394 + RESERVED +CVE-2021-36393 + RESERVED +CVE-2021-36392 + RESERVED +CVE-2021-36391 + RESERVED +CVE-2021-36390 + RESERVED +CVE-2021-36389 (In Yellowfin before 9.6.1 it is possible to enumerate and download upl ...) + NOT-FOR-US: Yellowfin +CVE-2021-36388 (In Yellowfin before 9.6.1 it is possible to enumerate and download use ...) + NOT-FOR-US: Yellowfin +CVE-2021-36387 (In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulne ...) + NOT-FOR-US: Yellowfin +CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ...) + - fetchmail 6.4.16-4 (unimportant) + NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt + NOTE: Fixed by: https://gitlab.com/fetchmail/fetchmail/-/commit/c546c8299243a10a7b85c638e0e61396ecd5d8b5 (RELEASE_6-4-20) + NOTE: Regression fix: https://gitlab.com/fetchmail/fetchmail/-/commit/d3db2da1d13bd2419370ad96defb92eecb17064c (RELEASE_6-4-21) + NOTE: Negligible security impact +CVE-2021-36385 (A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remot ...) + NOT-FOR-US: Cerner Mobile Care +CVE-2021-36384 + RESERVED +CVE-2021-36383 (Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0 ...) + NOT-FOR-US: Xen Orchestra +CVE-2021-36382 (Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows ...) + NOT-FOR-US: Devolutions Server +CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an unauthenticat ...) + NOT-FOR-US: Edifecs +CVE-2021-36380 (Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command I ...) + NOT-FOR-US: Sunhillo SureLine +CVE-2021-36379 + REJECTED +CVE-2021-36378 + RESERVED +CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname ...) + - fossil 1:2.15.2-1 + [buster] - fossil <no-dsa> (Minor issue) + [stretch] - fossil <no-dsa> (Minor issue) + NOTE: https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036 +CVE-2021-36376 (dandavison delta before 0.8.3 on Windows resolves an executable's path ...) + NOT-FOR-US: dandavison delta +CVE-2021-36375 + RESERVED +CVE-2021-36374 (When reading a specially crafted ZIP archive, or a derived formats, an ...) + - ant 1.10.11-1 (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/6 + NOTE: Crash in CLI tool, no security impact +CVE-2021-36373 (When reading a specially crafted TAR archive an Apache Ant build can b ...) + - ant 1.10.11-1 (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/5 + NOTE: Crash in CLI tool, no security impact +CVE-2021-36372 (In Apache Ozone versions prior to 1.2.0, Initially generated block tok ...) + NOT-FOR-US: Apache Ozone +CVE-2021-36371 (Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allo ...) + NOT-FOR-US: Emissary-Ingress (formerly Ambassador API Gateway) +CVE-2021-36370 (An issue was discovered in Midnight Commander through 4.8.26. When est ...) + - mc 3:4.8.27-1 (bug #993404) + [bullseye] - mc <no-dsa> (Minor issue) + [buster] - mc <no-dsa> (Minor issue) + [stretch] - mc <no-dsa> (Minor issue) + NOTE: https://github.com/MidnightCommander/mc/commit/9235d3c232d13ad7f973346077c9cf2eaa77dc5f +CVE-2021-36369 + RESERVED +CVE-2021-36368 + RESERVED +CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session even if i ...) + - putty 0.75-3 (bug #990901) + [bullseye] - putty <no-dsa> (Minor issue) + [buster] - putty <no-dsa> (Minor issue) + [stretch] - putty <no-dsa> (Minor issue) + NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa +CVE-2021-36366 (Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards ...) + NOT-FOR-US: Nagios XI +CVE-2021-36365 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairm ...) + NOT-FOR-US: Nagios XI +CVE-2021-36364 (Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. ...) + NOT-FOR-US: Nagios XI +CVE-2021-36363 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate ...) + NOT-FOR-US: Nagios XI +CVE-2021-36362 + RESERVED +CVE-2021-36361 + RESERVED +CVE-2021-36360 + RESERVED +CVE-2021-36359 (OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remo ...) + NOT-FOR-US: OrbiTeam BSCW Classic +CVE-2021-36358 + RESERVED +CVE-2021-36357 (An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() ...) + NOT-FOR-US: OpenPOWER firwmware +CVE-2021-36356 (KRAMER VIAware through August 2021 allows remote attackers to execute ...) + NOT-FOR-US: KRAMER VIAware +CVE-2021-36355 + RESERVED +CVE-2021-36354 + RESERVED +CVE-2021-36353 + RESERVED +CVE-2021-36352 (Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Inf ...) + NOT-FOR-US: Care2x Hospital Information Management +CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital Information ...) + NOT-FOR-US: Care2x Open Source Hospital Information Management +CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function] + RESERVED + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1 +CVE-2021-3639 [Prevent redirect to URLs that begin with '///'] + RESERVED + - libapache2-mod-auth-mellon 0.18.0-1 (bug #991730) + [bullseye] - libapache2-mod-auth-mellon <no-dsa> (Minor issue) + [buster] - libapache2-mod-auth-mellon <no-dsa> (Minor issue) + [stretch] - libapache2-mod-auth-mellon <no-dsa> (Minor issue) + NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5 +CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authenticati ...) + NOT-FOR-US: Dell +CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...) + NOT-FOR-US: EMC +CVE-2021-36348 (iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnera ...) + NOT-FOR-US: Dell +CVE-2021-36347 (iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82. ...) + NOT-FOR-US: Dell +CVE-2021-36346 (Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service v ...) + NOT-FOR-US: Dell +CVE-2021-36345 + RESERVED +CVE-2021-36344 + RESERVED +CVE-2021-36343 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2021-36342 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive ...) + NOT-FOR-US: Dell +CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...) + NOT-FOR-US: EMC +CVE-2021-36339 (The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented us ...) + NOT-FOR-US: EMC +CVE-2021-36338 (Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege ...) + NOT-FOR-US: Unisphere for PowerMax +CVE-2021-36337 (Dell Wyse Management Suite version 3.3.1 and prior support insecure Tr ...) + NOT-FOR-US: Dell +CVE-2021-36336 (Wyse Management Suite 3.3.1 and below versions contain a deserializati ...) + NOT-FOR-US: Dell +CVE-2021-36335 (Dell EMC CloudLink 7.1 and all prior versions contain an Improper Inpu ...) + NOT-FOR-US: EMC +CVE-2021-36334 (Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula In ...) + NOT-FOR-US: EMC +CVE-2021-36333 (Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflo ...) + NOT-FOR-US: EMC +CVE-2021-36332 (Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javas ...) + NOT-FOR-US: EMC +CVE-2021-36331 + RESERVED +CVE-2021-36330 (Dell EMC Streaming Data Platform versions before 1.3 contain an Insuff ...) + NOT-FOR-US: Dell EMC Streaming Data Platform +CVE-2021-36329 (Dell EMC Streaming Data Platform versions before 1.3 contain an Indire ...) + NOT-FOR-US: Dell EMC Streaming Data Platform +CVE-2021-36328 (Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Inj ...) + NOT-FOR-US: Dell EMC Streaming Data Platform +CVE-2021-36327 (Dell EMC Streaming Data Platform versions before 1.3 contain a Server ...) + NOT-FOR-US: Dell EMC Streaming Data Platform +CVE-2021-36326 (Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL ...) + NOT-FOR-US: Dell EMC Streaming Data Platform +CVE-2021-36325 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2021-36324 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2021-36323 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2021-36322 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a ...) + NOT-FOR-US: Dell +CVE-2021-36321 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an ...) + NOT-FOR-US: Dell +CVE-2021-36320 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an ...) + NOT-FOR-US: Dell +CVE-2021-36319 (Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain ...) + NOT-FOR-US: Dell +CVE-2021-36318 (Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text ...) + NOT-FOR-US: EMC +CVE-2021-36317 (Dell EMC Avamar Server version 19.4 contains a plain-text password sto ...) + NOT-FOR-US: EMC +CVE-2021-36316 (Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 conta ...) + NOT-FOR-US: EMC +CVE-2021-36315 (Dell EMC PowerScale Nodes contain a hardware design flaw. This may all ...) + NOT-FOR-US: EMC +CVE-2021-36314 (Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary Fil ...) + NOT-FOR-US: EMC +CVE-2021-36313 (Dell EMC CloudLink 7.1 and all prior versions contain an OS command in ...) + NOT-FOR-US: EMC +CVE-2021-36312 (Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Pas ...) + NOT-FOR-US: EMC +CVE-2021-36311 (Dell EMC Networker versions prior to 19.5 contain an Improper Authoriz ...) + NOT-FOR-US: EMC +CVE-2021-36310 (Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5 ...) + NOT-FOR-US: Dell +CVE-2021-36309 (Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensi ...) + NOT-FOR-US: Dell +CVE-2021-36308 (Networking OS10, versions prior to October 2021 with Smart Fabric Serv ...) + NOT-FOR-US: Dell +CVE-2021-36307 (Networking OS10, versions prior to October 2021 with RESTCONF API enab ...) + NOT-FOR-US: Dell +CVE-2021-36306 (Networking OS10, versions prior to October 2021 with RESTCONF API enab ...) + NOT-FOR-US: Dell +CVE-2021-36305 (Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data ...) + NOT-FOR-US: Dell +CVE-2021-36304 + RESERVED +CVE-2021-36303 + RESERVED +CVE-2021-36302 (All Dell EMC Integrated System for Microsoft Azure Stack Hub versions ...) + NOT-FOR-US: EMC +CVE-2021-36301 (Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version ...) + NOT-FOR-US: Dell +CVE-2021-36300 (iDRAC9 versions prior to 5.00.00.00 contain an improper input validati ...) + NOT-FOR-US: Dell +CVE-2021-36299 (Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and ...) + NOT-FOR-US: Dell +CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptograph ...) + NOT-FOR-US: EMC +CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...) + NOT-FOR-US: SupportAssist Client (Dell) +CVE-2021-36296 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) + NOT-FOR-US: Dell +CVE-2021-36295 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) + NOT-FOR-US: Dell +CVE-2021-36294 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) + NOT-FOR-US: Dell +CVE-2021-36293 + RESERVED +CVE-2021-36292 + RESERVED +CVE-2021-36291 + RESERVED +CVE-2021-36290 + RESERVED +CVE-2021-36289 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensi ...) + NOT-FOR-US: Dell +CVE-2021-36288 + RESERVED +CVE-2021-36287 + RESERVED +CVE-2021-36286 (Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions ...) + NOT-FOR-US: Dell SupportAssist Client Consumer +CVE-2021-36285 (Dell BIOS contains an Improper Restriction of Excessive Authentication ...) + NOT-FOR-US: Dell +CVE-2021-36284 (Dell BIOS contains an Improper Restriction of Excessive Authentication ...) + NOT-FOR-US: Dell +CVE-2021-36283 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2021-36282 (Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of un ...) + NOT-FOR-US: EMC +CVE-2021-36281 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...) + NOT-FOR-US: EMC +CVE-2021-36280 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...) + NOT-FOR-US: EMC +CVE-2021-36279 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...) + NOT-FOR-US: EMC +CVE-2021-36278 (Dell EMC PowerScale OneFS versions 8.2.x and 9.1.0.x contain an insert ...) + NOT-FOR-US: EMC +CVE-2021-36277 (Dell Command Update, Dell Update, and Alienware Update versions prior ...) + NOT-FOR-US: Dell +CVE-2021-36276 (Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insuffic ...) + NOT-FOR-US: Dell +CVE-2021-36275 + RESERVED +CVE-2021-36274 + RESERVED +CVE-2021-36273 + RESERVED +CVE-2021-36272 + RESERVED +CVE-2021-36271 + RESERVED +CVE-2021-36270 + RESERVED +CVE-2021-36269 + RESERVED +CVE-2021-36268 + RESERVED +CVE-2021-36267 + RESERVED +CVE-2021-36266 + RESERVED +CVE-2021-36265 + RESERVED +CVE-2021-36264 + RESERVED +CVE-2021-36263 + RESERVED +CVE-2021-36262 + RESERVED +CVE-2021-36261 + RESERVED +CVE-2021-36260 (A command injection vulnerability in the web server of some Hikvision ...) + NOT-FOR-US: Hikvision +CVE-2021-36259 + RESERVED +CVE-2021-36258 + RESERVED +CVE-2021-36257 + RESERVED +CVE-2021-36256 + RESERVED +CVE-2021-36255 + RESERVED +CVE-2021-36254 + RESERVED +CVE-2021-36253 + RESERVED +CVE-2021-36252 + RESERVED +CVE-2021-36251 + RESERVED +CVE-2021-36250 + RESERVED +CVE-2021-36249 + RESERVED +CVE-2021-36248 + RESERVED +CVE-2021-36247 + RESERVED +CVE-2021-36246 + RESERVED +CVE-2021-36245 + RESERVED +CVE-2021-36244 + RESERVED +CVE-2021-36243 + RESERVED +CVE-2021-36242 + RESERVED +CVE-2021-36241 + RESERVED +CVE-2021-36240 + RESERVED +CVE-2021-36239 + RESERVED +CVE-2021-36238 + RESERVED +CVE-2021-36237 + RESERVED +CVE-2021-36236 + RESERVED +CVE-2021-3638 [ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write] + RESERVED + {DSA-4980-1} + - qemu 1:6.1+dfsg-6 (bug #992726) + [buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later) + [stretch] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1979858 + NOTE: https://lore.kernel.org/qemu-devel/CAA8xKjXkDwPYxSAeRb+2mfHRrbiL_kh9unVkemFXLfF68UXePA@mail.gmail.com +CVE-2021-36235 (An issue was discovered in Ivanti Workspace Control before 10.6.30.0. ...) + NOT-FOR-US: Ivanti +CVE-2021-36234 (Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 all ...) + NOT-FOR-US: MIK.starlight +CVE-2021-36233 (The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5 ...) + NOT-FOR-US: MIK.starlight +CVE-2021-36232 (Improper Authorization in multiple functions in MIK.starlight 7.9.5.24 ...) + NOT-FOR-US: MIK.starlight +CVE-2021-36231 (Deserialization of untrusted data in multiple functions in MIK.starlig ...) + NOT-FOR-US: MIK.starlight +CVE-2021-36230 (HashiCorp Terraform Enterprise releases up to v202106-1 did not proper ...) + NOT-FOR-US: Terraform Enterprise +CVE-2021-36229 + RESERVED +CVE-2021-36228 + RESERVED +CVE-2021-36227 + RESERVED +CVE-2021-36226 + RESERVED +CVE-2021-36225 + RESERVED +CVE-2021-36224 + RESERVED +CVE-2021-36223 + RESERVED +CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) ...) + {DSA-4944-1} + - krb5 1.18.3-6 (bug #991365) + [stretch] - krb5 <not-affected> (Vulnerable code (k5memdup0()) introduced later) + NOTE: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 + NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=9007 +CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...) + {DLA-2892-1 DLA-2891-1} + - golang-1.16 1.16.7-1 + - golang-1.15 1.15.15-1 (bug #991961) + [bullseye] - golang-1.15 1.15.15-1~deb11u1 + - golang-1.11 <removed> + [buster] - golang-1.11 <no-dsa> (Minor issue) + - golang-1.8 <removed> + - golang-1.7 <removed> + NOTE: https://github.com/golang/go/issues/46866 + NOTE: https://github.com/golang/go/commit/b7a85e0003cedb1b48a1fd3ae5b746ec6330102e (master) + NOTE: https://github.com/golang/go/commit/accf363d5da864521c90b152fb734f3f15e00521 (release-branch.go1.16) + NOTE: https://github.com/golang/go/commit/ba93baa74a52d57ae79313313ea990cc791ef50e (release-branch.go1.15) +CVE-2021-36220 + RESERVED +CVE-2021-36219 (An issue was discovered in SKALE sgxwallet 1.58.3. The provided input ...) + NOT-FOR-US: SKALE sgxwallet +CVE-2021-36218 (An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GC ...) + NOT-FOR-US: SKALE sgxwallet +CVE-2021-36217 + REJECTED +CVE-2021-36216 (LINE for Windows 6.2.1.2289 and before allows arbitrary code execution ...) + NOT-FOR-US: LINE for Windows +CVE-2021-36215 (LINE client for iOS 10.21.3 and before allows address bar spoofing due ...) + NOT-FOR-US: LINE client for iOS +CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script with speci ...) + NOT-FOR-US: LINE client for iOS +CVE-2021-36213 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default de ...) + - consul <not-affected> (Only applies to 1.9 and later) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 + NOTE: https://github.com/hashicorp/consul/pull/10619 +CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored X ...) + NOT-FOR-US: MISP +CVE-2021-3637 (A flaw was found in keycloak-model-infinispan in keycloak versions bef ...) + NOT-FOR-US: Keycloak +CVE-2021-36211 + RESERVED +CVE-2021-36210 + RESERVED +CVE-2021-36209 (In JetBrains Hub before 2021.1.13389, account takeover was possible du ...) + NOT-FOR-US: JetBrains +CVE-2021-36208 + RESERVED +CVE-2021-36207 + RESERVED +CVE-2021-36206 + RESERVED +CVE-2021-36205 + RESERVED +CVE-2021-36204 + RESERVED +CVE-2021-36203 + RESERVED +CVE-2021-36202 + RESERVED +CVE-2021-36201 + RESERVED +CVE-2021-36200 + RESERVED +CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can cause some ...) + NOT-FOR-US: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc. +CVE-2021-36198 (Successful exploitation of this vulnerability could allow an unauthori ...) + NOT-FOR-US: Sensormatic Electronics, LLC +CVE-2021-36197 + RESERVED +CVE-2021-36196 + RESERVED +CVE-2021-36195 (Multiple command injection vulnerabilities in the command line interpr ...) + NOT-FOR-US: FortiGuard +CVE-2021-36194 (Multiple stack-based buffer overflows in the API controllers of FortiW ...) + NOT-FOR-US: FortiGuard +CVE-2021-36193 (Multiple stack-based buffer overflows in the command line interpreter ...) + NOT-FOR-US: FortiGuard +CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...) + NOT-FOR-US: Fortiguard +CVE-2021-36191 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...) + NOT-FOR-US: FortiGuard +CVE-2021-36190 (A unintended proxy or intermediary ('confused deputy') in Fortinet For ...) + NOT-FOR-US: FortiGuard +CVE-2021-36189 (A missing encryption of sensitive data in Fortinet FortiClientEMS vers ...) + NOT-FOR-US: FortiGuard +CVE-2021-36188 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2021-36187 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0 ...) + NOT-FOR-US: Fortiguard +CVE-2021-36186 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, vers ...) + NOT-FOR-US: Fortiguard +CVE-2021-36185 (A improper neutralization of special elements used in an OS command (' ...) + NOT-FOR-US: Fortiguard +CVE-2021-36184 (A improper neutralization of Special Elements used in an SQL Command ( ...) + NOT-FOR-US: Fortiguard +CVE-2021-36183 (An improper authorization vulnerability [CWE-285] in FortiClient for W ...) + NOT-FOR-US: Fortiguard +CVE-2021-36182 (A Improper neutralization of special elements used in a command ('Comm ...) + NOT-FOR-US: FortiGuard +CVE-2021-36181 (A concurrent execution using shared resource with improper Synchroniza ...) + NOT-FOR-US: Fortiguard +CVE-2021-36180 (Multiple improper neutralization of special elements used in a command ...) + NOT-FOR-US: FortiGuard +CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and ...) + NOT-FOR-US: FortiGuard +CVE-2021-36178 (A insufficiently protected credentials in Fortinet FortiSDNConnector v ...) + NOT-FOR-US: Fortiguard +CVE-2021-36177 (An improper access control vulnerability [CWE-284] in FortiAuthenticat ...) + NOT-FOR-US: FortiGuard +CVE-2021-36176 (Multiple uncontrolled resource consumption vulnerabilities in the web ...) + NOT-FOR-US: Fortiguard +CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in FortiWeb ...) + NOT-FOR-US: Fortiguard +CVE-2021-36174 (A memory allocation with excessive size value vulnerability in the lic ...) + NOT-FOR-US: Fortiguard +CVE-2021-36173 (A heap-based buffer overflow in the firmware signature verification fu ...) + NOT-FOR-US: FortiGuard +CVE-2021-36172 (An improper restriction of XML external entity reference vulnerability ...) + NOT-FOR-US: Fortiguard +CVE-2021-36171 + RESERVED +CVE-2021-36170 (An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM a ...) + NOT-FOR-US: Fortiguard +CVE-2021-36169 (A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6 ...) + NOT-FOR-US: FortiGuard +CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...) + NOT-FOR-US: Fortinet +CVE-2021-36167 (An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windo ...) + NOT-FOR-US: FortiGuard +CVE-2021-36166 + RESERVED +CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by c ...) + NOT-FOR-US: RICON Industrial Cellular Router +CVE-2021-36164 + RESERVED +CVE-2021-36163 (In Apache Dubbo, users may choose to use the Hessian protocol. The Hes ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-36162 (Apache Dubbo supports various rules to support configuration override ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-36161 (Some component in Dubbo will try to print the formated string of the i ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ...) + {DSA-4982-1 DLA-2768-1} + - apache2 2.4.49-1 + [stretch] - apache2 <not-affected> (Vulnerable module not present) + - uwsgi <unfixed> (unimportant) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160 + NOTE: https://github.com/apache/httpd/commit/b364cad72b48dd40fbc2850e525b845406520f0b + NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg} + NOTE: packages which are provided by src:apache2 itself. + NOTE: Regression report: https://bz.apache.org/bugzilla/show_bug.cgi?id=65616 + NOTE: Regression patch: https://github.com/apache/httpd/commit/8966e290a6e947fad0289bf4e243b0b552e13726 (2.4.x) +CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...) + NOT-FOR-US: libfetch +CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...) + - xrdp <not-affected> (xrdp as packaged in Alpine) +CVE-2021-36157 (An issue was discovered in Grafana Cortex through 1.9.0. The header va ...) + NOT-FOR-US: Grafana Cortex +CVE-2021-36156 (An issue was discovered in Grafana Loki through 2.2.1. The header valu ...) + NOT-FOR-US: Grafana Loki +CVE-2021-36155 (LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates ...) + NOT-FOR-US: gRPC Swift +CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remot ...) + NOT-FOR-US: gRPC Swift +CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1. ...) + NOT-FOR-US: gRPC Swift +CVE-2021-36152 (Apache Gobblin trusts all certificates used for LDAP connections in Go ...) + NOT-FOR-US: Apache Gobblin +CVE-2021-36151 (In Apache Gobblin, the Hadoop token is written to a temp file that is ...) + NOT-FOR-US: Apache Gobblin +CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the generated cert ...) + NOT-FOR-US: OpenShift +CVE-2021-3635 (A flaw was found in the Linux kernel netfilter implementation in versi ...) + - linux 5.4.19-1 + [buster] - linux 4.19.98-1 + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1976946 +CVE-2021-3634 (A flaw has been found in libssh in versions prior to 0.9.6. The SSH pr ...) + {DSA-4965-1} + - libssh 0.9.6-1 (bug #993046) + [buster] - libssh <not-affected> (Vulnerable code not present) + [stretch] - libssh <not-affected> (Vulnerable code not present) + NOTE: https://www.libssh.org/security/advisories/CVE-2021-3634.txt + NOTE: https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/ + NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063 (libssh-0.9.6) +CVE-2021-36150 (SilverStripe Framework through 4.8.1 allows XSS. ...) + NOT-FOR-US: SilverStripe CMS +CVE-2021-36149 + RESERVED +CVE-2021-36148 (An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervis ...) + NOT-FOR-US: ACRN +CVE-2021-36147 (An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw ...) + NOT-FOR-US: ACRN +CVE-2021-36146 (ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereferen ...) + NOT-FOR-US: ACRN +CVE-2021-36145 (The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use- ...) + NOT-FOR-US: ACRN +CVE-2021-36144 (The polling timer handler in ACRN before 2.5 has a use-after-free for ...) + NOT-FOR-US: ACRN +CVE-2021-36143 (ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer ...) + NOT-FOR-US: ACRN +CVE-2021-36142 + RESERVED +CVE-2021-36141 + RESERVED +CVE-2021-36140 + RESERVED +CVE-2021-36139 + RESERVED +CVE-2021-36138 + RESERVED +CVE-2021-36137 + RESERVED +CVE-2021-36136 + RESERVED +CVE-2021-36135 + RESERVED +CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...) + NOT-FOR-US: McAfee +CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...) + NOT-FOR-US: OP-TEE +CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...) + NOT-FOR-US: FileImport MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36131 (An XSS issue was discovered in the SportsTeams extension in MediaWiki ...) + NOT-FOR-US: SportsTeams MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36130 (An XSS issue was discovered in the SocialProfile extension in MediaWik ...) + NOT-FOR-US: SocialProfile MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36129 (An issue was discovered in the Translate extension in MediaWiki throug ...) + NOT-FOR-US: Translate MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36128 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...) + NOT-FOR-US: CentralAuth MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36127 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...) + NOT-FOR-US: CentralAuth MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36126 (An issue was discovered in the AbuseFilter extension in MediaWiki thro ...) + NOT-FOR-US: AbuseFilter MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36125 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...) + NOT-FOR-US: CentralAuth MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36124 (An issue was discovered in Echo ShareCare 8.15.5. It does not perform ...) + NOT-FOR-US: Echo ShareCare +CVE-2021-36123 (An issue was discovered in Echo ShareCare 8.15.5. The TextReader featu ...) + NOT-FOR-US: Echo ShareCare +CVE-2021-36122 (An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile featur ...) + NOT-FOR-US: Echo ShareCare +CVE-2021-36121 (An issue was discovered in Echo ShareCare 8.15.5. The file-upload feat ...) + NOT-FOR-US: Echo ShareCare +CVE-2021-3633 (A DLL preloading vulnerability was reported in Lenovo Driver Managemen ...) + NOT-FOR-US: Lenovo +CVE-2021-36120 + RESERVED +CVE-2021-36119 + RESERVED +CVE-2021-36118 + RESERVED +CVE-2021-36117 + RESERVED +CVE-2021-36116 + RESERVED +CVE-2021-36115 + RESERVED +CVE-2021-36114 + RESERVED +CVE-2021-36113 + RESERVED +CVE-2021-36112 + RESERVED +CVE-2021-36111 + RESERVED +CVE-2021-36110 + RESERVED +CVE-2021-36109 + RESERVED +CVE-2021-36108 + RESERVED +CVE-2021-36107 + RESERVED +CVE-2021-36106 + RESERVED +CVE-2021-36105 + RESERVED +CVE-2021-36104 + RESERVED +CVE-2021-36103 + RESERVED +CVE-2021-36102 + RESERVED +CVE-2021-36101 + RESERVED +CVE-2021-36100 + RESERVED +CVE-2021-36099 + RESERVED +CVE-2021-36098 + RESERVED +CVE-2021-36097 (Agents are able to lock the ticket without the "Owner" permission. Onc ...) + - otrs <not-affected> (OTRS 8.x specific) + NOTE: znuny forked from OTRS with 6.x, but this issue is specific to OTRS 8.x +CVE-2021-36096 (Generated Support Bundles contains private S/MIME and PGP keys if cont ...) + - otrs2 <undetermined> (bug #993846) + [buster] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <no-dsa> (Non-free not supported) + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/ + NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) + NOTE: CVE-2021-36096 is an update from the original CVE-2021-21440. + TODO: check, 6.1.2-1 claims to fix the issue through the znuny codebase +CVE-2021-36095 (Malicious attacker is able to find out valid user logins by using the ...) + - otrs2 <undetermined> (bug #993846) + [buster] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <no-dsa> (Non-free not supported) + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-18/ + NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) +CVE-2021-36094 (It's possible to craft a request for appointment edit screen, which co ...) + - otrs2 <undetermined> (bug #993846) + [buster] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <no-dsa> (Non-free not supported) + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-17/ + NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) + TODO: check, 6.1.2-1 claims to fix the issue through the znuny codebase +CVE-2021-36093 (It's possible to create an email which can be stuck while being proces ...) + - otrs2 <undetermined> (bug #993846) + [buster] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <no-dsa> (Non-free not supported) + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-16/ + NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) +CVE-2021-36092 (It's possible to create an email which contains specially crafted link ...) + - otrs2 <undetermined> + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-15/ + NOTE: Unclear whether this affects Znuny, they could not reproduce it: + NOTE: https://github.com/znuny/Znuny/issues/105#issuecomment-894013730 +CVE-2021-36091 (Agents are able to list appointments in the calendars without required ...) + - otrs2 6.0.32-6 (bug #991593) + [buster] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <no-dsa> (Non-free not supported) + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-14/ + NOTE: https://github.com/znuny/Znuny/commit/e268f9a7b75e8c7f63c36517ea5affe3ae0a9632 + NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) +CVE-2021-3632 + RESERVED + NOT-FOR-US: Keycloak +CVE-2021-36090 (When reading a specially crafted ZIP archive, Compress can be made to ...) + - libcommons-compress-java 1.21-1 (bug #991041) + [bullseye] - libcommons-compress-java <no-dsa> (Minor issue) + [buster] - libcommons-compress-java <no-dsa> (Minor issue) + [stretch] - libcommons-compress-java <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/4 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ef5d70b625000e38404194aaab311b771c44efda + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f +CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...) + - libgrokj2k 9.5.0-1 (bug #990525) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml +CVE-2021-36088 (Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in f ...) + NOT-FOR-US: Fluent Bit +CVE-2021-36087 (The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in e ...) + - libsepol 3.3-1 (bug #990526) + [bullseye] - libsepol <no-dsa> (Minor issue) + [buster] - libsepol <no-dsa> (Minor issue) + [stretch] - libsepol <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675 + NOTE: https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml +CVE-2021-36086 (The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_clas ...) + - libsepol 3.3-1 (bug #990526) + [bullseye] - libsepol <no-dsa> (Minor issue) + [buster] - libsepol <no-dsa> (Minor issue) + [stretch] - libsepol <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177 + NOTE: https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml +CVE-2021-36085 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...) + - libsepol 3.3-1 (bug #990526) + [bullseye] - libsepol <no-dsa> (Minor issue) + [buster] - libsepol <no-dsa> (Minor issue) + [stretch] - libsepol <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124 + NOTE: https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml +CVE-2021-36084 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...) + - libsepol 3.3-1 (bug #990526) + [bullseye] - libsepol <no-dsa> (Minor issue) + [buster] - libsepol <no-dsa> (Minor issue) + [stretch] - libsepol <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065 + NOTE: https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml +CVE-2021-36083 (KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overf ...) + [experimental] - kimageformats 5.83.0-1 + - kimageformats 5.78.0-5 (bug #990527) + [buster] - kimageformats <no-dsa> (Minor issue) + [stretch] - kimageformats <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml + NOTE: https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f +CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer overflow in processClientServer ...) + - ndpi 4.0-1 (bug #990528) + [buster] - ndpi <not-affected> (Vulnerable code not present) + [stretch] - ndpi <not-affected> (Vulnerable code added later) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml + NOTE: https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3 +CVE-2021-36081 (Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-fr ...) + - tesseract <unfixed> (bug #990529) + [bullseye] - tesseract <no-dsa> (Minor issue) + [buster] - tesseract <no-dsa> (Minor issue) + [stretch] - tesseract <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml + NOTE: https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55 +CVE-2021-36080 (GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_ ...) + - libredwg <itp> (bug #595191) +CVE-2021-3631 [insecure sVirt label generation] + RESERVED + - libvirt 7.6.0-1 (bug #990709) + [bullseye] - libvirt <no-dsa> (Minor issue) + [buster] - libvirt <no-dsa> (Minor issue) + [stretch] - libvirt <no-dsa> (Minor issue) + NOTE: https://gitlab.com/libvirt/libvirt/-/issues/153 + NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2 (v7.5.0) +CVE-2021-36079 (Adobe Bridge version 11.1 (and earlier) is affected by an out-of-bound ...) + NOT-FOR-US: Adobe +CVE-2021-36078 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36077 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36076 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36075 (Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overfl ...) + NOT-FOR-US: Adobe +CVE-2021-36074 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-36073 (Adobe Bridge version 11.1 (and earlier) is affected by a heap-based bu ...) + NOT-FOR-US: Adobe +CVE-2021-36072 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-36071 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-36070 (Adobe Media Encoder version 15.1 (and earlier) is affected by an impro ...) + NOT-FOR-US: Adobe +CVE-2021-36069 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36068 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36067 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36066 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2021-36065 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2021-36064 (XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Under ...) + NOT-FOR-US: Adobe +CVE-2021-36063 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...) + NOT-FOR-US: Adobe +CVE-2021-36062 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...) + NOT-FOR-US: Adobe +CVE-2021-36061 (Adobe Connect version 11.2.2 (and earlier) is affected by a secure des ...) + NOT-FOR-US: Adobe +CVE-2021-36060 + RESERVED +CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...) + NOT-FOR-US: Adobe +CVE-2021-36057 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-wh ...) + NOT-FOR-US: Adobe +CVE-2021-36056 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) + NOT-FOR-US: Adobe +CVE-2021-36055 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-af ...) + NOT-FOR-US: Adobe +CVE-2021-36054 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) + NOT-FOR-US: Adobe +CVE-2021-36053 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...) + NOT-FOR-US: Adobe +CVE-2021-36052 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-36051 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) + NOT-FOR-US: Adobe +CVE-2021-36050 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) + NOT-FOR-US: Adobe +CVE-2021-36049 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36048 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...) + NOT-FOR-US: Adobe +CVE-2021-36047 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...) + NOT-FOR-US: Adobe +CVE-2021-36046 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-36045 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...) + NOT-FOR-US: Adobe +CVE-2021-36044 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36043 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36042 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36041 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36040 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36039 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36038 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36037 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36036 + RESERVED +CVE-2021-36035 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36034 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36033 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36032 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36031 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36030 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36029 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36028 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36027 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36026 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36025 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36024 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36023 + RESERVED +CVE-2021-36022 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36021 + RESERVED +CVE-2021-36020 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36019 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...) + NOT-FOR-US: Adobe +CVE-2021-36018 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...) + NOT-FOR-US: Adobe +CVE-2021-36017 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-36016 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...) + NOT-FOR-US: Adobe +CVE-2021-36015 (Adobe Media Encoder version 15.2 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-36014 (Adobe Media Encoder version 15.2 (and earlier) is affected by an unini ...) + NOT-FOR-US: Adobe +CVE-2021-36013 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...) + NOT-FOR-US: Adobe +CVE-2021-36012 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36011 (Adobe Illustrator version 25.2.3 (and earlier) is affected by a potent ...) + NOT-FOR-US: Adobe +CVE-2021-36010 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an out-o ...) + NOT-FOR-US: Adobe +CVE-2021-36009 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an memor ...) + NOT-FOR-US: Adobe +CVE-2021-36008 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Use-a ...) + NOT-FOR-US: Adobe +CVE-2021-36007 (Adobe Prelude version 10.0 (and earlier) are affected by an uninitiali ...) + NOT-FOR-US: Adobe +CVE-2021-36006 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2021-36005 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2021-36004 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-36003 (Adobe Audition version 14.2 (and earlier) is affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-36002 (Adobe Captivate version 11.5.5 (and earlier) is affected by an Creatio ...) + NOT-FOR-US: Adobe +CVE-2021-36001 (Adobe Character Animator version 4.2 (and earlier) is affected by an o ...) + NOT-FOR-US: Adobe +CVE-2021-36000 (Adobe Character Animator version 4.2 (and earlier) is affected by a me ...) + NOT-FOR-US: Adobe +CVE-2021-35999 (Adobe Prelude version 10.0 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-35998 + RESERVED +CVE-2021-35997 (Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-35996 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-35995 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Imp ...) + NOT-FOR-US: Adobe +CVE-2021-35994 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...) + NOT-FOR-US: Adobe +CVE-2021-35993 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...) + NOT-FOR-US: Adobe +CVE-2021-35992 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-35991 (Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitiali ...) + NOT-FOR-US: Adobe +CVE-2021-35990 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-35989 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-35988 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35987 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35986 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35985 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35984 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35983 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35982 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35981 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35980 + RESERVED +CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...) + NOT-FOR-US: Digi RealPort +CVE-2021-35978 (An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ...) + NOT-FOR-US: Digi TransPort devices +CVE-2021-35977 (An issue was discovered in Digi RealPort for Windows through 4.8.488.0 ...) + NOT-FOR-US: Digi RealPort +CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0 ...) + NOT-FOR-US: Plesk Obsidian +CVE-2021-35975 + RESERVED +CVE-2021-35974 + RESERVED +CVE-2021-35973 (NETGEAR WAC104 devices before 1.0.4.15 are affected by an authenticati ...) + NOT-FOR-US: Netgear +CVE-2021-35972 + RESERVED +CVE-2021-35971 (Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 be ...) + NOT-FOR-US: Veeam +CVE-2021-35970 (Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-ma ...) + NOT-FOR-US: Coral +CVE-2021-35969 (Pexip Infinity before 26 allows temporary remote Denial of Service (ab ...) + NOT-FOR-US: Pexip Infinity +CVE-2021-35968 (The directory list page parameter of the Orca HCM digital learning pla ...) + NOT-FOR-US: Orca HCM digital learning platform +CVE-2021-35967 (The directory page parameter of the Orca HCM digital learning platform ...) + NOT-FOR-US: Orca HCM digital learning platform +CVE-2021-35966 (The specific function of the Orca HCM digital learning platform does n ...) + NOT-FOR-US: Orca HCM digital learning platform +CVE-2021-35965 (The Orca HCM digital learning platform uses a weak factory default adm ...) + NOT-FOR-US: Orca HCM digital learning platform +CVE-2021-35964 (The management page of the Orca HCM digital learning platform does not ...) + NOT-FOR-US: Orca HCM digital learning platform +CVE-2021-35963 (The specific parameter of upload function of the Orca HCM digital lear ...) + NOT-FOR-US: Orca HCM digital learning platform +CVE-2021-35962 (Specific page parameters in Dr. ID Door Access Control and Personnel A ...) + NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system +CVE-2021-35961 (Dr. ID Door Access Control and Personnel Attendance Management system ...) + NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system +CVE-2021-35960 + RESERVED +CVE-2021-35959 (In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folde ...) + NOT-FOR-US: Plone +CVE-2021-35958 (** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite ...) + - tensorflow <itp> (bug #804612) +CVE-2021-35957 (Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not a ...) + NOT-FOR-US: Stormshield Endpoint Security Evolution +CVE-2021-35956 (Stored cross-site scripting (XSS) in the embedded webserver of AKCP se ...) + NOT-FOR-US: AKCP sensorProbe +CVE-2021-35955 (Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML fi ...) + NOT-FOR-US: Contao CMS +CVE-2021-35954 + RESERVED +CVE-2021-35953 + RESERVED +CVE-2021-35952 + RESERVED +CVE-2021-35951 + RESERVED +CVE-2021-35950 + RESERVED +CVE-2021-35949 (The shareinfo controller in the ownCloud Server before 10.8.0 allows a ...) + - owncloud <removed> +CVE-2021-35948 (Session fixation on password protected public links in the ownCloud Se ...) + - owncloud <removed> +CVE-2021-35947 (The public share controller in the ownCloud server before version 10.8 ...) + - owncloud <removed> +CVE-2021-35946 (A receiver of a federated share with access to the database with ownCl ...) + - owncloud <removed> +CVE-2021-35945 (Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer O ...) + NOT-FOR-US: Couchbase Server +CVE-2021-35944 (Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Ov ...) + NOT-FOR-US: Couchbase Server +CVE-2021-35943 (Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Co ...) + NOT-FOR-US: Couchbase Server +CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...) + - glibc 2.31-13 (bug #990542) + [buster] - glibc <no-dsa> (Minor issue) + [stretch] - glibc <no-dsa> (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28011 + NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c +CVE-2021-35941 (Western Digital WD My Book Live (2.x and later) and WD My Book Live Du ...) + NOT-FOR-US: Western Digital +CVE-2021-3630 (An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::D ...) + {DSA-5032-1 DLA-2702-1} + - djvulibre 3.5.27.1-12 + NOTE: https://sourceforge.net/p/djvu/bugs/302/ + NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/ +CVE-2021-3629 + RESERVED + - undertow <unfixed> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1977362 +CVE-2021-3628 (OpenKM Community Edition in its 6.3.10 version is vulnerable to authen ...) + NOT-FOR-US: OpenKM +CVE-2021-3627 + RESERVED +CVE-2021-35940 (An out-of-bounds array read in the apr_time_exp*() functions was fixed ...) + - apr 1.7.0-7 (bug #992789) + [bullseye] - apr 1.7.0-6+deb11u1 + [buster] - apr <not-affected> (Vulnerable code re-introduced in 1.7.0) + [stretch] - apr <not-affected> (Vulnerable code re-introduced in 1.7.0) + NOTE: The issue exists because the CVE-2017-12613 fix was not carried forward + NOTE: in the APR 1.7.x branch and hence version 1.7.0 regressed from 1.6.3 + NOTE: and so vulnerable to the same issue. + NOTE: https://www.openwall.com/lists/oss-security/2021/08/23/1 + NOTE: http://svn.apache.org/viewvc?view=revision&revision=1891198 + NOTE: https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch +CVE-2021-35939 [checks for unsafe symlinks are not performed for intermediary directories] + RESERVED + - rpm <unfixed> (bug #990543) + [bullseye] - rpm <ignored> (Minor issue) + [buster] - rpm <ignored> (Minor issue) + [stretch] - rpm <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964129 +CVE-2021-35938 [races with chown/chmod/capabilities calls during installation] + RESERVED + - rpm <unfixed> (bug #990543) + [bullseye] - rpm <ignored> (Minor issue) + [buster] - rpm <ignored> (Minor issue) + [stretch] - rpm <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964114 +CVE-2021-35937 [TOCTOU race in checks for unsafe symlinks] + RESERVED + - rpm <unfixed> (bug #990543) + [bullseye] - rpm <ignored> (Minor issue) + [buster] - rpm <ignored> (Minor issue) + [stretch] - rpm <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964125 +CVE-2021-35936 (If remote logging is not used, the worker (in the case of CeleryExecut ...) + - airflow <itp> (bug #819700) +CVE-2021-3626 (The Windows version of Multipass before 1.7.0 allowed any local proces ...) + NOT-FOR-US: Multipass +CVE-2021-3625 (Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-35935 + RESERVED +CVE-2021-35934 + RESERVED +CVE-2021-35933 + RESERVED +CVE-2021-35932 + RESERVED +CVE-2021-35931 + RESERVED +CVE-2021-35930 + RESERVED +CVE-2021-35929 + RESERVED +CVE-2021-35928 + RESERVED +CVE-2021-35927 + RESERVED +CVE-2021-35926 + RESERVED +CVE-2021-35925 + RESERVED +CVE-2021-35924 + RESERVED +CVE-2021-35923 + RESERVED +CVE-2021-35922 + RESERVED +CVE-2021-35921 + RESERVED +CVE-2021-35920 + RESERVED +CVE-2021-35919 + RESERVED +CVE-2021-35918 + RESERVED +CVE-2021-35917 + RESERVED +CVE-2021-35916 + RESERVED +CVE-2021-35915 + RESERVED +CVE-2021-35914 + RESERVED +CVE-2021-35913 + RESERVED +CVE-2021-35912 + RESERVED +CVE-2021-35911 + RESERVED +CVE-2021-35910 + RESERVED +CVE-2021-35909 + RESERVED +CVE-2021-35908 + RESERVED +CVE-2021-35907 + RESERVED +CVE-2021-35906 + RESERVED +CVE-2021-35905 + RESERVED +CVE-2021-35904 + RESERVED +CVE-2021-35903 + RESERVED +CVE-2021-35902 + RESERVED +CVE-2021-35901 + RESERVED +CVE-2021-35900 + RESERVED +CVE-2021-35899 + RESERVED +CVE-2021-35898 + RESERVED +CVE-2021-35897 + RESERVED +CVE-2021-35896 + RESERVED +CVE-2021-35895 + RESERVED +CVE-2021-35894 + RESERVED +CVE-2021-35893 + RESERVED +CVE-2021-35892 + RESERVED +CVE-2021-35891 + RESERVED +CVE-2021-35890 + RESERVED +CVE-2021-35889 + RESERVED +CVE-2021-35888 + RESERVED +CVE-2021-35887 + RESERVED +CVE-2021-35886 + RESERVED +CVE-2021-35885 + RESERVED +CVE-2021-35884 + RESERVED +CVE-2021-35883 + RESERVED +CVE-2021-35882 + RESERVED +CVE-2021-35881 + RESERVED +CVE-2021-35880 + RESERVED +CVE-2021-35879 + RESERVED +CVE-2021-35878 + RESERVED +CVE-2021-35877 + RESERVED +CVE-2021-35876 + RESERVED +CVE-2021-35875 + RESERVED +CVE-2021-35874 + RESERVED +CVE-2021-35873 + RESERVED +CVE-2021-35872 + RESERVED +CVE-2021-35871 + RESERVED +CVE-2021-35870 + RESERVED +CVE-2021-35869 + RESERVED +CVE-2021-35868 + RESERVED +CVE-2021-35867 + RESERVED +CVE-2021-35866 + RESERVED +CVE-2021-35865 + RESERVED +CVE-2021-35864 + RESERVED +CVE-2021-35863 + RESERVED +CVE-2021-35862 + RESERVED +CVE-2021-35861 + RESERVED +CVE-2021-35860 + RESERVED +CVE-2021-35859 + RESERVED +CVE-2021-35858 + RESERVED +CVE-2021-35857 + RESERVED +CVE-2021-35856 + RESERVED +CVE-2021-35855 + RESERVED +CVE-2021-35854 + RESERVED +CVE-2021-35853 + RESERVED +CVE-2021-35852 + RESERVED +CVE-2021-35851 + RESERVED +CVE-2021-35850 + RESERVED +CVE-2021-35849 + RESERVED +CVE-2021-35848 + RESERVED +CVE-2021-35847 + RESERVED +CVE-2021-35846 + RESERVED +CVE-2021-35845 + RESERVED +CVE-2021-35844 + RESERVED +CVE-2021-35843 + RESERVED +CVE-2021-35842 + RESERVED +CVE-2021-35841 + RESERVED +CVE-2021-35840 + RESERVED +CVE-2021-35839 + RESERVED +CVE-2021-35838 + RESERVED +CVE-2021-35837 + RESERVED +CVE-2021-35836 + RESERVED +CVE-2021-35835 + RESERVED +CVE-2021-35834 + RESERVED +CVE-2021-35833 + RESERVED +CVE-2021-35832 + RESERVED +CVE-2021-35831 + RESERVED +CVE-2021-35830 + RESERVED +CVE-2021-35829 + RESERVED +CVE-2021-35828 + RESERVED +CVE-2021-35827 + RESERVED +CVE-2021-35826 + RESERVED +CVE-2021-35825 + RESERVED +CVE-2021-35824 + RESERVED +CVE-2021-35823 + RESERVED +CVE-2021-35822 + RESERVED +CVE-2021-35821 + RESERVED +CVE-2021-35820 + RESERVED +CVE-2021-35819 + RESERVED +CVE-2021-35818 + RESERVED +CVE-2021-35817 + RESERVED +CVE-2021-35816 + RESERVED +CVE-2021-35815 + RESERVED +CVE-2021-35814 + RESERVED +CVE-2021-35813 + RESERVED +CVE-2021-35812 + RESERVED +CVE-2021-35811 + RESERVED +CVE-2021-35810 + RESERVED +CVE-2021-35809 + RESERVED +CVE-2021-35808 + RESERVED +CVE-2021-35807 + RESERVED +CVE-2021-35806 + RESERVED +CVE-2021-35805 + RESERVED +CVE-2021-35804 + RESERVED +CVE-2021-35803 + RESERVED +CVE-2021-35802 + RESERVED +CVE-2021-35801 + RESERVED +CVE-2021-35800 + RESERVED +CVE-2021-35799 + RESERVED +CVE-2021-35798 + RESERVED +CVE-2021-35797 + RESERVED +CVE-2021-35796 + RESERVED +CVE-2021-35795 + RESERVED +CVE-2021-35794 + RESERVED +CVE-2021-35793 + RESERVED +CVE-2021-35792 + RESERVED +CVE-2021-35791 + RESERVED +CVE-2021-35790 + RESERVED +CVE-2021-35789 + RESERVED +CVE-2021-35788 + RESERVED +CVE-2021-35787 + RESERVED +CVE-2021-35786 + RESERVED +CVE-2021-35785 + RESERVED +CVE-2021-35784 + RESERVED +CVE-2021-35783 + RESERVED +CVE-2021-35782 + RESERVED +CVE-2021-35781 + RESERVED +CVE-2021-35780 + RESERVED +CVE-2021-35779 + RESERVED +CVE-2021-35778 + RESERVED +CVE-2021-35777 + RESERVED +CVE-2021-35776 + RESERVED +CVE-2021-35775 + RESERVED +CVE-2021-35774 + RESERVED +CVE-2021-35773 + RESERVED +CVE-2021-35772 + RESERVED +CVE-2021-35771 + RESERVED +CVE-2021-35770 + RESERVED +CVE-2021-35769 + RESERVED +CVE-2021-35768 + RESERVED +CVE-2021-35767 + RESERVED +CVE-2021-35766 + RESERVED +CVE-2021-35765 + RESERVED +CVE-2021-35764 + RESERVED +CVE-2021-35763 + RESERVED +CVE-2021-35762 + RESERVED +CVE-2021-35761 + RESERVED +CVE-2021-35760 + RESERVED +CVE-2021-35759 + RESERVED +CVE-2021-35758 + RESERVED +CVE-2021-35757 + RESERVED +CVE-2021-35756 + RESERVED +CVE-2021-35755 + RESERVED +CVE-2021-35754 + RESERVED +CVE-2021-35753 + RESERVED +CVE-2021-35752 + RESERVED +CVE-2021-35751 + RESERVED +CVE-2021-35750 + RESERVED +CVE-2021-35749 + RESERVED +CVE-2021-35748 + RESERVED +CVE-2021-35747 + RESERVED +CVE-2021-35746 + RESERVED +CVE-2021-35745 + RESERVED +CVE-2021-35744 + RESERVED +CVE-2021-35743 + RESERVED +CVE-2021-35742 + RESERVED +CVE-2021-35741 + RESERVED +CVE-2021-35740 + RESERVED +CVE-2021-35739 + RESERVED +CVE-2021-35738 + RESERVED +CVE-2021-35737 + RESERVED +CVE-2021-35736 + RESERVED +CVE-2021-35735 + RESERVED +CVE-2021-35734 + RESERVED +CVE-2021-35733 + RESERVED +CVE-2021-35732 + RESERVED +CVE-2021-35731 + RESERVED +CVE-2021-35730 + RESERVED +CVE-2021-35729 + RESERVED +CVE-2021-35728 + RESERVED +CVE-2021-35727 + RESERVED +CVE-2021-35726 + RESERVED +CVE-2021-35725 + RESERVED +CVE-2021-35724 + RESERVED +CVE-2021-35723 + RESERVED +CVE-2021-35722 + RESERVED +CVE-2021-35721 + RESERVED +CVE-2021-35720 + RESERVED +CVE-2021-35719 + RESERVED +CVE-2021-35718 + RESERVED +CVE-2021-35717 + RESERVED +CVE-2021-35716 + RESERVED +CVE-2021-35715 + RESERVED +CVE-2021-35714 + RESERVED +CVE-2021-35713 + RESERVED +CVE-2021-35712 + RESERVED +CVE-2021-35711 + RESERVED +CVE-2021-35710 + RESERVED +CVE-2021-35709 + RESERVED +CVE-2021-35708 + RESERVED +CVE-2021-35707 + RESERVED +CVE-2021-35706 + RESERVED +CVE-2021-35705 + RESERVED +CVE-2021-35704 + RESERVED +CVE-2021-35703 + RESERVED +CVE-2021-35702 + RESERVED +CVE-2021-35701 + RESERVED +CVE-2021-35700 + RESERVED +CVE-2021-35699 + RESERVED +CVE-2021-35698 + RESERVED +CVE-2021-35697 + RESERVED +CVE-2021-35696 + RESERVED +CVE-2021-35695 + RESERVED +CVE-2021-35694 + RESERVED +CVE-2021-35693 + RESERVED +CVE-2021-35692 + RESERVED +CVE-2021-35691 + RESERVED +CVE-2021-35690 + RESERVED +CVE-2021-35689 + RESERVED +CVE-2021-35688 + RESERVED +CVE-2021-35687 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2021-35686 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2021-35685 + RESERVED +CVE-2021-35684 + RESERVED +CVE-2021-35683 (Vulnerability in the Oracle Essbase Administration Services product of ...) + NOT-FOR-US: Oracle +CVE-2021-35682 + RESERVED +CVE-2021-35681 + RESERVED +CVE-2021-35680 + RESERVED +CVE-2021-35679 + RESERVED +CVE-2021-35678 + RESERVED +CVE-2021-35677 + RESERVED +CVE-2021-35676 + RESERVED +CVE-2021-35675 + RESERVED +CVE-2021-35674 + RESERVED +CVE-2021-35673 + RESERVED +CVE-2021-35672 + RESERVED +CVE-2021-35671 + RESERVED +CVE-2021-35670 + RESERVED +CVE-2021-35669 + RESERVED +CVE-2021-35668 + RESERVED +CVE-2021-35667 + RESERVED +CVE-2021-35666 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) + NOT-FOR-US: Oracle +CVE-2021-35665 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...) + NOT-FOR-US: Oracle +CVE-2021-35664 + RESERVED +CVE-2021-35663 + RESERVED +CVE-2021-35662 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35661 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35660 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35659 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35658 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35657 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35656 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35655 (Vulnerability in the Essbase Administration Services product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-35654 (Vulnerability in the Essbase Administration Services product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-35653 (Vulnerability in the Essbase Administration Services product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-35652 (Vulnerability in the Essbase Administration Services product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-35651 (Vulnerability in the Essbase Administration Services product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-35650 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) + NOT-FOR-US: Oracle Secure Global Desktop +CVE-2021-35649 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) + NOT-FOR-US: Oracle Secure Global Desktop +CVE-2021-35648 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35647 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35646 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35645 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35644 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35643 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35642 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35640 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35639 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35638 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35637 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35636 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35635 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35634 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35631 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35630 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35629 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35628 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35627 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35626 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35625 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35624 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> + - mysql-5.7 <removed> +CVE-2021-35623 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35622 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35621 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35620 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-35619 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) + NOT-FOR-US: Oracle +CVE-2021-35618 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35617 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-35616 (Vulnerability in the Oracle Transportation Management product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2021-35615 + RESERVED +CVE-2021-35614 + RESERVED +CVE-2021-35613 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35612 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35611 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2021-35610 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35609 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-35608 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35607 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35606 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...) + NOT-FOR-US: Oracle +CVE-2021-35605 + RESERVED +CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mariadb-10.5 <removed> + [bullseye] - mariadb-10.5 <no-dsa> (Minor issue) + - mariadb-10.3 <removed> + [buster] - mariadb-10.3 <no-dsa> (Minor issue) + - mysql-8.0 <unfixed> + - mysql-5.7 <removed> + NOTE: Fixed in MariaDB: 10.5.13, 10.3.32 +CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35602 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35601 (Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack prod ...) + NOT-FOR-US: Oracle +CVE-2021-35600 + RESERVED +CVE-2021-35599 (Vulnerability in the Zero Downtime DB Migration to Cloud component of ...) + NOT-FOR-US: Oracle +CVE-2021-35598 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35597 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35596 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35595 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-35594 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35593 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35592 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35591 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35590 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35589 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DLA-2814-1} + - openjdk-8 8u312-b07-1 +CVE-2021-35587 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) + NOT-FOR-US: Oracle +CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35585 (Vulnerability in the Oracle Incentive Compensation product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2021-35584 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35583 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <not-affected> (Windows-specific) +CVE-2021-35582 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35581 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35579 + RESERVED +CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35577 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35576 (Vulnerability in the Oracle Database Enterprise Edition Unified Audit ...) + NOT-FOR-US: Oracle +CVE-2021-35575 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35574 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35573 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35572 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35571 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisement prod ...) + NOT-FOR-US: Oracle +CVE-2021-35570 (Vulnerability in the Oracle Mobile Field Service product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5000-1 DLA-2814-1} + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle E-Bus ...) + NOT-FOR-US: Oracle +CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...) + - openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) +CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) + NOT-FOR-US: Oracle +CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) + NOT-FOR-US: Oracle +CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35555 + RESERVED +CVE-2021-35554 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2021-35553 (Vulnerability in the PeopleSoft Enterprise CS Student Records product ...) + NOT-FOR-US: Oracle +CVE-2021-35552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) + NOT-FOR-US: Oracle +CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5000-1 DLA-2814-1} + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2021-35548 + RESERVED +CVE-2021-35547 + RESERVED +CVE-2021-35546 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35545 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.28-dfsg-1 +CVE-2021-35544 + RESERVED +CVE-2021-35543 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...) + NOT-FOR-US: Oracle +CVE-2021-35542 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.28-dfsg-1 +CVE-2021-35541 (Vulnerability in the PeopleSoft Enterprise SCM product of Oracle Peopl ...) + NOT-FOR-US: Oracle +CVE-2021-35540 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.28-dfsg-1 +CVE-2021-35539 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2021-35538 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox <not-affected> (Windows-specific) +CVE-2021-35537 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-35536 (Vulnerability in the Oracle Deal Management product of Oracle E-Busine ...) + NOT-FOR-US: Oracle +CVE-2021-35535 (Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/ ...) + NOT-FOR-US: Hitachi +CVE-2021-35534 (Insufficient security control vulnerability in internal database acces ...) + NOT-FOR-US: Hitachi +CVE-2021-35533 (Improper Input Validation vulnerability in the APDU parser in the Bidi ...) + NOT-FOR-US: Hitachi +CVE-2021-35532 + RESERVED +CVE-2021-35531 + RESERVED +CVE-2021-35530 + RESERVED +CVE-2021-35529 (Insufficiently Protected Credentials vulnerability in client environme ...) + NOT-FOR-US: Hitachi +CVE-2021-35528 (Improper Access Control vulnerability in the application authenticatio ...) + NOT-FOR-US: Hitachi +CVE-2021-35527 (Password autocomplete vulnerability in the web application password fi ...) + NOT-FOR-US: Hitachi ABB Power Grids eSOMS +CVE-2021-35526 (Backup file without encryption vulnerability is found in Hitachi ABB P ...) + NOT-FOR-US: Hitachi ABB Power Grids System Data Manager +CVE-2021-3624 [buffer-overflow caused by integer-overflow in foveon_load_camf()] + RESERVED + - dcraw <unfixed> (bug #984761) + [bullseye] - dcraw <no-dsa> (Minor issue) + [buster] - dcraw <no-dsa> (Minor issue) + [stretch] - dcraw <no-dsa> (Minor issue) +CVE-2021-3623 [out-of-bounds access when trying to resume the state of the vTPM] + RESERVED + - libtpms 0.9.1-1 (bug #990522) + NOTE: https://github.com/stefanberger/libtpms/pull/223 + NOTE: https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263 + NOTE: https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809 + NOTE: https://github.com/stefanberger/libtpms/commit/2e6173c273ca14adb11386db4e47622552b1c00e +CVE-2021-35525 (PostSRSd before 1.11 allows a denial of service (subprocess hang) if P ...) + - postsrsd 1.10-2 (bug #990439) + [buster] - postsrsd <no-dsa> (Minor issue; can be fixed via point release) + [stretch] - postsrsd <no-dsa> (Minor issue) + NOTE: https://bugs.gentoo.org/793674 + NOTE: https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe27db2 +CVE-2021-35524 + RESERVED +CVE-2021-35523 (Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe conf ...) + NOT-FOR-US: Securepoint +CVE-2021-35522 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...) + NOT-FOR-US: IDEMIA +CVE-2021-35521 (A path traversal in Thrift command handlers in IDEMIA Morpho Wave Comp ...) + NOT-FOR-US: IDEMIA +CVE-2021-35520 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...) + NOT-FOR-US: IDEMIA +CVE-2021-35519 + RESERVED +CVE-2021-35518 + RESERVED +CVE-2021-35517 (When reading a specially crafted TAR archive, Compress can be made to ...) + - libcommons-compress-java 1.21-1 (bug #991041) + [bullseye] - libcommons-compress-java <no-dsa> (Minor issue) + [buster] - libcommons-compress-java <no-dsa> (Minor issue) + [stretch] - libcommons-compress-java <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/3 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=d0af873e77d16f41edfef7b69da5c8c35c96a650 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=7ce1b0796d6cbe1f41b969583bd49f33ae0efef0 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f +CVE-2021-35516 (When reading a specially crafted 7Z archive, Compress can be made to a ...) + - libcommons-compress-java 1.21-1 (bug #991041) + [bullseye] - libcommons-compress-java <no-dsa> (Minor issue) + [buster] - libcommons-compress-java <no-dsa> (Minor issue) + [stretch] - libcommons-compress-java <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/2 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=26924e96c7730db014c310757e11c9359db07f3e + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=c51de6cfaec75b21566374158f25e1734c3a94cb + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=0aba8b8fd8053ae323f15d736d1762b2161c76a6 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=60d551a748236d7f4651a4ae88d5a351f7c5754b + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=bf5a5346ae04b9d2a5b0356ca75f11dcc8d94789 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=5761493cbaf7a7d608a3b68f4d61aaa822dbeb4f + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ae2b27cc011f47f0289cb24a11f2d4f1db711f8a +CVE-2021-35515 (When reading a specially crafted 7Z archive, the construction of the l ...) + - libcommons-compress-java 1.21-1 (bug #991041) + [bullseye] - libcommons-compress-java <no-dsa> (Minor issue) + [buster] - libcommons-compress-java <no-dsa> (Minor issue) + [stretch] - libcommons-compress-java <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/1 + NOTE: Fixed by https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=3fe6b42110dc56d0d6fe0aaf80cfecb8feea5321 +CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the t ...) + NOT-FOR-US: Narou +CVE-2021-35513 (Mermaid before 8.11.0 allows XSS when the antiscript feature is used. ...) + - node-mermaid 8.7.0+ds+~cs27.17.17-3 (bug #990449) + NOTE: https://github.com/mermaid-js/mermaid/issues/2122 + NOTE: https://github.com/mermaid-js/mermaid/pull/2123 +CVE-2021-35512 (An SSRF issue was discovered in Zoho ManageEngine Applications Manager ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-35511 + RESERVED +CVE-2021-35510 + RESERVED +CVE-2021-35509 + RESERVED +CVE-2021-35508 (NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to ex ...) + NOT-FOR-US: TeraRecon AQNetClient +CVE-2021-35507 + RESERVED +CVE-2021-35506 (Afian FileRun 2021.03.26 allows XSS when an administrator encounters a ...) + NOT-FOR-US: Afian FileRun +CVE-2021-35505 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...) + NOT-FOR-US: Afian FileRun +CVE-2021-35504 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...) + NOT-FOR-US: Afian FileRun +CVE-2021-35503 (Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For ...) + NOT-FOR-US: Afian FileRun +CVE-2021-35502 (app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp ...) + NOT-FOR-US: MISP +CVE-2021-3622 (A flaw was found in the hivex library. This flaw allows an attacker to ...) + - hivex 1.3.21-1 (bug #991860) + [bullseye] - hivex <no-dsa> (Minor issue) + [buster] - hivex <no-dsa> (Minor issue) + [stretch] - hivex <no-dsa> (Minor issue) + NOTE: https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html + NOTE: https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255 +CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in the nam ...) + NOT-FOR-US: PandoraFMS +CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable to s ...) + {DLA-2758-1} + - sssd 2.5.2-1 (bug #992710) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142 + NOTE: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe + NOTE: Introduced by https://github.com/SSSD/sssd/commit/e157b9f6cb370e1b94bcac2044d26ad66d640fba (v1.13.91) +CVE-2021-3620 + RESERVED + - ansible <unfixed> + [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream) + [buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream) + - ansible-base <removed> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767 +CVE-2021-35500 (The Data Virtualization Server component of TIBCO Software Inc.'s TIBC ...) + NOT-FOR-US: TIBCO +CVE-2021-35499 (The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus cont ...) + NOT-FOR-US: TIBCO +CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...) + NOT-FOR-US: TIBCO +CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...) + NOT-FOR-US: TIBCO +CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...) + NOT-FOR-US: TIBCO +CVE-2021-35495 (The Scheduler Connection component of TIBCO Software Inc.'s TIBCO Jasp ...) + NOT-FOR-US: TIBCO +CVE-2021-35494 (The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...) + NOT-FOR-US: TIBCO +CVE-2021-35493 (The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO ...) + NOT-FOR-US: WebFOCUS +CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...) + NOT-FOR-US: Rapid7 Velociraptor +CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, ...) + NOT-FOR-US: Wowza Streaming Engine +CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...) + NOT-FOR-US: Wowza Streaming Engine +CVE-2021-35490 (Thruk before 2.44 allows XSS for a quick command. ...) + NOT-FOR-US: Thruk +CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTN ...) + NOT-FOR-US: Thruk +CVE-2021-35488 (Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&titl ...) + NOT-FOR-US: Thruk +CVE-2021-35487 + RESERVED +CVE-2021-35486 + RESERVED +CVE-2021-35485 + RESERVED +CVE-2021-35484 + RESERVED +CVE-2021-35483 + RESERVED +CVE-2021-35482 (An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4. ...) + NOT-FOR-US: Barco MirrorOp Windows Sender +CVE-2021-35481 + RESERVED +CVE-2021-35480 + RESERVED +CVE-2021-35479 (Nagios Log Server before 2.1.9 contains Stored XSS in the custom colum ...) + NOT-FOR-US: Nagios Log Server +CVE-2021-35478 (Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown ...) + NOT-FOR-US: Nagios Log Server +CVE-2021-35477 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...) + {DLA-2785-1} + - linux 5.10.46-4 + [buster] - linux 4.19.208-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3 +CVE-2021-35476 + RESERVED +CVE-2021-35475 (SAS Environment Manager 2.5 allows XSS through the Name field when cre ...) + NOT-FOR-US: SAS Environment Manager +CVE-2021-3618 + RESERVED + - nginx <unfixed> (bug #991328) + [bullseye] - nginx <no-dsa> (Minor issue) + [buster] - nginx <no-dsa> (Minor issue) + [stretch] - nginx <no-dsa> (Minor issue) + - vsftpd <unfixed> (bug #991329) + [bullseye] - vsftpd <no-dsa> (Minor issue) + [buster] - vsftpd <no-dsa> (Minor issue) + [stretch] - vsftpd <no-dsa> (Minor issue) + [experimental] - sendmail 8.16.1-1 + - sendmail <unfixed> (bug #991331) + [bullseye] - sendmail <no-dsa> (Minor issue) + [buster] - sendmail <no-dsa> (Minor issue) + [stretch] - sendmail <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975623 + NOTE: https://alpaca-attack.com/ + NOTE: Generic TLS protocol issue, some applications have released mitigations: + NOTE: nginx: http://hg.nginx.org/nginx/rev/ec1071830799 + NOTE: vsftpd: https://security.appspot.com/vsftpd/Changelog.txt (3.0.4) + NOTE: * Close the control connection after 10 unknown commands pre-login. + NOTE: * Reject any TLS ALPN advertisement that's not 'ftp'. + NOTE: * Add ssl_sni_hostname option to require a match on incoming SNI hostname. + NOTE: sendmail: Fixed in 3.16.1: https://marc.info/?l=sendmail-announce&m=159394546814125&w=2 + NOTE: exim4 has config option: https://lists.exim.org/lurker/message/20210609.200324.f0e073ed.el.html +CVE-2021-3617 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) + NOT-FOR-US: Lenovo +CVE-2021-3616 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) + NOT-FOR-US: Lenovo +CVE-2021-3615 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) + NOT-FOR-US: Lenovo +CVE-2021-3614 (A vulnerability was reported on some Lenovo Notebook systems that coul ...) + NOT-FOR-US: Lenovo +CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache ...) + {DSA-4957-1} + - trafficserver 8.1.1+ds-1.1 (bug #990303) + NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) + NOTE: https://github.com/apache/trafficserver/commit/5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b (master) + NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) +CVE-2021-35473 [Access token lifetime is not verified with OAuth2 Handler] + RESERVED + - lemonldap-ng 2.0.11+ds-4 + [buster] - lemonldap-ng <not-affected> (OAuth2 Handler introduced later) + [stretch] - lemonldap-ng <not-affected> (OAuth2 Handler introduced later) + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549 +CVE-2021-35472 (An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache ...) + {DSA-4943-1} + - lemonldap-ng 2.0.11+ds-4 + [stretch] - lemonldap-ng <not-affected> (Vulnerable code not present; updateSession doesn't use in-memory cache) + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539 +CVE-2021-35471 + RESERVED +CVE-2021-35470 + RESERVED +CVE-2021-35469 (The Lexmark Printer Software G2, G3 and G4 Installation Packages have ...) + NOT-FOR-US: Lexmark +CVE-2021-35468 + RESERVED +CVE-2021-35467 + RESERVED +CVE-2021-35466 + RESERVED +CVE-2021-35465 (Certain Arm products before 2021-08-23 do not properly consider the ef ...) + NOT-FOR-US: ARM +CVE-2021-35464 (ForgeRock AM server before 7.0 has a Java deserialization vulnerabilit ...) + NOT-FOR-US: ForgeRock +CVE-2021-35463 (Cross-site scripting (XSS) vulnerability in the Frontend Taglib module ...) + NOT-FOR-US: Liferay +CVE-2021-35462 + RESERVED +CVE-2021-35461 + RESERVED +CVE-2021-35460 + RESERVED +CVE-2021-35459 + RESERVED +CVE-2021-35458 (Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in pro ...) + NOT-FOR-US: Online Pet Shop We App +CVE-2021-35457 + RESERVED +CVE-2021-35456 (Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and s ...) + NOT-FOR-US: Online Pet Shop We App +CVE-2021-35455 + RESERVED +CVE-2021-35454 + RESERVED +CVE-2021-35453 + RESERVED +CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265 v1.0.8 du ...) + - libde265 <unfixed> + NOTE: https://github.com/strukturag/libde265/issues/298 +CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenti ...) + NOT-FOR-US: Teradici PCoIP Management Console-Enterprise +CVE-2021-35450 (A Server Side Template Injection in the Entando Admin Console 6.3.9 an ...) + NOT-FOR-US: Entando Admin Console +CVE-2021-35449 (The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driv ...) + NOT-FOR-US: Lexmark +CVE-2021-35448 (Emote Interactive Remote Mouse 3.008 on Windows allows attackers to ex ...) + NOT-FOR-US: Emote Interactive Remote Mouse on Windows +CVE-2021-35447 + RESERVED +CVE-2021-35446 + RESERVED +CVE-2021-35445 + RESERVED +CVE-2021-35444 + RESERVED +CVE-2021-35443 + RESERVED +CVE-2021-35442 + RESERVED +CVE-2021-35441 + RESERVED +CVE-2021-35440 (Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for ...) + NOT-FOR-US: Smashing +CVE-2021-35439 + RESERVED +CVE-2021-35438 (phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-re ...) + - phpipam <itp> (bug #731713) + NOTE: https://github.com/phpipam/phpipam/issues/3351 +CVE-2021-35437 + RESERVED +CVE-2021-35436 + RESERVED +CVE-2021-35435 + RESERVED +CVE-2021-35434 + RESERVED +CVE-2021-35433 + RESERVED +CVE-2021-35432 + RESERVED +CVE-2021-35431 + RESERVED +CVE-2021-35430 + RESERVED +CVE-2021-35429 + RESERVED +CVE-2021-35428 + RESERVED +CVE-2021-35427 + RESERVED +CVE-2021-35426 + RESERVED +CVE-2021-35425 + RESERVED +CVE-2021-35424 + RESERVED +CVE-2021-35423 + RESERVED +CVE-2021-35422 + RESERVED +CVE-2021-35421 + RESERVED +CVE-2021-35420 + RESERVED +CVE-2021-35419 + RESERVED +CVE-2021-35418 + RESERVED +CVE-2021-35417 + RESERVED +CVE-2021-35416 + RESERVED +CVE-2021-35415 (A stored cross-site scripting (XSS) vulnerability allows attackers to ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-35414 (Chamilo LMS v1.11.x was discovered to contain a SQL injection via the ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-35413 (A remote code execution (RCE) vulnerability in course_intro_pdf_import ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-35412 + RESERVED +CVE-2021-35411 + RESERVED +CVE-2021-35410 + RESERVED +CVE-2021-35409 + RESERVED +CVE-2021-35408 + RESERVED +CVE-2021-35407 + RESERVED +CVE-2021-35406 + RESERVED +CVE-2021-35405 + RESERVED +CVE-2021-35404 + RESERVED +CVE-2021-35403 + RESERVED +CVE-2021-35402 + RESERVED +CVE-2021-35401 + RESERVED +CVE-2021-35400 + RESERVED +CVE-2021-35399 + RESERVED +CVE-2021-35398 + RESERVED +CVE-2021-35397 (A path traversal vulnerability in the static router for Drogon from 1. ...) + NOT-FOR-US: Drogon +CVE-2021-35396 + RESERVED +CVE-2021-35395 (Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web se ...) + NOT-FOR-US: Realtek Jungle SDK +CVE-2021-35394 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic t ...) + NOT-FOR-US: Realtek Jungle SDK +CVE-2021-35393 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...) + NOT-FOR-US: Realtek Jungle SDK +CVE-2021-35392 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...) + NOT-FOR-US: Realtek Jungle SDK +CVE-2021-35391 + RESERVED +CVE-2021-35390 + RESERVED +CVE-2021-35389 + RESERVED +CVE-2021-35388 + RESERVED +CVE-2021-35387 + RESERVED +CVE-2021-35386 + RESERVED +CVE-2021-35385 + RESERVED +CVE-2021-35384 + RESERVED +CVE-2021-35383 + RESERVED +CVE-2021-35382 + RESERVED +CVE-2021-35381 + RESERVED +CVE-2021-35380 (A Directory Traversal vulnerability exists in Solari di Udine TermTalk ...) + NOT-FOR-US: Solari di Udine TermTalk Server (TTServer) +CVE-2021-35379 + RESERVED +CVE-2021-35378 + RESERVED +CVE-2021-35377 + RESERVED +CVE-2021-35376 + RESERVED +CVE-2021-35375 + RESERVED +CVE-2021-35374 + RESERVED +CVE-2021-35373 + RESERVED +CVE-2021-35372 + RESERVED +CVE-2021-35371 + RESERVED +CVE-2021-35370 + RESERVED +CVE-2021-35369 + RESERVED +CVE-2021-35368 (OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1 ...) + - modsecurity-crs 3.3.2-1 (bug #992000) + [bullseye] - modsecurity-crs 3.3.0-1+deb11u1 + [buster] - modsecurity-crs 3.1.0-1+deb10u2 + [stretch] - modsecurity-crs <no-dsa> (Minor issue) + NOTE: https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/ + NOTE: https://github.com/coreruleset/coreruleset/pull/2143 + NOTE: https://github.com/coreruleset/coreruleset/commit/132c19c8f21c8cd4d3cd484d4f34ef786ee39b05 (v3.4-dev) + NOTE: Introduced by https://github.com/coreruleset/coreruleset/commit/b3995e5d332be9f2445ee91b6e1366440bdbe109 (v3.0.0-rc2) +CVE-2021-35367 + RESERVED +CVE-2021-35366 + RESERVED +CVE-2021-35365 + RESERVED +CVE-2021-35364 + RESERVED +CVE-2021-35363 + RESERVED +CVE-2021-35362 + RESERVED +CVE-2021-35361 (A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/l ...) + NOT-FOR-US: dotCMS +CVE-2021-35360 (A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/c ...) + NOT-FOR-US: dotCMS +CVE-2021-35359 + RESERVED +CVE-2021-35358 (A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Im ...) + NOT-FOR-US: dotCMS +CVE-2021-35357 + RESERVED +CVE-2021-35356 + RESERVED +CVE-2021-35355 + RESERVED +CVE-2021-35354 + RESERVED +CVE-2021-35353 + RESERVED +CVE-2021-35352 + RESERVED +CVE-2021-35351 + RESERVED +CVE-2021-35350 + RESERVED +CVE-2021-35349 + RESERVED +CVE-2021-35348 + RESERVED +CVE-2021-35347 + RESERVED +CVE-2021-35346 (tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow ...) + NOT-FOR-US: tsMuxer +CVE-2021-35345 + RESERVED +CVE-2021-35344 (tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow ...) + NOT-FOR-US: tsMuxer +CVE-2021-35343 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php ...) + NOT-FOR-US: SeedDMS +CVE-2021-35342 (The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x b ...) + NOT-FOR-US: Northern.tech +CVE-2021-35341 + RESERVED +CVE-2021-35340 + RESERVED +CVE-2021-35339 + RESERVED +CVE-2021-35338 + RESERVED +CVE-2021-35337 (Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable t ...) + NOT-FOR-US: Sourcecodester Phone Shop Sales Managements System +CVE-2021-35336 (Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Ac ...) + NOT-FOR-US: Tieline IP Audio Gateway +CVE-2021-35335 + RESERVED +CVE-2021-35334 + RESERVED +CVE-2021-35333 + RESERVED +CVE-2021-35332 + RESERVED +CVE-2021-35331 (** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehl ...) + - tcl8.6 <unfixed> (unimportant) + NOTE: https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2 + NOTE: https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280 + NOTE: https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222 + NOTE: https://sqlite.org/forum/info/7dcd751996c93ec9 + NOTE: Various other sources would embedd a copy as well, but the security impact of + NOTE: the issue tself for tcl is disputed in its significance. +CVE-2021-35330 + RESERVED +CVE-2021-35329 + RESERVED +CVE-2021-35328 + RESERVED +CVE-2021-35327 (A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B2020091 ...) + NOT-FOR-US: TOTOLINK A720R A720R_Firmware +CVE-2021-35326 (A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B2 ...) + NOT-FOR-US: TOTOLINK A720R router firmware +CVE-2021-35325 (A stack overflow in the checkLoginUser function of TOTOLINK A720R A720 ...) + NOT-FOR-US: TOTOLINK A720R A720R_Firmware +CVE-2021-35324 (A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Fir ...) + NOT-FOR-US: TOTOLINK A720R A720R_Firmware +CVE-2021-35323 (Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via t ...) + NOT-FOR-US: bludit +CVE-2021-35322 + RESERVED +CVE-2021-35321 + RESERVED +CVE-2021-35320 + RESERVED +CVE-2021-35319 + RESERVED +CVE-2021-35318 + RESERVED +CVE-2021-35317 + RESERVED +CVE-2021-35316 + RESERVED +CVE-2021-35315 + RESERVED +CVE-2021-35314 + RESERVED +CVE-2021-35313 + REJECTED +CVE-2021-35312 (A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. ...) + NOT-FOR-US: Amica Prodigy +CVE-2021-35311 + RESERVED +CVE-2021-35310 + RESERVED +CVE-2021-35309 + RESERVED +CVE-2021-35308 + RESERVED +CVE-2021-35307 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...) + NOT-FOR-US: Bento4 +CVE-2021-35306 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...) + NOT-FOR-US: Bento4 +CVE-2021-35305 + RESERVED +CVE-2021-35304 + RESERVED +CVE-2021-35303 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...) + - zammad <itp> (bug #841355) +CVE-2021-35302 (Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0. ...) + - zammad <itp> (bug #841355) +CVE-2021-35301 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote att ...) + - zammad <itp> (bug #841355) +CVE-2021-35300 (Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0. ...) + - zammad <itp> (bug #841355) +CVE-2021-35299 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers ...) + - zammad <itp> (bug #841355) +CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...) + - zammad <itp> (bug #841355) +CVE-2021-35297 (Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remo ...) + NOT-FOR-US: Scalabium dBase Viewer +CVE-2021-35296 (An issue in the administrator authentication panel of PTCL HG150-Ub v3 ...) + NOT-FOR-US: PTCL HG150-Ub +CVE-2021-35295 + RESERVED +CVE-2021-35294 + RESERVED +CVE-2021-35293 + RESERVED +CVE-2021-35292 + RESERVED +CVE-2021-35291 + RESERVED +CVE-2021-35290 + RESERVED +CVE-2021-35289 + RESERVED +CVE-2021-35288 + RESERVED +CVE-2021-35287 + RESERVED +CVE-2021-35286 + RESERVED +CVE-2021-35285 + RESERVED +CVE-2021-35284 + RESERVED +CVE-2021-35283 + RESERVED +CVE-2021-35282 + RESERVED +CVE-2021-35281 + RESERVED +CVE-2021-35280 + RESERVED +CVE-2021-35279 + RESERVED +CVE-2021-35278 + RESERVED +CVE-2021-35277 + RESERVED +CVE-2021-35276 + RESERVED +CVE-2021-35275 + RESERVED +CVE-2021-35274 + RESERVED +CVE-2021-35273 + RESERVED +CVE-2021-35272 + RESERVED +CVE-2021-35271 + RESERVED +CVE-2021-35270 + RESERVED +CVE-2021-35269 (NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribu ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-35268 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inod ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-35267 (NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur whe ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-35266 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inod ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-35265 (A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS be ...) + NOT-FOR-US: MaxSite CMS +CVE-2021-35264 + RESERVED +CVE-2021-35263 + RESERVED +CVE-2021-35262 + RESERVED +CVE-2021-35261 + RESERVED +CVE-2021-35260 + RESERVED +CVE-2021-35259 + RESERVED +CVE-2021-35258 + RESERVED +CVE-2021-35257 + RESERVED +CVE-2021-35256 + RESERVED +CVE-2021-35255 + RESERVED +CVE-2021-35254 + RESERVED +CVE-2021-35253 + RESERVED +CVE-2021-35252 + RESERVED +CVE-2021-35251 + RESERVED +CVE-2021-35250 + RESERVED +CVE-2021-35249 + RESERVED +CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...) + NOT-FOR-US: SolarWinds +CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...) + NOT-FOR-US: SolarWinds +CVE-2021-35246 + RESERVED +CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can move, cre ...) + NOT-FOR-US: SolarWinds +CVE-2021-35244 (The "Log alert to a file" action within action management enables any ...) + NOT-FOR-US: SolarWinds +CVE-2021-35243 (The HTTP PUT and DELETE methods were enabled in the Web Help Desk web ...) + NOT-FOR-US: SolarWinds +CVE-2021-35242 (Serv-U server responds with valid CSRFToken when the request contains ...) + NOT-FOR-US: SolarWinds +CVE-2021-35241 + RESERVED +CVE-2021-35240 (A security researcher stored XSS via a Help Server setting. This affec ...) + NOT-FOR-US: SolarWinds +CVE-2021-35239 (A security researcher found a user with Orion map manage rights could ...) + NOT-FOR-US: SolarWinds +CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through URL POST ...) + NOT-FOR-US: Solarwinds +CVE-2021-35237 (A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left ...) + NOT-FOR-US: Kiwi Syslog Server +CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7 ...) + NOT-FOR-US: SolarWinds +CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog Server ...) + NOT-FOR-US: Kiwi Syslog Server +CVE-2021-35234 (Numerous exposed dangerous functions within Orion Core has allows for ...) + NOT-FOR-US: SolarWinds +CVE-2021-35233 (The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server ...) + NOT-FOR-US: Kiwi Syslog Server +CVE-2021-35232 (Hard coded credentials discovered in SolarWinds Web Help Desk product. ...) + NOT-FOR-US: SolarWinds +CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...) + NOT-FOR-US: Kiwi Syslog Server Installation Wizard +CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...) + NOT-FOR-US: Kiwi CatTools Installation Wizard +CVE-2021-35229 + RESERVED +CVE-2021-35228 (This vulnerability occurred due to missing input sanitization for one ...) + NOT-FOR-US: Solarwinds +CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and ...) + NOT-FOR-US: Solarwinds +CVE-2021-35226 + RESERVED +CVE-2021-35225 (Each authenticated Orion Platform user in a MSP (Managed Service Provi ...) + NOT-FOR-US: Solarwinds +CVE-2021-35224 + RESERVED +CVE-2021-35223 (The Serv-U File Server allows for events such as user login failures t ...) + NOT-FOR-US: SolarWinds +CVE-2021-35222 (This vulnerability allows attackers to impersonate users and perform a ...) + NOT-FOR-US: SolarWinds +CVE-2021-35221 (Improper Access Control Tampering Vulnerability using ImportAlert func ...) + NOT-FOR-US: SolarWinds +CVE-2021-35220 (Command Injection vulnerability in EmailWebPage API which can lead to ...) + NOT-FOR-US: SolarWinds +CVE-2021-35219 (ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerabilit ...) + NOT-FOR-US: SolarWinds +CVE-2021-35218 (Deserialization of Untrusted Data in the Web Console Chart Endpoint ca ...) + NOT-FOR-US: Solarwinds +CVE-2021-35217 (Insecure Deseralization of untrusted data remote code execution vulner ...) + NOT-FOR-US: Solarwinds +CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution vulne ...) + NOT-FOR-US: Solarwinds +CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...) + NOT-FOR-US: Solarwinds +CVE-2021-35214 (The vulnerability in SolarWinds Pingdom can be described as a failure ...) + NOT-FOR-US: Solarwinds +CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...) + NOT-FOR-US: SolarWinds +CVE-2021-35212 (An SQL injection Privilege Escalation Vulnerability was discovered in ...) + NOT-FOR-US: SolarWinds +CVE-2021-35211 (Microsoft discovered a remote code execution (RCE) vulnerability in th ...) + NOT-FOR-US: SolarWinds +CVE-2021-3613 (OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitra ...) + NOT-FOR-US: OpenVPN Connect +CVE-2021-35210 (Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x be ...) + NOT-FOR-US: Contao CMS +CVE-2021-35209 (An issue was discovered in ProxyServlet.java in the /proxy servlet in ...) + NOT-FOR-US: Zimbra +CVE-2021-35208 (An issue was discovered in ZmMailMsgView.js in the Calendar Invite com ...) + NOT-FOR-US: Zimbra +CVE-2021-35207 (An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.1 ...) + NOT-FOR-US: Zimbra +CVE-2021-35206 (Gitpod before 0.6.0 allows unvalidated redirects. ...) + NOT-FOR-US: Gitpod +CVE-2021-35205 (NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redire ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35204 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Si ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35203 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Rea ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35202 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypa ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35201 (NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35200 (NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to a ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35199 (NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-S ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35198 (NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-S ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and ...) + {DSA-4979-1 DLA-2779-1} + - mediawiki 1:1.35.3-1 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/ + NOTE: https://phabricator.wikimedia.org/T280226 +CVE-2021-35196 (** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to ex ...) + - manuskript <unfixed> (bug #990366) + [bullseye] - manuskript <no-dsa> (Minor issue) + [buster] - manuskript <no-dsa> (Minor issue) + NOTE: https://github.com/olivierkes/manuskript/issues/891 +CVE-2021-35195 + RESERVED +CVE-2021-35194 + RESERVED +CVE-2021-35193 (Patterson Application Service in Patterson Eaglesoft 18 through 21 acc ...) + NOT-FOR-US: Patterson Eaglesoft +CVE-2021-35192 + RESERVED +CVE-2021-35191 + RESERVED +CVE-2021-35190 + RESERVED +CVE-2021-35189 + RESERVED +CVE-2021-35188 + RESERVED +CVE-2021-35187 + RESERVED +CVE-2021-35186 + RESERVED +CVE-2021-35185 + RESERVED +CVE-2021-35184 + RESERVED +CVE-2021-35183 + RESERVED +CVE-2021-35182 + RESERVED +CVE-2021-35181 + RESERVED +CVE-2021-35180 + RESERVED +CVE-2021-35179 + RESERVED +CVE-2021-35178 + RESERVED +CVE-2021-35177 + RESERVED +CVE-2021-35176 + RESERVED +CVE-2021-35175 + RESERVED +CVE-2021-35174 + RESERVED +CVE-2021-35173 + RESERVED +CVE-2021-35172 + RESERVED +CVE-2021-35171 + RESERVED +CVE-2021-35170 + RESERVED +CVE-2021-35169 + RESERVED +CVE-2021-35168 + RESERVED +CVE-2021-35167 + RESERVED +CVE-2021-35166 + RESERVED +CVE-2021-35165 + RESERVED +CVE-2021-35164 + RESERVED +CVE-2021-35163 + RESERVED +CVE-2021-35162 + RESERVED +CVE-2021-35161 + RESERVED +CVE-2021-35160 + RESERVED +CVE-2021-35159 + RESERVED +CVE-2021-35158 + RESERVED +CVE-2021-35157 + RESERVED +CVE-2021-35156 + RESERVED +CVE-2021-35155 + RESERVED +CVE-2021-35154 + RESERVED +CVE-2021-35153 + RESERVED +CVE-2021-35152 + RESERVED +CVE-2021-35151 + RESERVED +CVE-2021-35150 + RESERVED +CVE-2021-35149 + RESERVED +CVE-2021-35148 + RESERVED +CVE-2021-35147 + RESERVED +CVE-2021-35146 + RESERVED +CVE-2021-35145 + RESERVED +CVE-2021-35144 + RESERVED +CVE-2021-35143 + RESERVED +CVE-2021-35142 + RESERVED +CVE-2021-35141 + RESERVED +CVE-2021-35140 + RESERVED +CVE-2021-35139 + RESERVED +CVE-2021-35138 + RESERVED +CVE-2021-35137 + RESERVED +CVE-2021-35136 + RESERVED +CVE-2021-35135 + RESERVED +CVE-2021-35134 + RESERVED +CVE-2021-35133 + RESERVED +CVE-2021-35132 + RESERVED +CVE-2021-35131 + RESERVED +CVE-2021-35130 + RESERVED +CVE-2021-35129 + RESERVED +CVE-2021-35128 + RESERVED +CVE-2021-35127 + RESERVED +CVE-2021-35126 + RESERVED +CVE-2021-35125 + RESERVED +CVE-2021-35124 + RESERVED +CVE-2021-35123 + RESERVED +CVE-2021-35122 + RESERVED +CVE-2021-35121 + RESERVED +CVE-2021-35120 + RESERVED +CVE-2021-35119 + RESERVED +CVE-2021-35118 + RESERVED +CVE-2021-35117 + RESERVED +CVE-2021-35116 + RESERVED +CVE-2021-35115 + RESERVED +CVE-2021-35114 + RESERVED +CVE-2021-35113 + RESERVED +CVE-2021-35112 + RESERVED +CVE-2021-35111 + RESERVED +CVE-2021-35110 + RESERVED +CVE-2021-35109 + RESERVED +CVE-2021-35108 + RESERVED +CVE-2021-35107 + RESERVED +CVE-2021-35106 + RESERVED +CVE-2021-35105 + RESERVED +CVE-2021-35104 + RESERVED +CVE-2021-35103 + RESERVED +CVE-2021-35102 + RESERVED +CVE-2021-35101 + RESERVED +CVE-2021-35100 + RESERVED +CVE-2021-35099 + RESERVED +CVE-2021-35098 + RESERVED +CVE-2021-35097 + RESERVED +CVE-2021-35096 + RESERVED +CVE-2021-35095 + RESERVED +CVE-2021-35094 + RESERVED +CVE-2021-35093 (Possible memory corruption in BT controller when it receives an oversi ...) + NOT-FOR-US: Qualcomm +CVE-2021-35092 + RESERVED +CVE-2021-35091 + RESERVED +CVE-2021-35090 + RESERVED +CVE-2021-35089 + RESERVED +CVE-2021-35088 + RESERVED +CVE-2021-35087 + RESERVED +CVE-2021-35086 + RESERVED +CVE-2021-35085 + RESERVED +CVE-2021-35084 + RESERVED +CVE-2021-35083 + RESERVED +CVE-2021-35082 + RESERVED +CVE-2021-35081 + RESERVED +CVE-2021-35080 + RESERVED +CVE-2021-35079 + RESERVED +CVE-2021-35078 + RESERVED +CVE-2021-35077 (Possible use after free scenario in compute offloads to DSP while mult ...) + NOT-FOR-US: Qualcomm +CVE-2021-35076 + RESERVED +CVE-2021-35075 (Possible null pointer dereference due to lack of WDOG structure valida ...) + NOT-FOR-US: Qualcomm +CVE-2021-35074 (Possible integer overflow due to improper fragment datatype while calc ...) + NOT-FOR-US: Qualcomm +CVE-2021-35073 + RESERVED +CVE-2021-35072 + RESERVED +CVE-2021-35071 + RESERVED +CVE-2021-35070 + RESERVED +CVE-2021-35069 (Improper validation of data length received from DMA buffer can lead t ...) + NOT-FOR-US: Qualcomm +CVE-2021-35068 (Lack of null check while freeing the device information buffer in the ...) + NOT-FOR-US: Qualcomm +CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay the sam ...) + NOT-FOR-US: Meross MSG100 devices +CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.10.46-3 + [buster] - linux 4.19.208-1 + NOTE: Introduced by: https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/ +CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.13 ...) + NOT-FOR-US: ConnectWise Automate +CVE-2021-35065 + RESERVED +CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege escalation thro ...) + NOT-FOR-US: KramerAV VIAWare +CVE-2021-35063 (Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." ...) + [experimental] - suricata 1:6.0.3-1~exp1 + - suricata 1:6.0.1-3 (bug #990835) + [buster] - suricata <no-dsa> (Minor issue) + [stretch] - suricata <no-dsa> (Minor issue) + NOTE: https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489 +CVE-2021-35062 (A Shell Metacharacter Injection vulnerability in result.php in DRK Ode ...) + NOT-FOR-US: DRK Odenwaldkreis Testerfassung +CVE-2021-35061 (Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkre ...) + NOT-FOR-US: DRK Odenwaldkreis Testerfassung +CVE-2021-35060 (/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthe ...) + NOT-FOR-US: OpenWay WAY4 ACS +CVE-2021-35059 (OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enrol ...) + NOT-FOR-US: OpenWay WAY4 ACS +CVE-2021-35058 + RESERVED +CVE-2021-35057 + RESERVED +CVE-2021-35056 (Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an un ...) + NOT-FOR-US: Unisys +CVE-2021-35055 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-35054 (Minecraft before 1.17.1, when online-mode=false is configured, allows ...) + NOT-FOR-US: Minecraft +CVE-2021-3611 [QEMU: intel-hda: segmentation fault due to stack overflow] + RESERVED + - qemu <unfixed> (bug #990562) + [bullseye] - qemu <no-dsa> (Minor issue) + [buster] - qemu <not-affected> (Vulnerable code introduced later) + [stretch] - qemu <not-affected> (Vulnerable code introduced later) + NOTE: https://bugs.launchpad.net/qemu/+bug/1907497 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/542 + NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=a9d8ba2be58e067bdfbff830eb9ff438d8db7f10 (v5.0.0-rc0) + NOTE: Proposed fix: https://lore.kernel.org/qemu-devel/20211218160912.1591633-1-philmd@redhat.com/ +CVE-2021-3610 [heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c] + RESERVED + - imagemagick <not-affected> (Specific to Imagemagick 7) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3 +CVE-2021-35053 (Possible system denial of service in case of arbitrary changing Firefo ...) + NOT-FOR-US: Kaspersky +CVE-2021-35052 (A component in Kaspersky Password Manager could allow an attacker to e ...) + NOT-FOR-US: Kaspersky +CVE-2021-35051 + RESERVED +CVE-2021-35050 (User credentials stored in a recoverable format within Fidelis Network ...) + NOT-FOR-US: Fidelis +CVE-2021-35049 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) + NOT-FOR-US: Fidelis +CVE-2021-35048 (Vulnerability in Fidelis Network and Deception CommandPost enables una ...) + NOT-FOR-US: Fidelis +CVE-2021-35047 (Vulnerability in the CommandPost, Collector, and Sensor components of ...) + NOT-FOR-US: Fidelis +CVE-2021-35046 (A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS w ...) + NOT-FOR-US: Ice Hrm +CVE-2021-35045 (Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows ...) + NOT-FOR-US: Ice Hrm +CVE-2021-35044 + RESERVED +CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using ...) + NOT-FOR-US: OWASP AntiSamy +CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...) + - python-django <not-affected> (Vulnerable code introduced in 3.1) + NOTE: https://www.djangoproject.com/weblog/2021/jul/01/security-releases/ + NOTE: Issue did affect only the experimental version and fixed in 2:3.2.5-1 +CVE-2021-35041 (The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing w ...) + NOT-FOR-US: FISCO-BCOS +CVE-2021-3609 + RESERVED + {DSA-4941-1 DLA-2714-1 DLA-2713-1} + - linux 5.10.46-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/19/1 +CVE-2021-35040 + RESERVED +CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Signatur ...) + {DLA-2785-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/3 + NOTE: https://git.kernel.org/linus/0c18f29aae7ce3dadd26d8ee3505d07cc982df75 +CVE-2021-35038 + RESERVED +CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnera ...) + NOT-FOR-US: Jamf Pro +CVE-2021-35036 + RESERVED +CVE-2021-35035 (A cleartext storage of sensitive information vulnerability in the Zyxe ...) + NOT-FOR-US: Zyxel +CVE-2021-35034 (An insufficient session expiration vulnerability in the CGI program of ...) + NOT-FOR-US: Zyxel +CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, ...) + NOT-FOR-US: Zyxel +CVE-2021-35032 (A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware ...) + NOT-FOR-US: Zyxel +CVE-2021-35031 (A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XG ...) + NOT-FOR-US: Zyxel +CVE-2021-35030 (A vulnerability was found in the CGI program in Zyxel GS1900-8 firmwar ...) + NOT-FOR-US: Zyxel +CVE-2021-35029 (An authentication bypasss vulnerability in the web-based management in ...) + NOT-FOR-US: Zyxel +CVE-2021-35028 (A command injection vulnerability in the CGI program of the Zyxel VPN2 ...) + NOT-FOR-US: Zyxel +CVE-2021-35027 (A directory traversal vulnerability in the web server of the Zyxel VPN ...) + NOT-FOR-US: Zyxel +CVE-2021-35026 + RESERVED +CVE-2021-35025 + RESERVED +CVE-2021-35024 + RESERVED +CVE-2021-35023 + RESERVED +CVE-2021-35022 + RESERVED +CVE-2021-35021 + RESERVED +CVE-2021-35020 + RESERVED +CVE-2021-35019 + RESERVED +CVE-2021-35018 + RESERVED +CVE-2021-35017 + RESERVED +CVE-2021-35016 + RESERVED +CVE-2021-35015 + RESERVED +CVE-2021-35014 + RESERVED +CVE-2021-35013 + RESERVED +CVE-2021-35012 + RESERVED +CVE-2021-35011 + RESERVED +CVE-2021-35010 + RESERVED +CVE-2021-35009 + RESERVED +CVE-2021-35008 + RESERVED +CVE-2021-35007 + RESERVED +CVE-2021-35006 + RESERVED +CVE-2021-35005 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: TeamViewer +CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: TP-Link +CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: TP-Link +CVE-2021-35002 + RESERVED +CVE-2021-35001 + RESERVED +CVE-2021-35000 + RESERVED +CVE-2021-34999 + RESERVED +CVE-2021-34998 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Panda Security Free Antivirus +CVE-2021-34997 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Commvault CommCell +CVE-2021-34996 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Commvault CommCell +CVE-2021-34995 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Commvault CommCell +CVE-2021-34994 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Commvault CommCell +CVE-2021-34993 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: Commvault CommCell +CVE-2021-34992 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Orckestra C1 CMS +CVE-2021-34991 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2021-34990 + RESERVED +CVE-2021-34989 + RESERVED +CVE-2021-34988 + RESERVED +CVE-2021-34987 + RESERVED +CVE-2021-34986 + RESERVED +CVE-2021-34985 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley ContextCapture +CVE-2021-34984 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley ContextCapture +CVE-2021-34983 + RESERVED +CVE-2021-34982 + RESERVED +CVE-2021-34981 [Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability] + RESERVED + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + [stretch] - linux 4.9.272-1 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-1223/ + NOTE: https://git.kernel.org/linus/3cfdf8fcaafa62a4123f92eb0f4a72650da3a479 (5.14-rc1) +CVE-2021-34980 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2021-34979 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2021-34978 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2021-34977 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: Netgear +CVE-2021-34976 + RESERVED +CVE-2021-34975 + RESERVED +CVE-2021-34974 + RESERVED +CVE-2021-34973 + RESERVED +CVE-2021-34972 + RESERVED +CVE-2021-34971 + RESERVED +CVE-2021-34970 + RESERVED +CVE-2021-34969 + RESERVED +CVE-2021-34968 + RESERVED +CVE-2021-34967 + RESERVED +CVE-2021-34966 + RESERVED +CVE-2021-34965 + RESERVED +CVE-2021-34964 + RESERVED +CVE-2021-34963 + RESERVED +CVE-2021-34962 + RESERVED +CVE-2021-34961 + RESERVED +CVE-2021-34960 + RESERVED +CVE-2021-34959 + RESERVED +CVE-2021-34958 + RESERVED +CVE-2021-34957 + RESERVED +CVE-2021-34956 + RESERVED +CVE-2021-34955 + RESERVED +CVE-2021-34954 + RESERVED +CVE-2021-34953 + RESERVED +CVE-2021-34952 + RESERVED +CVE-2021-34951 + RESERVED +CVE-2021-34950 + RESERVED +CVE-2021-34949 + RESERVED +CVE-2021-34948 + RESERVED +CVE-2021-34947 + RESERVED +CVE-2021-34946 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34945 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34944 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34943 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34942 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34941 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34940 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34939 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34938 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34937 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34936 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34935 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34934 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34933 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34932 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34931 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34930 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34929 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34928 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34927 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34926 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34925 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34924 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34923 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34922 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34921 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34920 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34919 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34918 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34917 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34916 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34915 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34914 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34913 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34912 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34911 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34910 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34909 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34908 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34907 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34906 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34905 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34904 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34903 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34902 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34901 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34900 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34899 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34898 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34897 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34896 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34895 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34894 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34893 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34892 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34891 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34890 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34889 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34888 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34887 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34886 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34885 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34884 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34883 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34882 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34881 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34880 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34879 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34878 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34877 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34876 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34875 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34874 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34873 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34872 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34871 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34870 (This vulnerability allows network-adjacent attackers to disclose sensi ...) + NOT-FOR-US: Netgear +CVE-2021-34869 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34868 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34867 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34866 (This vulnerability allows local attackers to escalate privileges on af ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/5b029a32cfe4600f5e10e36b41778506b90fd4de (5.14) +CVE-2021-34865 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: Netgear +CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-34862 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-34861 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose sensi ...) + NOT-FOR-US: D-Link +CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: TeamViewer +CVE-2021-34858 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: TeamViewer +CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34855 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34854 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34851 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34850 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34849 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34848 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34847 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34846 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34845 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34844 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34843 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34842 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34841 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34840 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34839 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34838 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34837 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34836 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34835 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34834 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34833 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34832 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34831 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-34830 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-34829 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-34828 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-34827 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-3608 [pvrdma: uninitialized memory unmap in pvrdma_ring_init()] + RESERVED + - qemu 1:5.2+dfsg-11 (bug #990563) + [buster] - qemu <no-dsa> (Minor issue) + [stretch] - qemu <not-affected> (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973383 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=66ae37d8cc313f89272e711174a846a229bcdbd3 +CVE-2021-3607 [pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()] + RESERVED + - qemu 1:5.2+dfsg-11 (bug #990564) + [buster] - qemu <no-dsa> (Minor issue) + [stretch] - qemu <not-affected> (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973349 +CVE-2021-3606 (OpenVPN before version 2.5.3 on Windows allows local users to load arb ...) + - openvpn <not-affected> (Windows-specific) +CVE-2021-34826 + RESERVED +CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled, launches withou ...) + - quassel 1:0.14.0-1 (bug #990567) + [bullseye] - quassel <no-dsa> (Minor issue) + [buster] - quassel <no-dsa> (Minor issue) + [stretch] - quassel <no-dsa> (Minor issue) + NOTE: https://github.com/quassel/quassel/pull/581 + NOTE: https://bugs.quassel-irc.org/issues/1728 + NOTE: '--require-ssl' flag added in https://github.com/quassel/quassel/pull/43 +CVE-2021-34824 (Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely explo ...) + NOT-FOR-US: Istio +CVE-2021-34823 (The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 fo ...) + NOT-FOR-US: ON24 ScreenShare +CVE-2021-34822 + RESERVED +CVE-2021-34821 (Cross Site Scripting (XSS) vulnerability exists in AAT Novus Managemen ...) + NOT-FOR-US: AAT Novus Management System +CVE-2021-34820 (Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP ...) + NOT-FOR-US: Novus HTTP Server +CVE-2021-34819 + RESERVED +CVE-2021-34818 + RESERVED +CVE-2021-34817 (A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1 ...) + - etherpad-lite <itp> (bug #576998) +CVE-2021-34816 (An Argument Injection issue in the plugin management of Etherpad 1.8.1 ...) + - etherpad-lite <itp> (bug #576998) +CVE-2021-34815 (CheckSec Canopy before 3.5.2 allows XSS attacks against the login page ...) + NOT-FOR-US: CheckSec Canopy +CVE-2021-34814 (Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control ...) + NOT-FOR-US: Proofpoint +CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...) + [experimental] - olm 3.2.3~dfsg-1 + - olm 3.2.3~dfsg-3 (bug #989997) + [bullseye] - olm <no-dsa> (Minor issue) + [buster] - olm <no-dsa> (Minor issue) + NOTE: https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901b + NOTE: https://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3 + NOTE: https://matrix.org/blog/2021/06/14/adventures-in-fuzzing-libolm +CVE-2021-34812 (Use of hard-coded credentials vulnerability in php component in Synolo ...) + NOT-FOR-US: Synology +CVE-2021-34811 (Server-Side Request Forgery (SSRF) vulnerability in task management co ...) + NOT-FOR-US: Synology +CVE-2021-34810 (Improper privilege management vulnerability in cgi component in Synolo ...) + NOT-FOR-US: Synology +CVE-2021-34809 (Improper neutralization of special elements used in a command ('Comman ...) + NOT-FOR-US: Synology +CVE-2021-34808 (Server-Side Request Forgery (SSRF) vulnerability in cgi component in S ...) + NOT-FOR-US: Synology +CVE-2021-34807 (An open redirect vulnerability exists in the /preauth Servlet in Zimbr ...) + NOT-FOR-US: Zimbra +CVE-2021-34806 + RESERVED +CVE-2021-34805 (An issue was discovered in FAUST iServer before 9.0.019.019.7. For eac ...) + NOT-FOR-US: FAUST iServer +CVE-2021-34804 + RESERVED +CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certai ...) + NOT-FOR-US: TeamViewer +CVE-2021-34802 (A failure in resetting the security context in some transaction action ...) + NOT-FOR-US: Neo4j +CVE-2021-34801 (Valine 1.4.14 allows remote attackers to cause a denial of service (ap ...) + NOT-FOR-US: Valine +CVE-2021-34800 (Sensitive information could be logged. The following products are affe ...) + NOT-FOR-US: Acronis +CVE-2021-34799 + RESERVED +CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL pointer. ...) + {DSA-4982-1 DLA-2776-1} + - apache2 2.4.49-1 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-34798 + NOTE: https://github.com/apache/httpd/commit/fa7b2a5250e54363b3a6c8ac3aaa7de4e8da9b2e (candidate-2.4.49-rc1) +CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...) + NOT-FOR-US: Secure 8 (Evalos) +CVE-2021-34797 (Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log ...) + NOT-FOR-US: Apache Geode +CVE-2021-34796 + RESERVED +CVE-2021-34795 (Multiple vulnerabilities in the web-based management interface of the ...) + NOT-FOR-US: Cisco +CVE-2021-34794 (A vulnerability in the Simple Network Management Protocol version 3 (S ...) + NOT-FOR-US: Cisco +CVE-2021-34793 (A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appli ...) + NOT-FOR-US: Cisco +CVE-2021-34792 (A vulnerability in the memory management of Cisco Adaptive Security Ap ...) + NOT-FOR-US: Cisco +CVE-2021-34791 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...) + NOT-FOR-US: Cisco +CVE-2021-34790 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...) + NOT-FOR-US: Cisco +CVE-2021-34789 (A vulnerability in the web-based management interface of Cisco Tetrati ...) + NOT-FOR-US: Cisco +CVE-2021-34788 (A vulnerability in the shared library loading mechanism of Cisco AnyCo ...) + NOT-FOR-US: Cisco +CVE-2021-34787 (A vulnerability in the identity-based firewall (IDFW) rule processing ...) + NOT-FOR-US: Cisco +CVE-2021-34786 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...) + NOT-FOR-US: Cisco +CVE-2021-34785 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...) + NOT-FOR-US: Cisco +CVE-2021-34784 (A vulnerability in the web-based management interface of Cisco Prime I ...) + NOT-FOR-US: Cisco +CVE-2021-34783 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-34782 (A vulnerability in the API endpoints for Cisco DNA Center could allow ...) + NOT-FOR-US: Cisco +CVE-2021-34781 (A vulnerability in the processing of SSH connections for multi-instanc ...) + NOT-FOR-US: Cisco +CVE-2021-34780 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-34779 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-34778 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-34777 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-34776 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-34775 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-34774 (A vulnerability in the web-based management interface of Cisco Common ...) + NOT-FOR-US: Cisco +CVE-2021-34773 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2021-34772 (A vulnerability in the web-based management interface of Cisco Orbital ...) + NOT-FOR-US: Cisco +CVE-2021-34771 (A vulnerability in the Cisco IOS XR Software CLI could allow an authen ...) + NOT-FOR-US: Cisco +CVE-2021-34770 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) + NOT-FOR-US: Cisco +CVE-2021-34769 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) + NOT-FOR-US: Cisco +CVE-2021-34768 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) + NOT-FOR-US: Cisco +CVE-2021-34767 (A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Co ...) + NOT-FOR-US: Cisco +CVE-2021-34766 (A vulnerability in the web UI of Cisco Smart Software Manager On-Prem ...) + NOT-FOR-US: Cisco +CVE-2021-34765 (A vulnerability in the web UI for Cisco Nexus Insights could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-34764 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-34763 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-34762 (A vulnerability in the web-based management interface of Cisco Firepow ...) + NOT-FOR-US: Cisco +CVE-2021-34761 (A vulnerability in Cisco Firepower Threat Defense (FTD) Software could ...) + NOT-FOR-US: Cisco +CVE-2021-34760 (A vulnerability in the web-based management interface of Cisco TelePre ...) + NOT-FOR-US: Cisco +CVE-2021-34759 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2021-34758 (A vulnerability in the memory management of Cisco TelePresence Collabo ...) + NOT-FOR-US: Cisco +CVE-2021-34757 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...) + NOT-FOR-US: Cisco +CVE-2021-34756 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense ...) + NOT-FOR-US: Cisco +CVE-2021-34755 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense ...) + NOT-FOR-US: Cisco +CVE-2021-34754 (Multiple vulnerabilities in the payload inspection for Ethernet Indust ...) + NOT-FOR-US: Cisco +CVE-2021-34753 + RESERVED +CVE-2021-34752 + RESERVED +CVE-2021-34751 + RESERVED +CVE-2021-34750 + RESERVED +CVE-2021-34749 (A vulnerability in Server Name Identification (SNI) request filtering ...) + NOT-FOR-US: Cisco +CVE-2021-34748 (A vulnerability in the web-based management interface of Cisco Intersi ...) + NOT-FOR-US: Cisco +CVE-2021-34747 + RESERVED +CVE-2021-34746 (A vulnerability in the TACACS+ authentication, authorization and accou ...) + NOT-FOR-US: Cisco +CVE-2021-34745 (A vulnerability in the AppDynamics .NET Agent for Windows could allow ...) + NOT-FOR-US: .NET Agent for Windows +CVE-2021-34744 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...) + NOT-FOR-US: Cisco +CVE-2021-34743 (A vulnerability in the application integration feature of Cisco Webex ...) + NOT-FOR-US: Cisco +CVE-2021-34742 (A vulnerability in the web-based management interface of Cisco Vision ...) + NOT-FOR-US: Cisco +CVE-2021-34741 (A vulnerability in the email scanning algorithm of Cisco AsyncOS softw ...) + NOT-FOR-US: Cisco +CVE-2021-34740 (A vulnerability in the WLAN Control Protocol (WCP) implementation for ...) + NOT-FOR-US: Cisco +CVE-2021-34739 (A vulnerability in the web-based management interface of multiple Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-34738 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-34737 (A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-34736 (A vulnerability in the web-based management interface of Cisco Integra ...) + NOT-FOR-US: Cisco +CVE-2021-34735 (Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone ...) + NOT-FOR-US: Cisco +CVE-2021-34734 (A vulnerability in the Link Layer Discovery Protocol (LLDP) implementa ...) + NOT-FOR-US: Cisco +CVE-2021-34733 (A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evo ...) + NOT-FOR-US: Cisco +CVE-2021-34732 (A vulnerability in the web-based management interface of Cisco Prime C ...) + NOT-FOR-US: Cisco +CVE-2021-34731 (A vulnerability in the web-based management interface of Cisco Prime A ...) + NOT-FOR-US: Cisco +CVE-2021-34730 (A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-34729 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco I ...) + NOT-FOR-US: Cisco +CVE-2021-34728 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) + NOT-FOR-US: Cisco +CVE-2021-34727 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software ...) + NOT-FOR-US: Cisco +CVE-2021-34726 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2021-34725 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-34724 (A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-34723 (A vulnerability in a specific CLI command that is run on Cisco IOS XE ...) + NOT-FOR-US: Cisco +CVE-2021-34722 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) + NOT-FOR-US: Cisco +CVE-2021-34721 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) + NOT-FOR-US: Cisco +CVE-2021-34720 (A vulnerability in the IP Service Level Agreements (IP SLA) responder ...) + NOT-FOR-US: Cisco +CVE-2021-34719 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) + NOT-FOR-US: Cisco +CVE-2021-34718 (A vulnerability in the SSH Server process of Cisco IOS XR Software cou ...) + NOT-FOR-US: Cisco +CVE-2021-34717 + RESERVED +CVE-2021-34716 (A vulnerability in the web-based management interface of Cisco Express ...) + NOT-FOR-US: Cisco +CVE-2021-34715 (A vulnerability in the image verification function of Cisco Expressway ...) + NOT-FOR-US: Cisco +CVE-2021-34714 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...) + NOT-FOR-US: Cisco +CVE-2021-34713 (A vulnerability in the Layer 2 punt code of Cisco IOS XR Software runn ...) + NOT-FOR-US: Cisco +CVE-2021-34712 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) + NOT-FOR-US: Cisco +CVE-2021-34711 (A vulnerability in the debug shell of Cisco IP Phone software could al ...) + NOT-FOR-US: Cisco +CVE-2021-34710 (Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone ...) + NOT-FOR-US: Cisco +CVE-2021-34709 (Multiple vulnerabilities in image verification checks of Cisco Network ...) + NOT-FOR-US: Cisco +CVE-2021-34708 (Multiple vulnerabilities in image verification checks of Cisco Network ...) + NOT-FOR-US: Cisco +CVE-2021-34707 (A vulnerability in the REST API of Cisco Evolved Programmable Network ...) + NOT-FOR-US: Cisco +CVE-2021-34706 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2021-34705 (A vulnerability in the Voice Telephony Service Provider (VTSP) service ...) + NOT-FOR-US: Cisco +CVE-2021-34704 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) + NOT-FOR-US: Cisco +CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP) message pa ...) + NOT-FOR-US: Cisco +CVE-2021-34702 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2021-34701 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage Software ...) + NOT-FOR-US: Cisco +CVE-2021-34699 (A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS ...) + NOT-FOR-US: Cisco +CVE-2021-34698 (A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Se ...) + NOT-FOR-US: Cisco +CVE-2021-34697 (A vulnerability in the Protection Against Distributed Denial of Servic ...) + NOT-FOR-US: Cisco +CVE-2021-34696 (A vulnerability in the access control list (ACL) programming of Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-3605 (There's a flaw in OpenEXR's rleUncompress functionality in versions pr ...) + {DLA-2732-1} + - openexr 2.5.7-1 (bug #990899) + [buster] - openexr <no-dsa> (Minor issue) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268 (master) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3204008c0bd4c8d7599a052b304d1b44c4511283 (v2.5) + NOTE: not to be confused with CVE-2020-11760 whose fix is similar but applied around 10 lines above, in the other branch of the 'if' +CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can result in ...) + - libphp-phpmailer <unfixed> (bug #991666) + [bullseye] - libphp-phpmailer <no-dsa> (Minor issue) + [buster] - libphp-phpmailer <no-dsa> (Minor issue) + [stretch] - libphp-phpmailer <postponed> (Minor issue, fix along with next DLA) + NOTE: https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/ + NOTE: https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 (v6.5.0) +CVE-2021-3602 [Host environment variables leaked in build container when using chroot isolation] + RESERVED + - golang-github-containers-buildah <unfixed> + [bullseye] - golang-github-containers-buildah <no-dsa> (Minor issue) + NOTE: https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj + NOTE: https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0 (main) + NOTE: https://github.com/containers/buildah/commit/23c478b815fb93c094070baa336bcb6a27c01683 (release-1.21) + NOTE: https://github.com/containers/buildah/commit/f4f2a7fc78fa4f12e2f6e6c4ab450aae0d182f3e (release-1.19) +CVE-2021-34695 + RESERVED +CVE-2021-34694 + RESERVED +CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...) + {DSA-4941-1 DLA-2714-1 DLA-2713-1} + - linux 5.10.46-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/15/1 + NOTE: https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693 + NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/ +CVE-2021-34692 (iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. ...) + NOT-FOR-US: iDrive RemotePC +CVE-2021-34691 (iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remo ...) + NOT-FOR-US: iDrive RemotePC +CVE-2021-34690 (iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. ...) + NOT-FOR-US: iDrive RemotePC +CVE-2021-34689 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...) + NOT-FOR-US: iDrive RemotePC +CVE-2021-34688 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...) + NOT-FOR-US: iDrive RemotePC +CVE-2021-34687 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...) + NOT-FOR-US: iDrive RemotePC +CVE-2021-3601 + RESERVED + - openssl1.0 <removed> + [stretch] - openssl1.0 <ignored> (Minor issue, upstream does not want to change the behavior in this old version) + - openssl 1.1.0b-2 + NOTE: Only affects 1.0.2 + NOTE: https://github.com/openssl/openssl/issues/5236 +CVE-2021-34686 + RESERVED +CVE-2021-34685 (UploadService in Hitachi Vantara Pentaho Business Analytics through 9. ...) + NOT-FOR-US: Hitachi +CVE-2021-34684 (Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unaut ...) + NOT-FOR-US: Hitachi +CVE-2021-34683 (An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-docum ...) + NOT-FOR-US: EXCELLENT INFOTEK CORPORATION +CVE-2021-34682 (Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack agains ...) + NOT-FOR-US: Receita Federal IRPF 2021 1.7 +CVE-2021-3600 + RESERVED + {DLA-2785-1} + - linux 5.10.19-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/23/1 +CVE-2021-3599 (A potential vulnerability in the SMI callback function used to access ...) + NOT-FOR-US: Lenovo +CVE-2021-34681 + RESERVED +CVE-2021-34680 + RESERVED +CVE-2021-34679 (Thycotic Password Reset Server before 5.3.0 allows credential disclosu ...) + NOT-FOR-US: Thycotic Password Reset Server +CVE-2021-34678 + RESERVED +CVE-2021-34677 + RESERVED +CVE-2021-34676 (Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel r ...) + NOT-FOR-US: Basix NEX-Forms +CVE-2021-34675 (Basix NEX-Forms through 7.8.7 allows authentication bypass for stored ...) + NOT-FOR-US: Basix NEX-Forms +CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...) + {DLA-2701-1} + - openexr 2.5.7-1 (bug #990450) + [bullseye] - openexr <no-dsa> (Minor issue) + [buster] - openexr <no-dsa> (Minor issue) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1037 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1 (master) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e2667ae1a3ff8a9fce730e61129868b326abb3f5 (2.5) + NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0) +CVE-2021-3597 + RESERVED + - undertow <unfixed> (bug #989861) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1970930 +CVE-2021-34674 + RESERVED +CVE-2021-34673 + RESERVED +CVE-2021-34672 + RESERVED +CVE-2021-34671 + RESERVED +CVE-2021-34670 + RESERVED +CVE-2021-34669 + RESERVED +CVE-2021-34668 (The WordPress Real Media Library WordPress plugin is vulnerable to Sto ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34667 (The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34666 (The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34665 (The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34664 (The Moova for WooCommerce WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34663 (The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34662 + RESERVED +CVE-2021-34661 (The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-34660 (The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-S ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-34659 (The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Re ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34658 (The Simple Popup Newsletter WordPress plugin is vulnerable to Reflecte ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34657 (The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34656 (The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34655 (The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34654 (The Custom Post Type Relations WordPress plugin is vulnerable to Refle ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34653 (The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34652 (The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34651 (The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34650 (The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Sc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34649 (The Simple Behance Portfolio WordPress plugin is vulnerable to Reflect ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34648 (The Ninja Forms WordPress plugin is vulnerable to arbitrary email send ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34647 (The Ninja Forms WordPress plugin is vulnerable to sensitive informatio ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34646 (Versions up to, and including, 5.4.3, of the Booster for WooCommerce W ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34645 (The Shopping Cart & eCommerce Store WordPress plugin is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34644 (The Multiplayer Games WordPress plugin is vulnerable to Reflected Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34643 (The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34642 (The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34641 (The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scrip ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34640 (The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34639 (Authenticated File Upload in WordPress Download Manager <= 3.1.24 a ...) + NOT-FOR-US: WordPress Download Manager +CVE-2021-34638 (Authenticated Directory Traversal in WordPress Download Manager <= ...) + NOT-FOR-US: WordPress Download Manager +CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site Request Fo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34636 (The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin i ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34634 (The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Req ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34633 (The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34632 (The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34631 (The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Fo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34630 (In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtra ...) + NOT-FOR-US: GTranslate (Pro and Enterprise versions) +CVE-2021-34629 (The SendGrid WordPress plugin is vulnerable to authorization bypass vi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34628 (The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Re ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34627 (A vulnerability in the getSelectedMimeTypesByRole function of the WP U ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34626 (A vulnerability in the deleteCustomType function of the WP Upload Rest ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34625 (A vulnerability in the saveCustomType function of the WP Upload Restri ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34624 (A vulnerability in the file uploader component found in the ~/src/Clas ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34623 (A vulnerability in the image uploader component found in the ~/src/Cla ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34622 (A vulnerability in the user profile update component found in the ~/sr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34621 (A vulnerability in the user registration component found in the ~/src/ ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34620 (The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34619 (The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34618 (A remote denial of service (DoS) vulnerability was discovered in some ...) + NOT-FOR-US: Aruba +CVE-2021-34617 (A remote cross-site scripting (XSS) vulnerability was discovered in so ...) + NOT-FOR-US: Aruba +CVE-2021-34616 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34615 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34614 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34613 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34612 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34611 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34610 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34609 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) + NOT-FOR-US: Aruba +CVE-2021-34608 + RESERVED +CVE-2021-34607 + RESERVED +CVE-2021-34606 + RESERVED +CVE-2021-34605 + RESERVED +CVE-2021-34604 + RESERVED +CVE-2021-34603 + RESERVED +CVE-2021-34602 + RESERVED +CVE-2021-34601 + RESERVED +CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...) + NOT-FOR-US: Telenot CompasX +CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...) + NOT-FOR-US: CODESYS +CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...) + NOT-FOR-US: Phoenix +CVE-2021-34597 (Improper Input Validation vulnerability in PC Worx Automation Suite of ...) + NOT-FOR-US: Phoenix Contact +CVE-2021-34596 (A crafted request may cause a read access to an uninitialized pointer ...) + NOT-FOR-US: CODESYS +CVE-2021-34595 (A crafted request with invalid offsets may cause an out-of-bounds read ...) + NOT-FOR-US: CODESYS +CVE-2021-34594 (TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before ...) + NOT-FOR-US: TwinCAT OPC UA Server in TF6100 and TS6100 +CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versio ...) + NOT-FOR-US: CODESYS +CVE-2021-34592 + RESERVED +CVE-2021-34591 + RESERVED +CVE-2021-34590 + RESERVED +CVE-2021-34589 + RESERVED +CVE-2021-34588 + RESERVED +CVE-2021-34587 + RESERVED +CVE-2021-34586 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...) + NOT-FOR-US: CODESYS +CVE-2021-34585 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...) + NOT-FOR-US: CODESYS +CVE-2021-34584 (Crafted web server requests can be utilised to read partial stack or h ...) + NOT-FOR-US: CODESYS +CVE-2021-34583 (Crafted web server requests may cause a heap-based buffer overflow and ...) + NOT-FOR-US: CODESYS +CVE-2021-34582 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...) + NOT-FOR-US: Phoenix +CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in ...) + NOT-FOR-US: WAGO +CVE-2021-34580 (In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can ...) + NOT-FOR-US: MB connect line +CVE-2021-34579 + RESERVED +CVE-2021-34578 (This vulnerability allows an attacker who has access to the WBM to rea ...) + NOT-FOR-US: WAGO +CVE-2021-34577 + RESERVED +CVE-2021-34576 (In Kaden PICOFLUX Air in all known versions an information exposure th ...) + NOT-FOR-US: Kaden PICOFLUX Air +CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 ...) + NOT-FOR-US: MB connect line +CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 ...) + NOT-FOR-US: MB connect line +CVE-2021-34573 (In Enbra EWM in Version 1.7.29 together with several tested wireless M ...) + NOT-FOR-US: Enbra EWM +CVE-2021-34572 (Enbra EWM 1.7.29 does not check for or detect replay attacks sent by w ...) + NOT-FOR-US: Enbra EWM +CVE-2021-34571 (Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in ...) + NOT-FOR-US: Enbra +CVE-2021-34570 (Multiple Phoenix Contact PLCnext control devices in versions prior to ...) + NOT-FOR-US: Phoenix Contact PLCnext control devices +CVE-2021-34569 + RESERVED +CVE-2021-34568 + RESERVED +CVE-2021-34567 + RESERVED +CVE-2021-34566 + RESERVED +CVE-2021-34565 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telne ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-34564 (Any cookie-stealing vulnerabilities within the application or browser ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-34563 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly att ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-34562 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject a ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-34561 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a pa ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-3596 [NULL pointer dereference in ReadSVGImage() in coders/svg.c] + RESERVED + - imagemagick 8:6.9.11.57+dfsg-1 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27f314e2e6eb44b661e65008ce1ce46b85a5628b +CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP network ...) + {DLA-2753-1} + - libslirp 4.6.1-1 (bug #989996) + [bullseye] - libslirp 4.4.0-1+deb11u2 + - qemu 1:4.1-2 + [buster] - qemu <no-dsa> (Minor issue) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f17948137155f025f7809fdc38576d5d2451c3d (v4.6.0) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30 (v4.6.0) + NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. +CVE-2021-3594 (An invalid pointer initialization issue was found in the SLiRP network ...) + {DLA-2753-1} + - libslirp 4.6.1-1 (bug #989995) + [bullseye] - libslirp 4.4.0-1+deb11u2 + - qemu 1:4.1-2 + [buster] - qemu <no-dsa> (Minor issue) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824 (v4.6.0) + NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. +CVE-2021-3593 (An invalid pointer initialization issue was found in the SLiRP network ...) + - libslirp 4.6.1-1 (bug #989994) + [bullseye] - libslirp 4.4.0-1+deb11u2 + - qemu 1:4.1-2 + [buster] - qemu <no-dsa> (Minor issue) + [stretch] - qemu <no-dsa> (Minor issue) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b (v4.6.0) + NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. +CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP network ...) + - libslirp 4.6.1-1 (bug #989993) + [bullseye] - libslirp 4.4.0-1+deb11u2 + - qemu 1:4.1-2 + [buster] - qemu <no-dsa> (Minor issue) + [stretch] - qemu <ignored> (Introduces a regression. See Debian bug #994080) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275 (v4.6.0) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c (v4.6.0) + NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. + NOTE: The patch introduced a regression, see Debian bug #994080 for more information. +CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly assert t ...) + - golang-1.16 1.16.6-1 + - golang-1.15 1.15.9-6 + - golang-1.11 <removed> + - golang-1.8 <removed> + [stretch] - golang-1.8 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies) + - golang-1.7 <removed> + [stretch] - golang-1.7 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies) + NOTE: https://github.com/golang/go/issues/47143 + NOTE: https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 (1.16.x) + NOTE: key_agreement.go also bundled in various other packages +CVE-2021-34556 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...) + {DLA-2785-1} + - linux 5.10.46-4 + [buster] - linux 4.19.208-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3 +CVE-2021-34555 (OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial ...) + - opendmarc 1.4.0~beta1+dfsg-6 (bug #990001) + [buster] - opendmarc <not-affected> (Vulnerable code not present) + [stretch] - opendmarc <not-affected> (Vulnerable code (multi-value-From:) introduced later) + NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/179 + NOTE: https://github.com/trusteddomainproject/OpenDMARC/pull/178 +CVE-2021-34554 + RESERVED +CVE-2021-34553 (Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote au ...) + NOT-FOR-US: Sonatype Nexus Repository Manager +CVE-2021-34552 (Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1. ...) + {DLA-2716-1} + - pillow 8.1.2+dfsg-0.3 (bug #991293) + [buster] - pillow <no-dsa> (Minor issue, mitigated by FORTIFY_SOURCE) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow + NOTE: https://github.com/python-pillow/Pillow/pull/5567 + NOTE: https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f (8.3.0) +CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution if lang ...) + - libphp-phpmailer <not-affected> (Windows-specific) +CVE-2021-34550 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The ...) + {DSA-4932-1} + - tor 0.4.5.9-1 (bug #990000) + [stretch] - tor <end-of-life> (See DSA 4644) + NOTE: https://blog.torproject.org/node/2041 +CVE-2021-34549 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Has ...) + {DSA-4932-1} + - tor 0.4.5.9-1 (bug #990000) + [stretch] - tor <end-of-life> (See DSA 4644) + NOTE: https://blog.torproject.org/node/2041 +CVE-2021-34548 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An ...) + {DSA-4932-1} + - tor 0.4.5.9-1 (bug #990000) + [stretch] - tor <end-of-life> (See DSA 4644) + NOTE: https://blog.torproject.org/node/2041 + NOTE: https://bugs.torproject.org/tpo/core/tor/40389 +CVE-2021-34547 (PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user a ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2021-34546 (An unauthenticated attacker with physical access to a computer with Ne ...) + NOT-FOR-US: NetSetMan Pro +CVE-2021-34545 + RESERVED +CVE-2021-34544 (An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2 ...) + NOT-FOR-US: Solar-Log +CVE-2021-34543 (The web administration server in Solar-Log 500 before 2.8.2 Build 52 d ...) + NOT-FOR-US: Solar-Log +CVE-2021-34542 + RESERVED +CVE-2021-34541 + RESERVED +CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column ...) + NOT-FOR-US: Advantech WebAccess +CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...) + NOT-FOR-US: CubeCoders AMP +CVE-2021-34538 + RESERVED +CVE-2021-34537 (Windows Bluetooth Driver Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34536 (Storage Spaces Controller Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34535 (Remote Desktop Client Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34534 (Windows MSHTML Platform Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34533 (Windows Graphics Component Font Parsing Remote Code Execution Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2021-34532 (ASP.NET Core and Visual Studio Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34531 + RESERVED +CVE-2021-34530 (Windows Graphics Component Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34529 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-34528 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-34527 (Windows Print Spooler Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34526 + RESERVED +CVE-2021-34525 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-34524 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-34523 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-34522 (Microsoft Defender Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-34521 (Raw Image Extension Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34520 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-34519 (Microsoft SharePoint Server Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34518 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-34517 (Microsoft SharePoint Server Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34516 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-34515 + RESERVED +CVE-2021-34514 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-34513 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-34512 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-34511 (Windows Installer Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34510 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-34509 (Storage Spaces Controller Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34508 (Windows Kernel Remote Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-34507 (Windows Remote Assistance Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34506 + RESERVED +CVE-2021-34505 + RESERVED +CVE-2021-34504 (Windows Address Book Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34503 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34502 + RESERVED +CVE-2021-34501 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-34500 (Windows Kernel Memory Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34499 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-34498 (Windows GDI Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34497 (Windows MSHTML Platform Remote Code Execution Vulnerability This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2021-34496 (Windows GDI Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34495 + RESERVED +CVE-2021-34494 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-34493 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-34492 (Windows Certificate Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34491 (Win32k Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34490 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...) + NOT-FOR-US: Microsoft +CVE-2021-34489 (DirectWrite Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34488 (Windows Console Driver Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34487 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-34485 (.NET Core and Visual Studio Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34484 (Windows User Profile Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34483 (Windows Print Spooler Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34482 + RESERVED +CVE-2021-34481 (Windows Print Spooler Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34480 (Scripting Engine Memory Corruption Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34479 (Microsoft Visual Studio Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34478 (Microsoft Office Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34477 (Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34476 (Bowser.sys Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34475 + RESERVED +CVE-2021-34474 (Dynamics Business Central Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34473 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-34472 + RESERVED +CVE-2021-34471 (Microsoft Windows Defender Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34470 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-34469 (Microsoft Office Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34468 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-34467 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-34466 (Windows Hello Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34465 + RESERVED +CVE-2021-34464 (Microsoft Defender Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-34463 + RESERVED +CVE-2021-34462 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-34461 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2021-34460 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-34459 (Windows AppContainer Elevation Of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34458 (Windows Kernel Remote Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-34457 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-34456 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-34455 (Windows File History Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34454 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-34453 (Microsoft Exchange Server Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34452 (Microsoft Word Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34451 (Microsoft Office Online Server Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34450 (Windows Hyper-V Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34449 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-34448 (Scripting Engine Memory Corruption Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34447 (Windows MSHTML Platform Remote Code Execution Vulnerability This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2021-34446 (Windows HTML Platforms Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34445 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-34444 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-34443 + RESERVED +CVE-2021-34442 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-34441 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34440 (GDI+ Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34439 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34438 (Windows Font Driver Host Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-3591 + REJECTED +CVE-2021-3590 + RESERVED + - foreman <itp> (bug #663101) +CVE-2021-3589 + RESERVED + NOT-FOR-US: Foreman Ansible +CVE-2021-34437 + RESERVED +CVE-2021-34436 (In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default ...) + NOT-FOR-US: Eclipse Theia +CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a ...) + NOT-FOR-US: Eclipse Theia +CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...) + - mosquitto <unfixed> (bug #993400) + [buster] - mosquitto <not-affected> (Vulnerable code introduced later) + [stretch] - mosquitto <not-affected> (Vulnerable code introduced later) + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324 +CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3 ...) + NOT-FOR-US: Eclipse Californium +CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will crash ...) + - mosquitto 2.0.8-1 + [buster] - mosquitto <ignored> (Vulnerable code is not accessible in version 1.x) + [stretch] - mosquitto <ignored> (Vulnerable code is not accessible in version 1.x) + NOTE: https://github.com/eclipse/mosquitto/commit/9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6 + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141 +CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...) + - mosquitto 2.0.11-1 + [bullseye] - mosquitto <no-dsa> (Minor issue) + [buster] - mosquitto <not-affected> (Vulnerable code introduced later) + [stretch] - mosquitto <not-affected> (Vulnerable code introduced later) + NOTE: https://mosquitto.org/blog/2021/06/version-2-0-11-released/ + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=573191 +CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C ...) + NOT-FOR-US: Eclipse TinyDTLS +CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-1 ...) + - jetty9 9.4.39-3 (bug #991188) + [buster] - jetty9 <not-affected> (Vulnerable code was introduced in version 9.4.37) + [stretch] - jetty9 <not-affected> (Vulnerable code was introduced in version 9.4.37) + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm + NOTE: Fixed by https://github.com/eclipse/jetty.project/pull/6477 +CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...) + {DSA-4949-1} + - jetty9 9.4.39-2 (bug #990578) + [stretch] - jetty9 <not-affected> (vulnerable code is not present) + - jetty8 <removed> + - jetty <removed> + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6 + NOTE: https://github.com/eclipse/jetty.project/issues/6277 + NOTE: https://github.com/eclipse/jetty.project/commit/087f486b4461746b4ded45833887b3ccb136ee85 (jetty-9.4.x) +CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query ...) + NOT-FOR-US: Eclipse BIRT +CVE-2021-34426 (A vulnerability was discovered in the Keybase Client for Windows befor ...) + NOT-FOR-US: Keybase Client for Windows +CVE-2021-34425 (The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, L ...) + NOT-FOR-US: Zoom +CVE-2021-34424 (A vulnerability was discovered in the Zoom Client for Meetings (for An ...) + NOT-FOR-US: Zoom +CVE-2021-34423 (A buffer overflow vulnerability was discovered in Zoom Client for Meet ...) + NOT-FOR-US: Zoom +CVE-2021-34422 (The Keybase Client for Windows before version 5.7.0 contains a path tr ...) + NOT-FOR-US: Keybase Client for Windows +CVE-2021-34421 (The Keybase Client for Android before version 5.8.0 and the Keybase Cl ...) + NOT-FOR-US: Keybase Client for Android and iOS +CVE-2021-34420 (The Zoom Client for Meetings for Windows installer before version 5.5. ...) + NOT-FOR-US: Zoom Client for Meetings for Windows installer +CVE-2021-34419 (In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, ...) + NOT-FOR-US: Zoom Client for Meetings for Ubuntu Linux +CVE-2021-34418 (The login routine of the web console in the Zoom On-Premise Meeting Co ...) + NOT-FOR-US: Zoom +CVE-2021-34417 (The network proxy page on the web portal for the Zoom On-Premise Meeti ...) + NOT-FOR-US: Zoom +CVE-2021-34416 (The network address administrative settings web portal for the Zoom on ...) + NOT-FOR-US: Zoom on-premise Meeting Connector +CVE-2021-34415 (The Zone Controller service in the Zoom On-Premise Meeting Connector C ...) + NOT-FOR-US: Zoom On-Premise Meeting Connector Controller +CVE-2021-34414 (The network proxy page on the web portal for the Zoom on-premise Meeti ...) + NOT-FOR-US: Zoom On-Premise Meeting Connector Controller +CVE-2021-34413 (All versions of the Zoom Plugin for Microsoft Outlook for MacOS before ...) + NOT-FOR-US: Zoom Plugin for Microsoft Outlook for MacOS +CVE-2021-34412 (During the installation process for all versions of the Zoom Client fo ...) + NOT-FOR-US: Zoom Client for Meetings for Windows +CVE-2021-34411 (During the installation process forZoom Rooms for Conference Room for ...) + NOT-FOR-US: Zoom +CVE-2021-34410 (A user-writable application bundle unpacked during the install for all ...) + NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac +CVE-2021-34409 (It was discovered that the installation packages of the Zoom Client fo ...) + NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac +CVE-2021-34408 (The Zoom Client for Meetings for Windows in all versions before versio ...) + NOT-FOR-US: Zoom Client for Meetings for Windows +CVE-2021-34407 + REJECTED +CVE-2021-34406 (NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a ...) + NOT-FOR-US: NVIDIA +CVE-2021-34405 (NVIDIA Linux distributions contain a vulnerability in TrustZone’ ...) + NOT-FOR-US: NVIDIA +CVE-2021-34404 (Android images for T210 provided by NVIDIA contain a vulnerability in ...) + NOT-FOR-US: NVIDIA +CVE-2021-34403 (NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, whi ...) + NOT-FOR-US: NVIDIA +CVE-2021-34402 (NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, w ...) + NOT-FOR-US: NVIDIA +CVE-2021-34401 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVG ...) + NOT-FOR-US: NVIDIA +CVE-2021-34400 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) + NOT-FOR-US: NVIDIA +CVE-2021-34399 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) + NOT-FOR-US: NVIDIA +CVE-2021-34398 (NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in ...) + NOT-FOR-US: NVIDIA +CVE-2021-34397 (Bootloader contains a vulnerability in NVIDIA MB2, which may cause fre ...) + NOT-FOR-US: NVIDIA +CVE-2021-34396 (Bootloader contains a vulnerability in access permission settings wher ...) + NOT-FOR-US: NVIDIA +CVE-2021-34395 (Trusty TLK contains a vulnerability in its access permission settings ...) + NOT-FOR-US: Trusty +CVE-2021-34394 (Trusty contains a vulnerability in the NVIDIA OTE protocol that is pre ...) + NOT-FOR-US: Trusty +CVE-2021-34393 (Trusty contains a vulnerability in TSEC TA which deserializes the inco ...) + NOT-FOR-US: Trusty +CVE-2021-34392 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...) + NOT-FOR-US: Trusty +CVE-2021-34391 (Trusty contains a vulnerability in the NVIDIA TLK kernel function wher ...) + NOT-FOR-US: Trusty +CVE-2021-34390 (Trusty contains a vulnerability in the NVIDIA TLK kernel function wher ...) + NOT-FOR-US: Trusty +CVE-2021-34389 (Trusty contains a vulnerability in NVIDIA OTE protocol message parsing ...) + NOT-FOR-US: NVIDIA +CVE-2021-34388 (Bootloader contains a vulnerability in NVIDIA TegraBoot where a potent ...) + NOT-FOR-US: NVIDIA +CVE-2021-34387 (The ARM TrustZone Technology on which Trusty is based on contains a vu ...) + NOT-FOR-US: NVIDIA +CVE-2021-34386 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...) + NOT-FOR-US: NVIDIA +CVE-2021-34385 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...) + NOT-FOR-US: Trusty TLK (NVIDIA) +CVE-2021-34384 (Bootloader contains a vulnerability in NVIDIA MB2 where a potential he ...) + NOT-FOR-US: NVIDIA +CVE-2021-34383 (Bootloader contains a vulnerability in NVIDIA MB2 where a potential he ...) + NOT-FOR-US: NVIDIA +CVE-2021-34382 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s t ...) + NOT-FOR-US: NVIDIA +CVE-2021-34381 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function ...) + NOT-FOR-US: NVIDIA +CVE-2021-34380 (Bootloader contains a vulnerability in NVIDIA MB2 where potential heap ...) + NOT-FOR-US: NVIDIA +CVE-2021-34379 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34378 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34377 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34376 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34375 (Trusty contains a vulnerability in all trusted applications (TAs) wher ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34374 (Trusty contains a vulnerability in command handlers where the length o ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34373 (Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVID ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34372 (Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver c ...) + NOT-FOR-US: Trusty +CVE-2021-34371 (Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI se ...) + NOT-FOR-US: Neo4j +CVE-2021-34370 (** DISPUTED ** Accela Civic Platform through 20.1 allows ssoAdapter/lo ...) + NOT-FOR-US: Accela Civic Platform +CVE-2021-34369 (** DISPUTED ** portlets/contact/ref/refContactDetail.do in Accela Civi ...) + NOT-FOR-US: Accela Civic Platform +CVE-2021-34368 + REJECTED +CVE-2021-34367 + REJECTED +CVE-2021-34366 + REJECTED +CVE-2021-34365 + REJECTED +CVE-2021-34364 (The Refined GitHub browser extension before 21.6.8 might allow XSS via ...) + NOT-FOR-US: Refined GitHub browser extension +CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows Path ...) + - thefuck 3.29-0.3 (bug #989989) + [buster] - thefuck <no-dsa> (Minor issue) + [stretch] - thefuck <no-dsa> (Minor issue) + NOTE: https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 (3.31) + NOTE: https://github.com/nvbn/thefuck/pull/1206 +CVE-2021-34362 (A command injection vulnerability has been reported to affect QNAP dev ...) + NOT-FOR-US: QNAP +CVE-2021-34361 + RESERVED +CVE-2021-34360 + RESERVED +CVE-2021-34359 + RESERVED +CVE-2021-34358 (We have already fixed this vulnerability in the following versions of ...) + NOT-FOR-US: QNAP +CVE-2021-34357 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-34356 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-34355 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-34354 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-34353 + RESERVED +CVE-2021-34352 (A command injection vulnerability has been reported to affect QNAP dev ...) + NOT-FOR-US: QNAP +CVE-2021-34351 (A command injection vulnerability has been reported to affect QNAP dev ...) + NOT-FOR-US: QNAP +CVE-2021-34350 + RESERVED +CVE-2021-34349 (A command injection vulnerability has been reported to affect QNAP dev ...) + NOT-FOR-US: QNAP +CVE-2021-34348 (A command injection vulnerability has been reported to affect QNAP dev ...) + NOT-FOR-US: QNAP +CVE-2021-34347 + RESERVED +CVE-2021-34346 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-34345 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not perfor ...) + - bluez 5.55-3.1 (bug #989700) + [buster] - bluez <not-affected> (Vulnerable code introduced later) + [stretch] - bluez <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/bluez/bluez/issues/70 + NOTE: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548 + NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3a40bef49305f8327635b81ac8be52a3ca063d5a (5.56) +CVE-2021-34342 + RESERVED + - ming <removed> + NOTE: https://github.com/libming/libming/issues/205 +CVE-2021-34341 + RESERVED + - ming <removed> + NOTE: https://github.com/libming/libming/issues/204 +CVE-2021-34340 + RESERVED + - ming <removed> + NOTE: https://github.com/libming/libming/issues/203 +CVE-2021-34339 + RESERVED + - ming <removed> + NOTE: https://github.com/libming/libming/issues/202 +CVE-2021-34338 + RESERVED + - ming <removed> + NOTE: https://github.com/libming/libming/issues/201 +CVE-2021-34337 [password checking timing attack in administrative REST API] + RESERVED + - mailman3 <unfixed> (bug #1004934) + [bullseye] - mailman3 <no-dsa> (Minor issue) + [buster] - mailman3 <no-dsa> (Minor issue; will be fixed via point release) + NOTE: Fixed by: https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51 (3.3.5b1) +CVE-2021-34336 + RESERVED +CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 (bug #992707) + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) + [stretch] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984 + NOTE: https://github.com/Exiv2/exiv2/pull/1750 +CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 (bug #992706) + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) + [stretch] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p + NOTE: https://github.com/Exiv2/exiv2/pull/1766 +CVE-2021-34333 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34332 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34331 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34330 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34329 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34328 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34327 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34326 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34325 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34324 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34323 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34322 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34321 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34320 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34319 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34318 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34317 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34316 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34315 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34314 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34313 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34312 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34311 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34310 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34309 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34308 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34307 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34306 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34305 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34304 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34303 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34302 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34301 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34300 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34299 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34298 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34297 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34296 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34295 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34294 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34293 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34292 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-34291 (A vulnerability has been identified in JT2Go (All versions < V13.2) ...) + NOT-FOR-US: JT2Go +CVE-2021-3586 + RESERVED + NOT-FOR-US: Maistra +CVE-2021-3585 + RESERVED + - tripleo-heat-templates <removed> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968247 +CVE-2021-3584 (A server side remote code execution vulnerability was found in Foreman ...) + - foreman <itp> (bug #663101) +CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is vulnerable t ...) + - ansible <unfixed> + [bullseye] - ansible <no-dsa> (Minor issue) + [buster] - ansible <no-dsa> (Minor issue) + - ansible-base <removed> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968412 + NOTE: https://github.com/ansible/ansible/commit/4c8c40fd3d4a58defdc80e7d22aa8d26b731353e.patch +CVE-2021-34290 + RESERVED +CVE-2021-34289 + RESERVED +CVE-2021-34288 + RESERVED +CVE-2021-34287 + RESERVED +CVE-2021-34286 + RESERVED +CVE-2021-34285 + RESERVED +CVE-2021-34284 + RESERVED +CVE-2021-34283 + RESERVED +CVE-2021-34282 + RESERVED +CVE-2021-34281 + RESERVED +CVE-2021-34280 (Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer ...) + NOT-FOR-US: Polaris Office +CVE-2021-34279 + RESERVED +CVE-2021-34278 + RESERVED +CVE-2021-34277 + RESERVED +CVE-2021-34276 + RESERVED +CVE-2021-34275 + RESERVED +CVE-2021-34274 + RESERVED +CVE-2021-34273 (A security flaw in the 'owned' function of a smart contract implementa ...) + NOT-FOR-US: BTC2X +CVE-2021-34272 (A security flaw in the 'owned' function of a smart contract implementa ...) + NOT-FOR-US: RobotCoin +CVE-2021-34271 + RESERVED +CVE-2021-34270 (An integer overflow in the mintToken function of a smart contract impl ...) + NOT-FOR-US: Doftcoin +CVE-2021-34269 + RESERVED +CVE-2021-34268 (An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-34267 (An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM3 ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-34266 + RESERVED +CVE-2021-34265 + RESERVED +CVE-2021-34264 + RESERVED +CVE-2021-34263 + RESERVED +CVE-2021-34262 (A buffer overflow vulnerability in the USBH_ParseEPDesc() function of ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-34261 (An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middle ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-34260 (A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() funct ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-34259 (A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-34258 + RESERVED +CVE-2021-34257 + RESERVED +CVE-2021-34256 + RESERVED +CVE-2021-34255 + RESERVED +CVE-2021-34254 (Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to ins ...) + NOT-FOR-US: Umbraco CMS +CVE-2021-34253 + RESERVED +CVE-2021-34252 + RESERVED +CVE-2021-34251 + RESERVED +CVE-2021-34250 + RESERVED +CVE-2021-34249 + RESERVED +CVE-2021-34248 + RESERVED +CVE-2021-34247 + RESERVED +CVE-2021-34246 + RESERVED +CVE-2021-34245 + RESERVED +CVE-2021-34244 (A cross site request forgery (CSRF) vulnerability was discovered in Ic ...) + NOT-FOR-US: Ice Hrm +CVE-2021-34243 (A stored cross site scripting (XSS) vulnerability was discovered in Ic ...) + NOT-FOR-US: Ice Hrm +CVE-2021-34242 + RESERVED +CVE-2021-34241 + RESERVED +CVE-2021-34240 + RESERVED +CVE-2021-34239 + RESERVED +CVE-2021-34238 + RESERVED +CVE-2021-34237 + RESERVED +CVE-2021-34236 + RESERVED +CVE-2021-34235 (Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The co ...) + NOT-FOR-US: Tokheim Profleet DiaLOG +CVE-2021-34234 + RESERVED +CVE-2021-34233 + RESERVED +CVE-2021-34232 + RESERVED +CVE-2021-34231 + RESERVED +CVE-2021-34230 + RESERVED +CVE-2021-34229 + RESERVED +CVE-2021-34228 (Cross-site scripting in parent_control.htm in TOTOLINK A3002R version ...) + NOT-FOR-US: TOTOLINK +CVE-2021-34227 + RESERVED +CVE-2021-34226 + RESERVED +CVE-2021-34225 + RESERVED +CVE-2021-34224 + RESERVED +CVE-2021-34223 (Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1. ...) + NOT-FOR-US: TOTOLINK +CVE-2021-34222 + RESERVED +CVE-2021-34221 + RESERVED +CVE-2021-34220 (Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1. ...) + NOT-FOR-US: TOTOLINK +CVE-2021-34219 + RESERVED +CVE-2021-34218 (Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V ...) + NOT-FOR-US: TOTOLINK +CVE-2021-34217 + RESERVED +CVE-2021-34216 + RESERVED +CVE-2021-34215 (Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1 ...) + NOT-FOR-US: TOTOLINK +CVE-2021-34214 + RESERVED +CVE-2021-34213 + RESERVED +CVE-2021-34212 + RESERVED +CVE-2021-34211 + RESERVED +CVE-2021-34210 + RESERVED +CVE-2021-34209 + RESERVED +CVE-2021-34208 + RESERVED +CVE-2021-34207 (Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20 ...) + NOT-FOR-US: TOTOLINK +CVE-2021-34206 + RESERVED +CVE-2021-34205 + RESERVED +CVE-2021-34204 (D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Cre ...) + NOT-FOR-US: D-Link +CVE-2021-34203 (D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. ...) + NOT-FOR-US: D-Link +CVE-2021-34202 (There are multiple out-of-bounds vulnerabilities in some processes of ...) + NOT-FOR-US: D-Link +CVE-2021-34201 (D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are ...) + NOT-FOR-US: D-Link +CVE-2021-34200 + RESERVED +CVE-2021-34199 + RESERVED +CVE-2021-34198 + RESERVED +CVE-2021-34197 + RESERVED +CVE-2021-34196 + RESERVED +CVE-2021-34195 + RESERVED +CVE-2021-34194 + RESERVED +CVE-2021-34193 + RESERVED +CVE-2021-34192 + RESERVED +CVE-2021-34191 + RESERVED +CVE-2021-34190 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...) + NOT-FOR-US: Issabel PBX +CVE-2021-34189 + RESERVED +CVE-2021-34188 + RESERVED +CVE-2021-34187 (main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Inj ...) + NOT-FOR-US: Chamilo +CVE-2021-34186 + RESERVED +CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused by an ou ...) + NOT-FOR-US: Miniaudio +CVE-2021-34184 (Miniaudio 0.10.35 has a Double free vulnerability that could cause a b ...) + NOT-FOR-US: Miniaudio +CVE-2021-34183 + REJECTED +CVE-2021-34182 + RESERVED +CVE-2021-34181 + RESERVED +CVE-2021-34180 + RESERVED +CVE-2021-34179 + RESERVED +CVE-2021-34178 + RESERVED +CVE-2021-34177 + RESERVED +CVE-2021-34176 + RESERVED +CVE-2021-34175 + RESERVED +CVE-2021-34174 (A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. Any wir ...) + NOT-FOR-US: Broadcom +CVE-2021-34173 (An attacker can cause a Denial of Service and kernel panic in v4.2 and ...) + NOT-FOR-US: Espressif +CVE-2021-34172 + RESERVED +CVE-2021-34171 + RESERVED +CVE-2021-34170 (Bandai Namco FromSoftware Dark Souls III allows remote attackers to ex ...) + NOT-FOR-US: Bandai +CVE-2021-34169 + RESERVED +CVE-2021-34168 + RESERVED +CVE-2021-34167 + RESERVED +CVE-2021-34166 (A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. ...) + NOT-FOR-US: Sourcecodester +CVE-2021-34165 (A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1. ...) + NOT-FOR-US: Sourcecodester +CVE-2021-34164 + RESERVED +CVE-2021-34163 + RESERVED +CVE-2021-34162 + RESERVED +CVE-2021-34161 + RESERVED +CVE-2021-34160 + RESERVED +CVE-2021-34159 + RESERVED +CVE-2021-34158 + RESERVED +CVE-2021-34157 + RESERVED +CVE-2021-34156 + RESERVED +CVE-2021-34155 + RESERVED +CVE-2021-34154 + RESERVED +CVE-2021-34153 + RESERVED +CVE-2021-34152 + RESERVED +CVE-2021-34151 + RESERVED +CVE-2021-34150 (The Bluetooth Classic implementation on Bluetrum AB5301A devices with ...) + NOT-FOR-US: Bluetrum +CVE-2021-34149 (The Bluetooth Classic implementation on the Texas Instruments CC256XCQ ...) + NOT-FOR-US: Texas Instruments CC256XCQFN-EM +CVE-2021-34148 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) + NOT-FOR-US: Cypress +CVE-2021-34147 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) + NOT-FOR-US: Cypress +CVE-2021-34146 (The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB do ...) + NOT-FOR-US: Cypress +CVE-2021-34145 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) + NOT-FOR-US: Cypress +CVE-2021-34144 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SD ...) + NOT-FOR-US: Zhuhai Jieli +CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_ ...) + NOT-FOR-US: Zhuhai Jieli +CVE-2021-34142 + RESERVED +CVE-2021-34141 (An incomplete string comparison in the numpy.core component in NumPy b ...) + - numpy <unfixed> + [bullseye] - numpy <no-dsa> (Minor issue) + NOTE: https://github.com/numpy/numpy/issues/18993 + NOTE: https://github.com/numpy/numpy/commit/eeef9d4646103c3b1afd3085f1393f2b3f9575b2 (v1.23.0.dev0) +CVE-2021-34140 + RESERVED +CVE-2021-34139 + RESERVED +CVE-2021-34138 + RESERVED +CVE-2021-34137 + RESERVED +CVE-2021-34136 + RESERVED +CVE-2021-34135 + RESERVED +CVE-2021-34134 + RESERVED +CVE-2021-34133 + RESERVED +CVE-2021-34132 + RESERVED +CVE-2021-34131 + RESERVED +CVE-2021-34130 + RESERVED +CVE-2021-34129 (LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary f ...) + NOT-FOR-US: LaikeTui +CVE-2021-34128 (LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary ...) + NOT-FOR-US: LaikeTui +CVE-2021-34127 + RESERVED +CVE-2021-34126 + RESERVED +CVE-2021-34125 + RESERVED +CVE-2021-34124 + RESERVED +CVE-2021-34123 + RESERVED +CVE-2021-34122 + RESERVED +CVE-2021-34121 + RESERVED +CVE-2021-34120 + RESERVED +CVE-2021-34119 + RESERVED +CVE-2021-34118 + RESERVED +CVE-2021-34117 + RESERVED +CVE-2021-34116 + RESERVED +CVE-2021-34115 + RESERVED +CVE-2021-34114 + RESERVED +CVE-2021-34113 + RESERVED +CVE-2021-34112 + RESERVED +CVE-2021-34111 + RESERVED +CVE-2021-34110 (WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowin ...) + NOT-FOR-US: WinWaste.NET +CVE-2021-34109 + RESERVED +CVE-2021-34108 + RESERVED +CVE-2021-34107 + RESERVED +CVE-2021-34106 + RESERVED +CVE-2021-34105 + RESERVED +CVE-2021-34104 + RESERVED +CVE-2021-34103 + RESERVED +CVE-2021-34102 + RESERVED +CVE-2021-34101 + RESERVED +CVE-2021-34100 + RESERVED +CVE-2021-34099 + RESERVED +CVE-2021-34098 + RESERVED +CVE-2021-34097 + RESERVED +CVE-2021-34096 + RESERVED +CVE-2021-34095 + RESERVED +CVE-2021-34094 + RESERVED +CVE-2021-34093 + RESERVED +CVE-2021-34092 + RESERVED +CVE-2021-34091 + RESERVED +CVE-2021-34090 + RESERVED +CVE-2021-34089 + RESERVED +CVE-2021-34088 + RESERVED +CVE-2021-34087 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D pr ...) + NOT-FOR-US: Ultimaker +CVE-2021-34086 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D pr ...) + NOT-FOR-US: Ultimaker +CVE-2021-34085 + RESERVED +CVE-2021-34084 + RESERVED +CVE-2021-34083 + RESERVED +CVE-2021-34082 + RESERVED +CVE-2021-34081 + RESERVED +CVE-2021-34080 + RESERVED +CVE-2021-34079 + RESERVED +CVE-2021-34078 + RESERVED +CVE-2021-34077 + RESERVED +CVE-2021-34076 + RESERVED +CVE-2021-34075 (In Artica Pandora FMS <=754 in the File Manager component, there is ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2021-34074 (PandoraFMS <=7.54 allows arbitrary file upload, it leading to remot ...) + NOT-FOR-US: PandoraFMS +CVE-2021-34073 (A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gad ...) + NOT-FOR-US: Sourcecodester +CVE-2021-34072 + RESERVED +CVE-2021-34071 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...) + NOT-FOR-US: tsMuxer +CVE-2021-34070 (Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denia ...) + NOT-FOR-US: tsMuxer +CVE-2021-34069 (Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denia ...) + NOT-FOR-US: tsMuxer +CVE-2021-34068 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...) + NOT-FOR-US: tsMuxer +CVE-2021-34067 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...) + NOT-FOR-US: tsMuxer +CVE-2021-34066 (An issue was discovered in EdgeGallery/developer before v1.0. There is ...) + NOT-FOR-US: EdgeGallery/developer +CVE-2021-34065 + RESERVED +CVE-2021-34064 + RESERVED +CVE-2021-34063 + RESERVED +CVE-2021-34062 + RESERVED +CVE-2021-34061 + RESERVED +CVE-2021-34060 + RESERVED +CVE-2021-34059 + RESERVED +CVE-2021-34058 + RESERVED +CVE-2021-34057 + RESERVED +CVE-2021-34056 + RESERVED +CVE-2021-34055 + RESERVED +CVE-2021-34054 + RESERVED +CVE-2021-34053 + RESERVED +CVE-2021-34052 + RESERVED +CVE-2021-34051 + RESERVED +CVE-2021-34050 + RESERVED +CVE-2021-34049 + RESERVED +CVE-2021-34048 + RESERVED +CVE-2021-34047 + RESERVED +CVE-2021-34046 + RESERVED +CVE-2021-34045 + RESERVED +CVE-2021-34044 + RESERVED +CVE-2021-34043 + RESERVED +CVE-2021-34042 + RESERVED +CVE-2021-34041 + RESERVED +CVE-2021-34040 + RESERVED +CVE-2021-34039 + RESERVED +CVE-2021-34038 + RESERVED +CVE-2021-34037 + RESERVED +CVE-2021-34036 + RESERVED +CVE-2021-34035 + RESERVED +CVE-2021-34034 + RESERVED +CVE-2021-34033 + RESERVED +CVE-2021-34032 + RESERVED +CVE-2021-34031 + RESERVED +CVE-2021-34030 + RESERVED +CVE-2021-34029 + RESERVED +CVE-2021-34028 + RESERVED +CVE-2021-34027 + RESERVED +CVE-2021-34026 + RESERVED +CVE-2021-34025 + RESERVED +CVE-2021-34024 + RESERVED +CVE-2021-34023 + RESERVED +CVE-2021-34022 + RESERVED +CVE-2021-34021 + RESERVED +CVE-2021-34020 + RESERVED +CVE-2021-34019 + RESERVED +CVE-2021-34018 + RESERVED +CVE-2021-34017 + RESERVED +CVE-2021-34016 + RESERVED +CVE-2021-34015 + RESERVED +CVE-2021-34014 + RESERVED +CVE-2021-34013 + RESERVED +CVE-2021-34012 + RESERVED +CVE-2021-34011 + RESERVED +CVE-2021-34010 + RESERVED +CVE-2021-34009 + RESERVED +CVE-2021-34008 + RESERVED +CVE-2021-34007 + RESERVED +CVE-2021-34006 + RESERVED +CVE-2021-34005 + RESERVED +CVE-2021-34004 + RESERVED +CVE-2021-34003 + RESERVED +CVE-2021-34002 + RESERVED +CVE-2021-34001 + RESERVED +CVE-2021-34000 + RESERVED +CVE-2021-33999 + RESERVED +CVE-2021-33998 + RESERVED +CVE-2021-33997 + RESERVED +CVE-2021-33996 + RESERVED +CVE-2021-33995 + RESERVED +CVE-2021-33994 + RESERVED +CVE-2021-33993 + RESERVED +CVE-2021-33992 + RESERVED +CVE-2021-33991 + RESERVED +CVE-2021-33990 + RESERVED +CVE-2021-33989 + RESERVED +CVE-2021-33988 (Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2 ...) + NOT-FOR-US: Microweber CMS +CVE-2021-33987 + RESERVED +CVE-2021-33986 + RESERVED +CVE-2021-33985 + RESERVED +CVE-2021-33984 + RESERVED +CVE-2021-33983 + RESERVED +CVE-2021-33982 (An insufficient session expiration vulnerability exists in the "Fish | ...) + NOT-FOR-US: "Fish | Hunt FL" iOS app +CVE-2021-33981 (An insecure, direct object vulnerability in hunting/fishing license re ...) + NOT-FOR-US: "Fish | Hunt FL" iOS app +CVE-2021-33980 + RESERVED +CVE-2021-33979 + RESERVED +CVE-2021-33978 + RESERVED +CVE-2021-33977 + RESERVED +CVE-2021-33976 + RESERVED +CVE-2021-33975 + RESERVED +CVE-2021-33974 + RESERVED +CVE-2021-33973 + RESERVED +CVE-2021-33972 + RESERVED +CVE-2021-33971 + RESERVED +CVE-2021-33970 + RESERVED +CVE-2021-33969 + RESERVED +CVE-2021-33968 + RESERVED +CVE-2021-33967 + RESERVED +CVE-2021-33966 (Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows auth ...) + - spotweb <removed> + [buster] - spotweb <no-dsa> (Minor issue) + [stretch] - spotweb <postponed> (Minor issue; possible reflected XSS with unconclusive PoC "proof") + NOTE: https://packetstormsecurity.com/files/162731/Spotweb-Develop-1.4.9-Cross-Site-Scripting.html +CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-33963 (China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router web interface +CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-33961 + RESERVED +CVE-2021-33960 + RESERVED +CVE-2021-33959 + RESERVED +CVE-2021-33958 + RESERVED +CVE-2021-33957 + RESERVED +CVE-2021-33956 + RESERVED +CVE-2021-33955 + RESERVED +CVE-2021-33954 + RESERVED +CVE-2021-33953 + RESERVED +CVE-2021-33952 + RESERVED +CVE-2021-33951 + RESERVED +CVE-2021-33950 + RESERVED +CVE-2021-33949 + RESERVED +CVE-2021-33948 + RESERVED +CVE-2021-33947 + RESERVED +CVE-2021-33946 + RESERVED +CVE-2021-33945 (RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN ...) + NOT-FOR-US: RICOH +CVE-2021-33944 + RESERVED +CVE-2021-33943 + RESERVED +CVE-2021-33942 + RESERVED +CVE-2021-33941 + RESERVED +CVE-2021-33940 + RESERVED +CVE-2021-33939 + RESERVED +CVE-2021-33938 (Buffer overflow vulnerability in function prune_to_recommended in src/ ...) + - libsolv 0.7.17-1 + [buster] - libsolv <no-dsa> (Minor issue) + [stretch] - libsolv <no-dsa> (Minor issue) + NOTE: https://github.com/openSUSE/libsolv/issues/420 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) +CVE-2021-33937 + RESERVED +CVE-2021-33936 + RESERVED +CVE-2021-33935 + RESERVED +CVE-2021-33934 + RESERVED +CVE-2021-33933 + RESERVED +CVE-2021-33932 + RESERVED +CVE-2021-33931 + RESERVED +CVE-2021-33930 (Buffer overflow vulnerability in function pool_installable_whatprovide ...) + - libsolv 0.7.17-1 + [buster] - libsolv <no-dsa> (Minor issue) + [stretch] - libsolv <no-dsa> (Minor issue) + NOTE: https://github.com/openSUSE/libsolv/issues/417 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) +CVE-2021-33929 (Buffer overflow vulnerability in function pool_disabled_solvable in sr ...) + - libsolv 0.7.17-1 + [buster] - libsolv <no-dsa> (Minor issue) + [stretch] - libsolv <no-dsa> (Minor issue) + NOTE: https://github.com/openSUSE/libsolv/issues/417 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) +CVE-2021-33928 (Buffer overflow vulnerability in function pool_installable in src/repo ...) + - libsolv 0.7.17-1 + [buster] - libsolv <no-dsa> (Minor issue) + [stretch] - libsolv <no-dsa> (Minor issue) + NOTE: https://github.com/openSUSE/libsolv/issues/417 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) +CVE-2021-33927 + RESERVED +CVE-2021-33926 + RESERVED +CVE-2021-33925 + RESERVED +CVE-2021-33924 (Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 i ...) + NOT-FOR-US: Confluent Ansible +CVE-2021-33923 (Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5 ...) + NOT-FOR-US: Confluent Ansible +CVE-2021-33922 + RESERVED +CVE-2021-33921 + RESERVED +CVE-2021-33920 + RESERVED +CVE-2021-33919 + RESERVED +CVE-2021-33918 + RESERVED +CVE-2021-33917 + RESERVED +CVE-2021-33916 + RESERVED +CVE-2021-33915 + RESERVED +CVE-2021-33914 + RESERVED +CVE-2021-33913 (libspf2 before 1.2.11 has a heap-based buffer overflow that might allo ...) + {DLA-2890-1} + - libspf2 1.2.10-7.1 + [bullseye] - libspf2 1.2.10-7.1~deb11u1 + [buster] - libspf2 1.2.10-7.1~deb10u1 + NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure + NOTE: https://github.com/shevek/libspf2/pull/35 + NOTE: https://github.com/shevek/libspf2/commit/f06fef6cede4c4cb42f2c617496e6041782d7070 +CVE-2021-33912 (libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that ...) + {DLA-2890-1} + - libspf2 1.2.10-7.1 + [bullseye] - libspf2 1.2.10-7.1~deb11u1 + [buster] - libspf2 1.2.10-7.1~deb10u1 + NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure + NOTE: https://github.com/shevek/libspf2/pull/35 + NOTE: https://github.com/shevek/libspf2/commit/28faf4624a6a371b11afdb9820078d3b0ee3803d +CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote code execut ...) + NOT-FOR-US: Zoho +CVE-2021-33910 (basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 ...) + {DSA-4942-1 DLA-2715-1} + - systemd 247.3-6 + NOTE: https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt + NOTE: Introduced by: https://github.com/systemd/systemd/commit/7410616cd9dbbec97cf98d75324da5cda2b2f7a2 (v220) + NOTE: Fixed by: https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9 + NOTE: Fixed by: https://github.com/systemd/systemd/commit/4e2544c30bfb95e7cb4d1551ba066b1a56520ad6 (comment fix) + NOTE: https://github.com/systemd/systemd/pull/20256 +CVE-2021-33909 (fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 do ...) + {DSA-4941-1 DLA-2714-1 DLA-2713-1} + - linux 5.10.46-2 + NOTE: https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt + NOTE: https://git.kernel.org/linus/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b +CVE-2021-33908 + RESERVED +CVE-2021-3587 + REJECTED +CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device] + RESERVED + - qemu 1:5.2+dfsg-11 (bug #990565) + [buster] - qemu <no-dsa> (Minor issue) + [stretch] - qemu <not-affected> (Vulnerable code introduced later) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-06/msg04148.html +CVE-2021-33907 (The Zoom Client for Meetings for Windows in all versions before 5.3.0 ...) + NOT-FOR-US: Zoom Client for Meetings for Windows +CVE-2021-33906 + RESERVED +CVE-2021-33905 + RESERVED +CVE-2021-33904 (** DISPUTED ** In Accela Civic Platform through 21.1, the security/hos ...) + NOT-FOR-US: Accela Civic Platform +CVE-2021-33903 (In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, ...) + NOT-FOR-US: LANCOM +CVE-2021-33902 + RESERVED +CVE-2021-33901 + RESERVED +CVE-2021-33900 (While investigating DIRSTUDIO-1219 it was noticed that configured Star ...) + - apache-directory-studio <itp> (bug #733044) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/24/1 +CVE-2021-33899 + RESERVED +CVE-2021-33898 (In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize( ...) + NOT-FOR-US: Invoice Ninja +CVE-2021-33897 + RESERVED +CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (o ...) + - dino-im 0.2.0-3 + [buster] - dino-im <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/2 + NOTE: https://github.com/dino/dino/commit/0c8d25b7a3e7a10a506f1e19b868fe9b0c761495 (master) + NOTE: https://github.com/dino/dino/commit/1eaad1ccfbd00c6e76650535496531c172453994 (v0.2.1) +CVE-2021-33895 (ETINET BACKBOX E4.09 and H4.09 mismanages password access control. Whe ...) + NOT-FOR-US: ETINET +CVE-2021-33894 (In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before ...) + NOT-FOR-US: Progress MOVEit +CVE-2021-33893 + RESERVED +CVE-2021-33892 + RESERVED +CVE-2021-33891 + RESERVED +CVE-2021-33890 + RESERVED +CVE-2021-33889 (OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overfl ...) + NOT-FOR-US: OpenThread wpantund +CVE-2021-33888 + RESERVED +CVE-2021-33887 (Insufficient verification of data authenticity in Peloton TTR01 up to ...) + NOT-FOR-US: Peloton TTR01 +CVE-2021-33886 (An improper sanitization of input vulnerability in B. Braun SpaceCom2 ...) + NOT-FOR-US: B. Braun SpaceCom2 +CVE-2021-33885 (An Insufficient Verification of Data Authenticity vulnerability in B. ...) + NOT-FOR-US: B. Braun SpaceCom2 +CVE-2021-33884 (An Unrestricted Upload of File with Dangerous Type vulnerability in B. ...) + NOT-FOR-US: B. Braun SpaceCom2 +CVE-2021-33883 (A Cleartext Transmission of Sensitive Information vulnerability in B. ...) + NOT-FOR-US: B. Braun SpaceCom2 +CVE-2021-33882 (A Missing Authentication for Critical Function vulnerability in B. Bra ...) + NOT-FOR-US: B. Braun SpaceCom2 +CVE-2021-33881 (On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a w ...) + NOT-FOR-US: NXP +CVE-2021-33880 (The aaugustin websockets library before 9.1 for Python has an Observab ...) + - python-websockets 9.1-1 (bug #989561) + [buster] - python-websockets <not-affected> (Vulnerable code introduced in 8.0) + [stretch] - python-websockets <not-affected> (Vulnerable code introduced in 8.0) + NOTE: https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0 +CVE-2021-33879 (Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure ...) + NOT-FOR-US: Tencent +CVE-2021-33878 + RESERVED +CVE-2021-33877 + RESERVED +CVE-2021-33876 + RESERVED +CVE-2021-33875 + RESERVED +CVE-2021-33874 + RESERVED +CVE-2021-33873 + RESERVED +CVE-2021-33872 + RESERVED +CVE-2021-33871 + RESERVED +CVE-2021-33870 + RESERVED +CVE-2021-33869 + RESERVED +CVE-2021-33868 + RESERVED +CVE-2021-33867 + RESERVED +CVE-2021-33866 + RESERVED +CVE-2021-33865 + RESERVED +CVE-2021-33864 + RESERVED +CVE-2021-33863 + RESERVED +CVE-2021-33862 + RESERVED +CVE-2021-33861 + RESERVED +CVE-2021-33860 + RESERVED +CVE-2021-33859 + RESERVED +CVE-2021-33858 + RESERVED +CVE-2021-33857 + RESERVED +CVE-2021-33856 + RESERVED +CVE-2021-33855 + RESERVED +CVE-2021-33854 + RESERVED +CVE-2021-33853 + RESERVED +CVE-2021-33852 + RESERVED +CVE-2021-33851 + RESERVED +CVE-2021-33850 (There is a Cross-Site Scripting vulnerability in Microsoft Clarity ver ...) + NOT-FOR-US: Microsoft +CVE-2021-33849 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScri ...) + NOT-FOR-US: Zoho +CVE-2021-3581 (Buffer Access with Incorrect Length Value in zephyr. Zephyr versions & ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions handled ...) + {DSA-4933-1 DLA-2760-1} + - nettle 3.7.3-1 (bug #989631) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1967983 + NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe + NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c + NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c +CVE-2021-33844 + RESERVED +CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of Circu ...) + NOT-FOR-US: Circutor SGE-PLC1000 firmware +CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle so ...) + NOT-FOR-US: SGE-PLC1000 device +CVE-2021-23210 + RESERVED +CVE-2021-23172 + RESERVED +CVE-2021-23159 + RESERVED +CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...) + NOT-FOR-US: Luca +CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...) + NOT-FOR-US: Luca +CVE-2021-33838 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...) + NOT-FOR-US: Luca +CVE-2021-33837 + RESERVED +CVE-2021-33836 + RESERVED +CVE-2021-33835 + RESERVED +CVE-2021-33834 + RESERVED +CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based b ...) + {DLA-2915-1} + - connman 1.36-2.2 (bug #989662) + [buster] - connman 1.36-2.1~deb10u2 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/09/1 + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c +CVE-2021-33832 + RESERVED +CVE-2021-33831 (api/account/register in the TH Wildau COVID-19 Contact Tracing applica ...) + NOT-FOR-US: TH Wildau COVID-19 Contact Tracing App (Germany) +CVE-2021-33830 + RESERVED +CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...) + {DLA-2813-1} + - ckeditor 4.16.0+dfsg-2 + [buster] - ckeditor <no-dsa> (Minor issue) + NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser + NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed +CVE-2021-33828 (The files_antivirus component before 1.0.0 for ownCloud mishandles the ...) + - owncloud <removed> +CVE-2021-33827 (The files_antivirus component before 1.0.0 for ownCloud allows OS Comm ...) + - owncloud <removed> +CVE-2021-33826 + RESERVED +CVE-2021-33825 + RESERVED +CVE-2021-33824 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...) + NOT-FOR-US: MOXA +CVE-2021-33823 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...) + NOT-FOR-US: MOXA +CVE-2021-33822 (An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22 ...) + NOT-FOR-US: 4GEE ROUTER HH70VB +CVE-2021-33821 + RESERVED +CVE-2021-33820 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...) + NOT-FOR-US: UniFi Protect G3 FLEX Camera +CVE-2021-33819 + RESERVED +CVE-2021-33818 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...) + NOT-FOR-US: UniFi Protect G3 FLEX Camera +CVE-2021-33817 + RESERVED +CVE-2021-33816 (The website builder module in Dolibarr 13.0.2 allows remote PHP code e ...) + - dolibarr <removed> +CVE-2021-33815 (dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-boun ...) + [experimental] - ffmpeg <unfixed> + - ffmpeg <not-affected> (Vulnerable code not present, introduced in cc85ca1cb34) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777 +CVE-2021-33814 + RESERVED +CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to c ...) + {DLA-2712-1 DLA-2696-1} + - libjdom2-intellij-java <unfixed> (bug #990673) + [bullseye] - libjdom2-intellij-java <no-dsa> (Minor issue) + [buster] - libjdom2-intellij-java <no-dsa> (Minor issue) + - libjdom2-java 2.0.6-2.1 (bug #990671) + [buster] - libjdom2-java <no-dsa> (Minor issue) + - libjdom1-java 1.1.3-2.1 (bug #990672) + [buster] - libjdom1-java <no-dsa> (Minor issue) + NOTE: https://github.com/hunterhacker/jdom/pull/188 + NOTE: https://alephsecurity.com/vulns/aleph-2021003 + NOTE: Fixed by: https://github.com/hunterhacker/jdom/commit/bd3ab78370098491911d7fe9d7a43b97144a234e + NOTE: Possible regression impact: https://github.com/hunterhacker/jdom/pull/188#issuecomment-872685011 + NOTE: Improved regression with: https://github.com/hunterhacker/jdom/commit/dd4f3c2fc7893edd914954c73eb577f925a7d361 + NOTE: https://github.com/hunterhacker/jdom/commit/07f316957b59d305f04c7bdb26292852bcbc2eb5 +CVE-2021-33812 + RESERVED +CVE-2021-33811 + RESERVED +CVE-2021-33810 + RESERVED +CVE-2021-33809 + RESERVED +CVE-2021-33808 + RESERVED +CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/d ...) + NOT-FOR-US: Cartadis Gespage +CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...) + NOT-FOR-US: Bitdefender +CVE-2021-3578 (A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecke ...) + - isync 1.3.0-2.2 (bug #989564) + [buster] - isync 1.3.0-2.2~deb10u1 + [stretch] - isync <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/1 +CVE-2021-33806 (The BDew BdLib library before 1.16.1.7 for Minecraft allows remote cod ...) + NOT-FOR-US: BDew BdLib library +CVE-2021-33805 + REJECTED +CVE-2021-3577 (An unauthenticated remote code execution vulnerability was reported in ...) + NOT-FOR-US: Binatone +CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in Bitdefender End ...) + NOT-FOR-US: Bitdefender +CVE-2021-3575 [heap-buffer-overflow in color.c may lead to DoS] + RESERVED + - openjpeg2 <unfixed> (bug #989775) + [bullseye] - openjpeg2 <no-dsa> (Minor issue) + [buster] - openjpeg2 <no-dsa> (Minor issue) + [stretch] - openjpeg2 <no-dsa> (Minor issue) + NOTE: https://github.com/uclouvain/openjpeg/issues/1347 +CVE-2021-3574 + RESERVED +CVE-2021-33804 + RESERVED +CVE-2021-33803 + RESERVED +CVE-2021-33802 + RESERVED +CVE-2021-33801 + RESERVED +CVE-2021-33800 (In Druid 1.2.3, visiting the path with parameter in a certain function ...) + NOT-FOR-US: Alibaba Druid +CVE-2021-33799 + RESERVED +CVE-2021-33798 + RESERVED +CVE-2021-33797 + RESERVED +CVE-2021-33796 + RESERVED +CVE-2021-3573 (A use-after-free in function hci_sock_bound_ioctl() of the Linux kerne ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2 +CVE-2021-33795 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorr ...) + NOT-FOR-US: Foxit +CVE-2021-33794 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow informat ...) + NOT-FOR-US: Foxit Reader +CVE-2021-33793 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...) + NOT-FOR-US: Foxit Reader +CVE-2021-33792 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...) + NOT-FOR-US: Foxit +CVE-2021-3572 (A flaw was found in python-pip in the way it handled Unicode separator ...) + - python-pip 20.3.4-2 + [buster] - python-pip <no-dsa> (Minor issue) + [stretch] - python-pip <postponed> (Minor issue. Fix along with next DLA) + NOTE: https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1926957 + NOTE: https://github.com/pypa/pip/pull/9827 + NOTE: https://github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e (21.1) +CVE-2021-33791 + REJECTED +CVE-2021-3571 (A flaw was found in the ptp4l program of the linuxptp package. When pt ...) + - linuxptp 3.1-2.1 (bug #990749) + [buster] - linuxptp <not-affected> (Vulnerable code introduced later, transparent clock implementation in v2.0) + [stretch] - linuxptp <not-affected> (Vulnerable code introduced later, transparent clock implementation in v2.0) + NOTE: https://github.com/richardcochran/linuxptp/commit/d61d77e163dbee247819f3d88593ba111577af15 (master) + NOTE: https://github.com/richardcochran/linuxptp/commit/0b3ab45de6a96ca181a5cf62c3c2b97167e2ed20 (v3.1.1) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1 +CVE-2021-3570 (A flaw was found in the ptp4l program of the linuxptp package. A missi ...) + {DSA-4938-1 DLA-2723-1} + - linuxptp 3.1-2.1 (bug #990748) + NOTE: https://github.com/richardcochran/linuxptp/commit/a1e63aa3a7304647913707c4df01f3df430806ab (master) + NOTE: https://github.com/richardcochran/linuxptp/commit/ce15e4de5926724557e8642ec762a210632f15ca (v3.1.1) + NOTE: https://github.com/richardcochran/linuxptp/commit/c15da0756d9b0ad9c0b9307c4a8685b490b76485 (v1.9.3) + NOTE: https://github.com/richardcochran/linuxptp/commit/7795df89dd4f94e0f55959dc61a85535d0f01cae (v1.8.1) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1 +CVE-2021-33790 (The RebornCore library before 4.7.3 allows remote code execution becau ...) + NOT-FOR-US: RebornCore +CVE-2021-33789 + RESERVED +CVE-2021-33788 (Windows LSA Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33787 + RESERVED +CVE-2021-33786 (Windows LSA Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33785 (Windows AF_UNIX Socket Provider Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33784 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2021-33783 (Windows SMB Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33782 (Windows Authenticode Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33781 (Azure AD Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33780 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33779 (Windows ADFS Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33778 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-33777 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-33776 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-33775 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-33774 (Windows Event Tracing Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33773 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-33772 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...) + NOT-FOR-US: Microsoft +CVE-2021-33771 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-33770 + RESERVED +CVE-2021-33769 + RESERVED +CVE-2021-33768 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-33767 (Open Enclave SDK Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33766 (Microsoft Exchange Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33765 (Windows Installer Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33764 (Windows Key Distribution Center Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33763 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-33762 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...) + NOT-FOR-US: Microsoft +CVE-2021-33761 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-33760 (Media Foundation Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33759 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33758 (Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-33757 (Windows Security Account Manager Remote Protocol Security Feature Bypa ...) + NOT-FOR-US: Microsoft +CVE-2021-33756 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33755 (Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-33754 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33753 (Microsoft Bing Search Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33752 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33751 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-33750 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33749 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33748 + RESERVED +CVE-2021-33747 + RESERVED +CVE-2021-33746 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33745 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-33744 (Windows Secure Kernel Mode Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33743 (Windows Projected File System Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33742 (Windows MSHTML Platform Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33741 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33740 (Windows Media Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-33739 (Microsoft DWM Core Library Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-3569 (A stack corruption bug was found in libtpms in versions before 0.7.2 a ...) + - libtpms 0.8.2-1 + NOTE: https://github.com/stefanberger/libtpms/commit/505ef841c00b4c096b1977c667cb957bec3a1d8b (v0.8.0) + NOTE: https://github.com/stefanberger/libtpms/commit/40cfe134c017d3aeaaed05ce71eaf9bfbe556b16 (v0.7.2) +CVE-2021-3568 + RESERVED +CVE-2021-3567 + RESERVED + - caribou 0.4.21-7.1 (bug #980061) + [buster] - caribou <not-affected> (Security impact only with cinnamon-screensaver >= 4.2) + [stretch] - caribou <not-affected> (Security impact only with cinnamon-screensaver >= 4.2) + NOTE: https://bugs.launchpad.net/ubuntu/+source/caribou/+bug/1912060 + NOTE: https://gitlab.gnome.org/GNOME/caribou/-/merge_requests/3 + NOTE: https://gitlab.gnome.org/GNOME/caribou/-/commit/d41c8e44b12222a290eaca16703406b113a630c6 +CVE-2021-33738 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: JT2Go +CVE-2021-33737 (A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS ...) + NOT-FOR-US: Siemens +CVE-2021-33736 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33735 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33734 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33733 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33732 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33731 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33730 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33729 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33728 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33727 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33726 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33725 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33724 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33723 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33722 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33721 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33720 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) + NOT-FOR-US: Siemens +CVE-2021-33719 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) + NOT-FOR-US: Siemens +CVE-2021-33718 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Mendix Applications +CVE-2021-33717 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...) + NOT-FOR-US: JT2Go +CVE-2021-33716 (A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS ...) + NOT-FOR-US: Siemens +CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-33714 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-33713 (A vulnerability has been identified in JT Utilities (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-33712 (A vulnerability has been identified in Mendix SAML Module (All version ...) + NOT-FOR-US: Mendix SAML Module +CVE-2021-33711 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) + NOT-FOR-US: Siemens +CVE-2021-33710 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) + NOT-FOR-US: Siemens +CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) + NOT-FOR-US: Siemens +CVE-2021-33708 (Due to insufficient input validation in Kyma, authenticated users can ...) + NOT-FOR-US: Kyma +CVE-2021-33707 (SAP NetWeaver Knowledge Management allows remote attackers to redirect ...) + NOT-FOR-US: SAP +CVE-2021-33706 (Due to improper input validation in InfraBox, logs can be modified by ...) + NOT-FOR-US: InfraBox +CVE-2021-33705 (The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.4 ...) + NOT-FOR-US: SAP +CVE-2021-33704 (The Service Layer of SAP Business One, version - 10.0, allows an authe ...) + NOT-FOR-US: SAP +CVE-2021-33703 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30 ...) + NOT-FOR-US: NetWeaver +CVE-2021-33702 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10 ...) + NOT-FOR-US: NetWeaver +CVE-2021-33701 (DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1 ...) + NOT-FOR-US: SAP +CVE-2021-33700 (SAP Business One, version - 10.0, allows a local attacker with access ...) + NOT-FOR-US: SAP +CVE-2021-33699 (Task Hijacking is a vulnerability that affects the applications runnin ...) + NOT-FOR-US: Android +CVE-2021-33698 (SAP Business One, version - 10.0, allows an attacker with business aut ...) + NOT-FOR-US: SAP +CVE-2021-33697 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...) + NOT-FOR-US: SAP +CVE-2021-33696 (SAP BusinessObjects Business Intelligence Platform (Crystal Report), v ...) + NOT-FOR-US: SAP +CVE-2021-33695 (Potentially, SAP Cloud Connector, version - 2.0 communication with the ...) + NOT-FOR-US: SAP +CVE-2021-33694 (SAP Cloud Connector, version - 2.0, does not sufficiently encode user- ...) + NOT-FOR-US: SAP +CVE-2021-33693 (SAP Cloud Connector, version - 2.0, allows an authenticated administra ...) + NOT-FOR-US: SAP +CVE-2021-33692 (SAP Cloud Connector, version - 2.0, allows the upload of zip files as ...) + NOT-FOR-US: SAP +CVE-2021-33691 (NWDI Notification Service versions - 7.31, 7.40, 7.50, does not suffic ...) + NOT-FOR-US: SAP +CVE-2021-33690 (Server-Side Request Forgery (SSRF) vulnerability has been detected in ...) + NOT-FOR-US: SAP +CVE-2021-33689 (When user with insufficient privileges tries to access any application ...) + NOT-FOR-US: SAP +CVE-2021-33688 (SAP Business One allows an attacker with business privileges to execut ...) + NOT-FOR-US: SAP +CVE-2021-33687 (SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30 ...) + NOT-FOR-US: SAP +CVE-2021-33686 (Under certain conditions, SAP Business One version - 10.0, allows an u ...) + NOT-FOR-US: SAP +CVE-2021-33685 (SAP Business One version - 10.0 allows low-level authorized attacker t ...) + NOT-FOR-US: SAP +CVE-2021-33684 (SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7. ...) + NOT-FOR-US: SAP +CVE-2021-33683 (SAP Web Dispatcher and Internet Communication Manager (ICM), versions ...) + NOT-FOR-US: SAP +CVE-2021-33682 (SAP Lumira Server version 2.4 does not sufficiently encode user contro ...) + NOT-FOR-US: SAP +CVE-2021-33681 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-33680 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-33679 (The SAP BusinessObjects BI Platform version - 420 allows an attacker, ...) + NOT-FOR-US: SAP +CVE-2021-33678 (A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), ...) + NOT-FOR-US: SAP +CVE-2021-33677 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, ...) + NOT-FOR-US: SAP +CVE-2021-33676 (A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 7 ...) + NOT-FOR-US: SAP +CVE-2021-33675 (Under certain conditions, SAP Contact Center - version 700, does not s ...) + NOT-FOR-US: SAP +CVE-2021-33674 (Under certain conditions, SAP Contact Center - version 700, does not s ...) + NOT-FOR-US: SAP +CVE-2021-33673 (Under certain conditions, SAP Contact Center - version 700,does not su ...) + NOT-FOR-US: SAP +CVE-2021-33672 (Due to missing encoding in SAP Contact Center's Communication Desktop ...) + NOT-FOR-US: SAP +CVE-2021-33671 (SAP NetWeaver Guided Procedures (Administration Workset), versions - 7 ...) + NOT-FOR-US: SAP +CVE-2021-33670 (SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - ...) + NOT-FOR-US: SAP +CVE-2021-33669 (Under certain conditions, SAP Mobile SDK Certificate Provider allows a ...) + NOT-FOR-US: SAP +CVE-2021-33668 (Due to improper input sanitization, specially crafted LDAP queries can ...) + NOT-FOR-US: SAP +CVE-2021-33667 (Under certain conditions, SAP Business Objects Web Intelligence (BI La ...) + NOT-FOR-US: SAP +CVE-2021-33666 (When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it ...) + NOT-FOR-US: SAP +CVE-2021-33665 (SAP NetWeaver Application Server ABAP (Applications based on SAP GUI f ...) + NOT-FOR-US: SAP +CVE-2021-33664 (SAP NetWeaver Application Server ABAP (Applications based on Web Dynpr ...) + NOT-FOR-US: SAP +CVE-2021-33663 (SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - ...) + NOT-FOR-US: SAP +CVE-2021-33662 (Under certain conditions, the installation of SAP Business One, versio ...) + NOT-FOR-US: SAP +CVE-2021-33661 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-33660 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-33659 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-33658 + RESERVED +CVE-2021-33657 + RESERVED +CVE-2021-33656 + RESERVED +CVE-2021-33655 + RESERVED +CVE-2021-33654 + RESERVED +CVE-2021-33653 + RESERVED +CVE-2021-33652 + RESERVED +CVE-2021-33651 + RESERVED +CVE-2021-33650 + RESERVED +CVE-2021-33649 + RESERVED +CVE-2021-33648 + RESERVED +CVE-2021-33647 + RESERVED +CVE-2021-33646 + RESERVED +CVE-2021-33645 + RESERVED +CVE-2021-33644 + RESERVED +CVE-2021-33643 + RESERVED +CVE-2021-33642 + RESERVED +CVE-2021-33641 + RESERVED +CVE-2021-33640 + RESERVED +CVE-2021-33639 + RESERVED +CVE-2021-33638 + RESERVED +CVE-2021-33637 + RESERVED +CVE-2021-33636 + RESERVED +CVE-2021-33635 + RESERVED +CVE-2021-33634 + RESERVED +CVE-2021-33633 + RESERVED +CVE-2021-33632 + RESERVED +CVE-2021-33631 + RESERVED +CVE-2021-33630 + RESERVED +CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when building co ...) + NOT-FOR-US: isula-build +CVE-2021-33628 + RESERVED +CVE-2021-33627 (An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServ ...) + NOT-FOR-US: Insyde +CVE-2021-33626 (A vulnerability exists in SMM (System Management Mode) branch that reg ...) + NOT-FOR-US: Insyde +CVE-2021-33625 (An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting H ...) + NOT-FOR-US: Insyde +CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...) + {DLA-2785-1} + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1 +CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...) + - node-trim-newlines 3.0.0+~3.0.0-1 + [bullseye] - node-trim-newlines <no-dsa> (Minor issue) + [buster] - node-trim-newlines <no-dsa> (Minor issue) + [stretch] - node-trim-newlines <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://github.com/advisories/GHSA-7p7h-4mm5-852v +CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, h ...) + [experimental] - singularity-container 3.9.4+ds2-1 + - singularity-container <unfixed> (bug #990201) + NOTE: https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622- +CVE-2021-33621 + RESERVED +CVE-2021-33619 + RESERVED +CVE-2021-33618 (Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstr ...) + - dolibarr <removed> +CVE-2021-33617 (Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/ ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-33616 + RESERVED +CVE-2021-33615 + RESERVED +CVE-2021-33620 (Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause ...) + {DSA-4924-1 DLA-2685-1} + - squid 4.13-10 + - squid3 <removed> + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch +CVE-2021-33614 + RESERVED +CVE-2021-33613 + RESERVED +CVE-2021-33612 + RESERVED +CVE-2021-33611 (Missing output sanitization in test sources in org.webjars.bowergithub ...) + NOT-FOR-US: vaadin-menu-bar +CVE-2021-33610 + RESERVED +CVE-2021-33609 (Missing check in DataCommunicator class in com.vaadin:vaadin-server ve ...) + NOT-FOR-US: Vaadin +CVE-2021-33608 + RESERVED +CVE-2021-33607 + RESERVED +CVE-2021-33606 + RESERVED +CVE-2021-33605 (Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow ver ...) + NOT-FOR-US: com.vaadin:vaadin-checkbox-flow +CVE-2021-33604 (URL encoding error in development mode handler in com.vaadin:flow-serv ...) + NOT-FOR-US: com.vaadin:flow-server +CVE-2021-33603 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) + NOT-FOR-US: F-Secure +CVE-2021-33602 (A vulnerability affecting the F-Secure Antivirus engine was discovered ...) + NOT-FOR-US: F-Secure +CVE-2021-33601 (A vulnerability was discovered in the web user interface of F-Secure I ...) + NOT-FOR-US: F-Secure +CVE-2021-33600 (A denial-of-service (DoS) vulnerability was discovered in the web user ...) + NOT-FOR-US: F-Secure +CVE-2021-33599 (A vulnerability affecting F-Secure Antivirus engine was discovered whe ...) + NOT-FOR-US: F-Secure Antivirus +CVE-2021-33598 (A Denial-of-Service (DoS) vulnerability was discovered in all versions ...) + NOT-FOR-US: F-Secure +CVE-2021-33597 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) + NOT-FOR-US: F-Secure +CVE-2021-33596 (Showing the legitimate URL in the address bar while loading the conten ...) + NOT-FOR-US: F-Secure +CVE-2021-33595 (A address bar spoofing vulnerability was discovered in Safe Browser fo ...) + NOT-FOR-US: Safe Browser for iOS +CVE-2021-33594 (An address bar spoofing vulnerability was discovered in Safe Browser f ...) + NOT-FOR-US: Safe Browser for Android +CVE-2021-33593 (Whale browser for iOS before 1.14.0 has an inconsistent user interface ...) + NOT-FOR-US: Whale browser for iOS +CVE-2021-33592 (NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arb ...) + NOT-FOR-US: NAVER Toolbar +CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15 ...) + NOT-FOR-US: Naver Comic Viewer +CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...) + NOT-FOR-US: GattLib +CVE-2021-33589 + RESERVED +CVE-2021-33588 + RESERVED +CVE-2021-33587 (The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure t ...) + - node-css-what 5.0.1-1 (bug #989264) + [bullseye] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series) + [buster] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series) + [stretch] - node-css-what <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655 + NOTE: https://github.com/fb55/css-what/releases/tag/v5.0.1 +CVE-2021-33585 + RESERVED +CVE-2021-33584 + RESERVED +CVE-2021-33583 (REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa pas ...) + NOT-FOR-US: REINER +CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of s ...) + - cyrus-imapd 3.4.2-1 (bug #993433) + [bullseye] - cyrus-imapd 3.2.6-2+deb11u1 + [buster] - cyrus-imapd 3.0.8-6+deb10u6 + [stretch] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point release) + - cyrus-imapd-2.4 <removed> + NOTE: https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released + NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/0fb658f1727f4446f7f33adcc428ba4c9eeabe3e (master) + NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/f63695609c88a3f76129499bb49fb82e8155fb32 (master) + NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/833c22bd7de5bbb591c2cb3705c9983b6d2b1fee (master) +CVE-2021-33581 + RESERVED +CVE-2021-33580 (User controlled `request.getHeader("Referer")`, `request.getRequestURL ...) + NOT-FOR-US: Apache Roller +CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to co ...) + - inspircd 3.8.1-2 (bug #989144) + [buster] - inspircd <not-affected> (Vulnerable code not present) + [stretch] - inspircd <not-affected> (Vulnerable code not present) + NOTE: https://docs.inspircd.org/security/2021-01/ + NOTE: https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d +CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...) + {DLA-2742-1} + - ffmpeg 7:4.3-2 + [buster] - ffmpeg <postponed> (Wait for 4.1.9) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532 +CVE-2021-33579 + RESERVED +CVE-2021-33578 (Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities ...) + NOT-FOR-US: Echo ShareCare +CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for t ...) + NOT-FOR-US: Cleo LexiCom +CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 messag ...) + NOT-FOR-US: Cleo LexiCom +CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...) + NOT-FOR-US: ruby-jss gem +CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions 2.32 ...) + [experimental] - glibc 2.32-0experimental0 + - glibc 2.32-1 (bug #989147) + [bullseye] - glibc <no-dsa> (Minor issue) + [buster] - glibc <no-dsa> (Minor issue) + [stretch] - glibc <no-dsa> (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27896 + NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb + NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091 + NOTE: When fixing this issue the fix needs to be applied such that CVE-2021-38604 + NOTE: is not opened, CVE-2021-38604 information: + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213 + NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641 + NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8 +CVE-2021-33573 + RESERVED +CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...) + NOT-FOR-US: F-Secure +CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, ...) + {DLA-2676-1} + - python-django 2:2.2.24-1 (bug #989394) + [buster] - python-django <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1 + NOTE: https://github.com/django/django/commit/e1d787f1b36d13b95187f8f425425ae1b98da188 (main) + NOTE: https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc (2.2.24) +CVE-2021-33570 (Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG e ...) + NOT-FOR-US: Postbird +CVE-2021-33569 + RESERVED +CVE-2021-33568 + RESERVED +CVE-2021-33567 + RESERVED +CVE-2021-33566 + RESERVED +CVE-2021-33565 + RESERVED +CVE-2021-3565 (A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3 ...) + - tpm2-tools 5.0-2 (bug #989148) + [buster] - tpm2-tools <not-affected> (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964427 + NOTE: https://github.com/tpm2-software/tpm2-tools/issues/2738 + NOTE: https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515 +CVE-2021-33564 (An argument injection vulnerability in the Dragonfly gem before 1.4.0 ...) + NOT-FOR-US: Dragonfly gem +CVE-2021-33563 (Koel before 5.1.4 lacks login throttling, lacks a password strength po ...) + NOT-FOR-US: Koel +CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in Shopizer befor ...) + NOT-FOR-US: Shopizer +CVE-2021-33561 (A stored cross-site scripting (XSS) vulnerability in Shopizer before 2 ...) + NOT-FOR-US: Shopizer +CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...) + {DLA-2691-1} + - libgcrypt20 1.8.7-6 + [buster] - libgcrypt20 1.8.4-5+deb10u1 + NOTE: https://dev.gnupg.org/T5328 + NOTE: https://eprint.iacr.org/2021/923.pdf + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320 (1.9.x) + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=707c3c5c511ee70ad0e39ec613471f665305fbea (1.8.x) + NOTE: See notes on CVE-2021-40528 on the confusion about swapping of scope of + NOTE: CVE-2021-40528 and CVE-2021-33560. +CVE-2021-33559 + RESERVED +CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive information vi ...) + - boa <removed> +CVE-2021-33557 (An XSS issue was discovered in manage_custom_field_edit_page.php in Ma ...) + - mantis <removed> +CVE-2021-33556 + RESERVED +CVE-2021-33555 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename paramet ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-33554 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) + NOT-FOR-US: UDP Technology +CVE-2021-33553 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) + NOT-FOR-US: UDP Technology +CVE-2021-33552 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) + NOT-FOR-US: UDP Technology +CVE-2021-33551 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) + NOT-FOR-US: UDP Technology +CVE-2021-33550 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) + NOT-FOR-US: UDP Technology +CVE-2021-33549 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) + NOT-FOR-US: UDP Technology +CVE-2021-33548 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) + NOT-FOR-US: UDP Technology +CVE-2021-33547 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) + NOT-FOR-US: UDP Technology +CVE-2021-33546 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) + NOT-FOR-US: UDP Technology +CVE-2021-33545 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) + NOT-FOR-US: UDP Technology +CVE-2021-33544 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) + NOT-FOR-US: UDP Technology +CVE-2021-33543 (Multiple camera devices by UDP Technology, Geutebrück and other v ...) + NOT-FOR-US: UDP Technology +CVE-2021-33542 (Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 ...) + NOT-FOR-US: Phoenix +CVE-2021-33541 (Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all vers ...) + NOT-FOR-US: Phoenix +CVE-2021-33540 (In certain devices of the Phoenix Contact AXL F BK and IL BK product f ...) + NOT-FOR-US: Phoenix +CVE-2021-33539 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33538 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33537 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33536 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33535 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33534 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33533 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33532 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33531 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33530 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33529 (In Weidmueller Industrial WLAN devices in multiple versions the usage ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33528 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33527 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged lo ...) + NOT-FOR-US: MB connect line +CVE-2021-33526 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged lo ...) + NOT-FOR-US: MB connect line +CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (b ...) + NOT-FOR-US: EyesOfNetwork (EON) eonweb +CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI device in ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1 +CVE-2021-33524 + RESERVED +CVE-2021-33523 + RESERVED +CVE-2021-33522 + RESERVED +CVE-2021-33521 + RESERVED +CVE-2021-33520 + RESERVED +CVE-2021-33519 + RESERVED +CVE-2021-33518 + RESERVED +CVE-2021-33517 + RESERVED +CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x befo ...) + [experimental] - gupnp 1.2.7-1 + - gupnp <unfixed> (bug #989098) + [bullseye] - gupnp <no-dsa> (Minor issue) + [buster] - gupnp <no-dsa> (Minor issue) + [stretch] - gupnp <no-dsa> (Minor issue) + NOTE: https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 + NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/issues/24 + NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/05e964d48322ff23a65c6026d656e4494ace6ff9 (gupnp-1.0) + NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac (master) +CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows STARTTLS comman ...) + - dovecot 1:2.3.13+dfsg1-2 (bug #990566) + [bullseye] - dovecot <postponed> (Minor issue, fix along with next update) + [buster] - dovecot <postponed> (Minor issue, fix along with next update) + [stretch] - dovecot <not-affected> (Vulnerable code (smtp_server_command queue) introduced later) + NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html + NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/2 +CVE-2021-33514 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-33513 (Plone through 5.2.4 allows XSS via the inline_diff methods in Products ...) + NOT-FOR-US: Plone +CVE-2021-33512 (Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by up ...) + NOT-FOR-US: Plone +CVE-2021-33511 (Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo ...) + NOT-FOR-US: Plone +CVE-2021-33510 (Plone through 5.2.4 allows remote authenticated managers to conduct SS ...) + NOT-FOR-US: Plone +CVE-2021-33509 (Plone through 5.2.4 allows remote authenticated managers to perform di ...) + NOT-FOR-US: Plone +CVE-2021-33508 (Plone through 5.2.4 allows XSS via a full name that is mishandled duri ...) + NOT-FOR-US: Plone +CVE-2021-33507 (Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService b ...) + NOT-FOR-US: Zope Products.CMFCore (as used in Plone) +CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure tha ...) + NOT-FOR-US: jitsi-meet-prosody +CVE-2021-33505 (A local malicious user can circumvent the Falco detection engine throu ...) + - falco <itp> (bug #842306) +CVE-2021-33504 + RESERVED +CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When provided with a ...) + - python-urllib3 1.26.5-1~exp1 (bug #989848) + [buster] - python-urllib3 <no-dsa> (Minor issue) + [stretch] - python-urllib3 <ignored> (Intrusive to backport) + NOTE: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg + NOTE: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec +CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...) + - node-got 11.8.1+~cs53.13.17-3 (bug #989258) + [buster] - node-got <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1 + NOTE: https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103 +CVE-2021-33501 (Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Exec ...) + NOT-FOR-US: Overwolf +CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...) + - putty <not-affected> (Windows-specific) +CVE-2021-33499 (Pexip Infinity before 26 allows remote denial of service because of mi ...) + NOT-FOR-US: Pexip Infinity +CVE-2021-33498 (Pexip Infinity before 26 allows remote denial of service because of mi ...) + NOT-FOR-US: Pexip Infinity +CVE-2021-3563 + RESERVED + - keystone <unfixed> (bug #989998) + [bullseye] - keystone <no-dsa> (Minor issue) + [buster] - keystone <no-dsa> (Minor issue) + [stretch] - keystone <end-of-life> (Keystone is not supported in stretch) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1962908 + NOTE: https://bugs.launchpad.net/keystone/+bug/1901891 +CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for de ...) + NOT-FOR-US: Dutchcoders transfer.sh +CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. ...) + NOT-FOR-US: Dutchcoders transfer.sh +CVE-2021-33495 (OX App Suite 7.10.5 allows XSS via an OX Chat system message. ...) + NOT-FOR-US: OX App Suite +CVE-2021-33494 (OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing ...) + NOT-FOR-US: OX App Suite +CVE-2021-33493 (The middleware component in OX App Suite through 7.10.5 allows Code In ...) + NOT-FOR-US: OX App Suite +CVE-2021-33492 (OX App Suite 7.10.5 allows XSS via an OX Chat room name. ...) + NOT-FOR-US: OX App Suite +CVE-2021-33491 (OX App Suite through 7.10.5 allows Directory Traversal via ../ in an O ...) + NOT-FOR-US: OX App Suite +CVE-2021-33490 (OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shar ...) + NOT-FOR-US: OX App Suite +CVE-2021-33489 (OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared ...) + NOT-FOR-US: OX App Suite +CVE-2021-33488 (chat in OX App Suite 7.10.5 has Improper Input Validation. A user can ...) + NOT-FOR-US: OX App Suite +CVE-2021-33487 + RESERVED +CVE-2021-33486 (All versions of the CODESYS V3 Runtime Toolkit for VxWorks from versio ...) + NOT-FOR-US: CODESYS V3 Runtime Toolkit for VxWorks +CVE-2021-33485 (CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffe ...) + NOT-FOR-US: CODESYS Control Runtime +CVE-2021-3562 + RESERVED +CVE-2021-33484 (An issue was discovered in CommentsService.ashx in OnyakTech Comments ...) + NOT-FOR-US: OnyakTech Comments Pro DNN Module +CVE-2021-33483 (An issue was discovered in CommentsService.ashx in OnyakTech Comments ...) + NOT-FOR-US: OnyakTech Comments Pro DNN Module +CVE-2021-33482 + RESERVED +CVE-2021-33478 (The TrustZone implementation in certain Broadcom MediaxChange firmware ...) + NOT-FOR-US: Broadcom +CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bound ...) + {DLA-2778-1} + - fig2dev 1:3.2.8-3 + [buster] - fig2dev 1:3.2.7a-5+deb10u4 + - transfig <removed> + NOTE: https://sourceforge.net/p/mcj/tickets/116/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/ + NOTE: Depends on CVE-2019-19797 fix +CVE-2021-3560 (It was found that polkit could be tricked into bypassing the credentia ...) + - policykit-1 0.105-31 (bug #989429) + [buster] - policykit-1 <not-affected> (Vulnerable code introduced later) + [stretch] - policykit-1 <not-affected> (Vulnerable code introduced later) + NOTE: Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38 + NOTE: Debian backported 0.113 commits in 0.105-26 + NOTE: Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 (0.119) + NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1961710 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/03/1 + NOTE: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/ +CVE-2021-33476 + RESERVED +CVE-2021-33475 + RESERVED +CVE-2021-33474 + RESERVED +CVE-2021-33473 + RESERVED +CVE-2021-33472 + RESERVED +CVE-2021-33471 + RESERVED +CVE-2021-33470 (COVID19 Testing Management System 1.0 is vulnerable to SQL Injection v ...) + NOT-FOR-US: COVID19 Testing Management System +CVE-2021-33469 (COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scri ...) + NOT-FOR-US: COVID19 Testing Management System +CVE-2021-33468 + RESERVED +CVE-2021-33467 + RESERVED +CVE-2021-33466 + RESERVED +CVE-2021-33465 + RESERVED +CVE-2021-33464 + RESERVED +CVE-2021-33463 + RESERVED +CVE-2021-33462 + RESERVED +CVE-2021-33461 + RESERVED +CVE-2021-33460 + RESERVED +CVE-2021-33459 + RESERVED +CVE-2021-33458 + RESERVED +CVE-2021-33457 + RESERVED +CVE-2021-33456 + RESERVED +CVE-2021-33455 + RESERVED +CVE-2021-33454 + RESERVED +CVE-2021-33453 + RESERVED +CVE-2021-33452 + RESERVED +CVE-2021-33451 + RESERVED +CVE-2021-33450 + RESERVED +CVE-2021-33449 + RESERVED +CVE-2021-33448 + RESERVED +CVE-2021-33447 + RESERVED +CVE-2021-33446 + RESERVED +CVE-2021-33445 + RESERVED +CVE-2021-33444 + RESERVED +CVE-2021-33443 + RESERVED +CVE-2021-33442 + RESERVED +CVE-2021-33441 + RESERVED +CVE-2021-33440 + RESERVED +CVE-2021-33439 + RESERVED +CVE-2021-33438 + RESERVED +CVE-2021-33437 + RESERVED +CVE-2021-33436 + RESERVED +CVE-2021-33435 + RESERVED +CVE-2021-33434 + RESERVED +CVE-2021-33433 + RESERVED +CVE-2021-33432 + RESERVED +CVE-2021-33431 + RESERVED +CVE-2021-33430 (** DISPUTED ** A Buffer Overflow vulnerability exists in NumPy 1.9.x i ...) + - numpy 1:1.21.4-2 + [bullseye] - numpy <no-dsa> (Minor issue) + NOTE: https://github.com/numpy/numpy/issues/18939 + NOTE: https://github.com/numpy/numpy/pull/18989 + NOTE: https://github.com/numpy/numpy/commit/16f7824b4d935b6aee98298ca4123d57174a6f2e (v1.22.0.dev0) +CVE-2021-33429 + RESERVED +CVE-2021-33428 + RESERVED +CVE-2021-33427 + RESERVED +CVE-2021-33426 + RESERVED +CVE-2021-33425 (A stored cross-site scripting (XSS) vulnerability was discovered in th ...) + NOT-FOR-US: OpenWRT LuCI +CVE-2021-33424 + RESERVED +CVE-2021-33423 + RESERVED +CVE-2021-33422 + RESERVED +CVE-2021-33421 + RESERVED +CVE-2021-33420 + RESERVED +CVE-2021-33419 + RESERVED +CVE-2021-33418 + RESERVED +CVE-2021-33417 + RESERVED +CVE-2021-33416 + RESERVED +CVE-2021-33415 + RESERVED +CVE-2021-33414 + RESERVED +CVE-2021-33413 + RESERVED +CVE-2021-33412 + RESERVED +CVE-2021-33411 + RESERVED +CVE-2021-33410 + RESERVED +CVE-2021-33409 + RESERVED +CVE-2021-33408 (Local File Inclusion vulnerability in Ab Initio Control>Center befo ...) + NOT-FOR-US: Ab Initio +CVE-2021-33407 + RESERVED +CVE-2021-33406 + RESERVED +CVE-2021-33405 + RESERVED +CVE-2021-33404 + RESERVED +CVE-2021-33403 (An integer overflow in the transfer function of a smart contract imple ...) + NOT-FOR-US: Lancer +CVE-2021-33402 + RESERVED +CVE-2021-33401 + RESERVED +CVE-2021-33400 + RESERVED +CVE-2021-33399 + RESERVED +CVE-2021-33398 + RESERVED +CVE-2021-33397 + RESERVED +CVE-2021-33396 + RESERVED +CVE-2021-33395 + RESERVED +CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does not gener ...) + NOT-FOR-US: Cubecart +CVE-2021-33393 (lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/bac ...) + NOT-FOR-US: IPFire +CVE-2021-33392 + RESERVED +CVE-2021-33391 + RESERVED +CVE-2021-33390 + RESERVED +CVE-2021-33389 + RESERVED +CVE-2021-33388 + RESERVED +CVE-2021-33387 + RESERVED +CVE-2021-33386 + RESERVED +CVE-2021-33385 + RESERVED +CVE-2021-33384 + RESERVED +CVE-2021-33383 + RESERVED +CVE-2021-33382 + RESERVED +CVE-2021-33381 + RESERVED +CVE-2021-33380 + RESERVED +CVE-2021-33379 + RESERVED +CVE-2021-33378 + RESERVED +CVE-2021-33377 + RESERVED +CVE-2021-33376 + RESERVED +CVE-2021-33375 + RESERVED +CVE-2021-33374 + RESERVED +CVE-2021-33373 + RESERVED +CVE-2021-33372 + RESERVED +CVE-2021-33371 + RESERVED +CVE-2021-33370 + RESERVED +CVE-2021-33369 + RESERVED +CVE-2021-33368 + RESERVED +CVE-2021-33367 + RESERVED +CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ...) + - gpac <unfixed> (unimportant) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/0a85029d694f992f3631e2f249e4999daee15cbf + NOTE: https://github.com/gpac/gpac/issues/1785 + NOTE: Negligible security impact +CVE-2021-33365 (Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0. ...) + - gpac <unfixed> (unimportant) + NOTE: https://github.com/gpac/gpac/commit/984787de3d414a5f7d43d0b4584d9469dff2a5a5 + NOTE: https://github.com/gpac/gpac/issues/1784 + NOTE: Negligible security impact +CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 ...) + - gpac <unfixed> (unimportant) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7 + NOTE: https://github.com/gpac/gpac/issues/1783 + NOTE: Negligible security impact +CVE-2021-33363 (Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allo ...) + - gpac <unfixed> (unimportant) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/ec64c7b8966d7e4642d12debb888be5acf18efb9 + NOTE: https://github.com/gpac/gpac/issues/1786 + NOTE: Negligible security impact +CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function in MP4B ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + [stretch] - gpac <ignored> (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor <no-dsa> (Minor issue) + [buster] - ccextractor <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d + NOTE: https://github.com/gpac/gpac/issues/1780 +CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...) + - gpac <unfixed> (unimportant) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/a51f951b878c2b73c1d8e2f1518c7cdc5fb82c3f + NOTE: https://github.com/gpac/gpac/issues/1782 + NOTE: Negligible security impact +CVE-2021-33360 + RESERVED +CVE-2021-33359 (A vulnerability exists in gowitness < 2.3.6 that allows an unauthen ...) + NOT-FOR-US: gowitness +CVE-2021-33358 (Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interfac ...) + NOT-FOR-US: RaspAP +CVE-2021-33357 (A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET param ...) + NOT-FOR-US: RaspAP +CVE-2021-33356 (Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 c ...) + NOT-FOR-US: RaspAP +CVE-2021-33355 + RESERVED +CVE-2021-33354 + RESERVED +CVE-2021-33353 + RESERVED +CVE-2021-33352 + RESERVED +CVE-2021-33351 + RESERVED +CVE-2021-33350 + RESERVED +CVE-2021-33349 + RESERVED +CVE-2021-33348 (An issue was discovered in JFinal framework v4.9.10 and below. The "se ...) + NOT-FOR-US: JFinal +CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are XSS vuln ...) + NOT-FOR-US: JPress +CVE-2021-33346 (There is an arbitrary password modification vulnerability in a D-LINK ...) + NOT-FOR-US: D-LINK +CVE-2021-33345 + RESERVED +CVE-2021-33344 + RESERVED +CVE-2021-33343 + RESERVED +CVE-2021-33342 + RESERVED +CVE-2021-33341 + RESERVED +CVE-2021-33340 + RESERVED +CVE-2021-33339 (Cross-site scripting (XSS) vulnerability in the Fragment module in Lif ...) + NOT-FOR-US: Liferay +CVE-2021-33338 (The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay D ...) + NOT-FOR-US: Liferay +CVE-2021-33337 (Cross-site scripting (XSS) vulnerability in the Document Library modul ...) + NOT-FOR-US: Liferay +CVE-2021-33336 (Cross-site scripting (XSS) vulnerability in the Journal module's add a ...) + NOT-FOR-US: Liferay +CVE-2021-33335 (Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3 ...) + NOT-FOR-US: Liferay +CVE-2021-33334 (The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, ...) + NOT-FOR-US: Liferay +CVE-2021-33333 (The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Li ...) + NOT-FOR-US: Liferay +CVE-2021-33332 (Cross-site scripting (XSS) vulnerability in the Portlet Configuration ...) + NOT-FOR-US: Liferay +CVE-2021-33331 (Open redirect vulnerability in the Notifications module in Liferay Por ...) + NOT-FOR-US: Liferay +CVE-2021-33330 (Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pac ...) + NOT-FOR-US: Liferay +CVE-2021-33329 + RESERVED +CVE-2021-33328 (Cross-site scripting (XSS) vulnerability in the Asset module's edit vo ...) + NOT-FOR-US: Liferay +CVE-2021-33327 (The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3 ...) + NOT-FOR-US: Liferay +CVE-2021-33326 (Cross-site scripting (XSS) vulnerability in the Frontend JS module in ...) + NOT-FOR-US: Liferay +CVE-2021-33325 (The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Li ...) + NOT-FOR-US: Liferay +CVE-2021-33324 (The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay D ...) + NOT-FOR-US: Liferay +CVE-2021-33323 (The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, ...) + NOT-FOR-US: Liferay +CVE-2021-33322 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pa ...) + NOT-FOR-US: Liferay +CVE-2021-33321 (Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, ...) + NOT-FOR-US: Liferay +CVE-2021-33320 (The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP ...) + NOT-FOR-US: Liferay +CVE-2021-33319 + RESERVED +CVE-2021-33318 + RESERVED +CVE-2021-33317 + RESERVED +CVE-2021-33316 + RESERVED +CVE-2021-33315 + RESERVED +CVE-2021-33314 + RESERVED +CVE-2021-33313 + RESERVED +CVE-2021-33312 + RESERVED +CVE-2021-33311 + RESERVED +CVE-2021-33310 + RESERVED +CVE-2021-33309 + RESERVED +CVE-2021-33308 + RESERVED +CVE-2021-33307 + RESERVED +CVE-2021-33306 + RESERVED +CVE-2021-33305 + RESERVED +CVE-2021-33304 + RESERVED +CVE-2021-33303 + RESERVED +CVE-2021-33302 + RESERVED +CVE-2021-33301 + RESERVED +CVE-2021-33300 + RESERVED +CVE-2021-33299 + RESERVED +CVE-2021-33298 + RESERVED +CVE-2021-33297 + RESERVED +CVE-2021-33296 + RESERVED +CVE-2021-33295 + RESERVED +CVE-2021-33294 + RESERVED +CVE-2021-33293 + RESERVED +CVE-2021-33292 + RESERVED +CVE-2021-33291 + RESERVED +CVE-2021-33290 + RESERVED +CVE-2021-33289 (In NTFS-3G versions < 2021.8.22, when a specially crafted MFT secti ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-33288 + RESERVED +CVE-2021-33287 (In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attrib ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-33286 (In NTFS-3G versions < 2021.8.22, when a specially crafted unicode s ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-33285 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attr ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-33284 + RESERVED +CVE-2021-33283 + RESERVED +CVE-2021-33282 + RESERVED +CVE-2021-33281 + RESERVED +CVE-2021-33280 + RESERVED +CVE-2021-33279 + RESERVED +CVE-2021-33278 + RESERVED +CVE-2021-33277 + RESERVED +CVE-2021-33276 + RESERVED +CVE-2021-33275 + RESERVED +CVE-2021-33274 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33273 + RESERVED +CVE-2021-33272 + RESERVED +CVE-2021-33271 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33270 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33269 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33268 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33267 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33266 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33265 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33264 + RESERVED +CVE-2021-33263 + RESERVED +CVE-2021-33262 + RESERVED +CVE-2021-33261 + RESERVED +CVE-2021-33260 + RESERVED +CVE-2021-33259 (Several web interfaces in D-Link DIR-868LW 1.12b have no authenticatio ...) + NOT-FOR-US: D-Link +CVE-2021-33258 + RESERVED +CVE-2021-33257 + RESERVED +CVE-2021-33256 (** DISPUTED ** A CSV injection vulnerability on the login panel of Man ...) + NOT-FOR-US: ManageEngine +CVE-2021-33255 + RESERVED +CVE-2021-33254 + RESERVED +CVE-2021-33253 + RESERVED +CVE-2021-33252 + RESERVED +CVE-2021-33251 + RESERVED +CVE-2021-33250 + RESERVED +CVE-2021-33249 + RESERVED +CVE-2021-33248 + RESERVED +CVE-2021-33247 + RESERVED +CVE-2021-33246 + RESERVED +CVE-2021-33245 + RESERVED +CVE-2021-33244 + RESERVED +CVE-2021-33243 + RESERVED +CVE-2021-33242 + RESERVED +CVE-2021-33241 + RESERVED +CVE-2021-33240 + RESERVED +CVE-2021-33239 + RESERVED +CVE-2021-33238 + RESERVED +CVE-2021-33237 + RESERVED +CVE-2021-33236 + RESERVED +CVE-2021-33235 + RESERVED +CVE-2021-33234 + RESERVED +CVE-2021-33233 + RESERVED +CVE-2021-33232 + RESERVED +CVE-2021-33231 + RESERVED +CVE-2021-33230 + RESERVED +CVE-2021-33229 + RESERVED +CVE-2021-33228 + RESERVED +CVE-2021-33227 + RESERVED +CVE-2021-33226 + RESERVED +CVE-2021-33225 + RESERVED +CVE-2021-33224 + RESERVED +CVE-2021-33223 + RESERVED +CVE-2021-33222 + RESERVED +CVE-2021-33221 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33220 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33219 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33218 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33217 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33216 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33215 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33214 (In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could ...) + NOT-FOR-US: HMS Ewon eCatcher +CVE-2021-33213 (An SSRF vulnerability in the "Upload from URL" feature in Elements-IT ...) + NOT-FOR-US: Elements-IT HTTP Commander +CVE-2021-33212 (A Cross-site scripting (XSS) vulnerability in the "View in Browser" fe ...) + NOT-FOR-US: Elements-IT HTTP Commander +CVE-2021-33211 (A Directory Traversal vulnerability in the Unzip feature in Elements-I ...) + NOT-FOR-US: Elements-IT HTTP Commander +CVE-2021-33210 (An issue was discovered in Fimer Aurora Vision before 2.97.10. An atta ...) + NOT-FOR-US: Fimer Aurora +CVE-2021-33209 (An issue was discovered in Fimer Aurora Vision before 2.97.10. The res ...) + NOT-FOR-US: Fimer Aurora +CVE-2021-33208 + RESERVED +CVE-2021-33207 + RESERVED +CVE-2021-33206 + RESERVED +CVE-2021-33205 (Western Digital EdgeRover before 0.25 has an escalation of privileges ...) + NOT-FOR-US: Western Digital +CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...) + - libvirt <not-affected> (Vulnerable code never in a released version) + NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a (v7.0.0-rc1) + NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/f1b08901f7ae7557f79d83bdac33cc0bd79d1437 (v6.10.0-rc1) +CVE-2021-3558 + RESERVED + - moodle <removed> +CVE-2021-3557 (A flaw was found in argocd. Any unprivileged user is able to deploy ar ...) + NOT-FOR-US: Argo CD +CVE-2021-3556 + REJECTED +CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.5.1 fo ...) + - pg-partman 4.5.1-1 (bug #988917) + [buster] - pg-partman <no-dsa> (Minor issue) + [stretch] - pg-partman <no-dsa> (Minor issue) + NOTE: https://github.com/pgpartman/pg_partman/commit/0b6565ad378c358f8a6cd1d48ddc482eb7f854d3 +CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a ...) + {DLA-2676-1} + - python-django 2:2.2.24-1 (bug #989394) + [buster] - python-django <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1 + NOTE: https://github.com/django/django/commit/46572de2e92fdeaf047f80c44d52269e54ad68db (main) + NOTE: https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90 (2.2.24) +CVE-2021-33202 + RESERVED +CVE-2021-33201 + RESERVED +CVE-2021-33200 (kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces inco ...) + - linux 5.10.40-1 + [buster] - linux <not-affected> (Vulnerable code not present) + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/27/1 + NOTE: Issue introduced due to fixes applied for CVE-2021-29155 +CVE-2021-33199 (In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.p ...) + NOT-FOR-US: Expression Engine +CVE-2021-33198 (In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic fo ...) + - golang-1.16 1.16.5-1 + - golang-1.15 1.15.9-5 + - golang-1.11 <removed> + - golang-1.8 <removed> + [stretch] - golang-1.8 <not-affected> (Vulnerable code introduced later) + - golang-1.7 <removed> + [stretch] - golang-1.7 <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/golang/go/issues/45910 + NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI + NOTE: Introduced by https://github.com/golang/go/commit/e4ba40030f9ba4b61bb28dbf78bb41a7b14e6788 (go1.13beta1) +CVE-2021-33197 (In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ...) + - golang-1.16 1.16.5-1 + - golang-1.15 1.15.9-5 + - golang-1.11 <removed> + [buster] - golang-1.11 <no-dsa> (Minor issue) + - golang-1.8 <removed> + [stretch] - golang-1.8 <postponed> (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies) + - golang-1.7 <removed> + [stretch] - golang-1.7 <postponed> (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies) + NOTE: https://github.com/golang/go/issues/46313 + NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI + NOTE: https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76 (1.15) +CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafte ...) + {DLA-2892-1 DLA-2891-1} + - golang-1.16 1.16.5-1 (bug #989492) + - golang-1.15 1.15.9-4 + - golang-1.11 <removed> + [buster] - golang-1.11 <no-dsa> (Minor issue) + - golang-1.8 <removed> + - golang-1.7 <removed> + NOTE: https://github.com/golang/go/issues/46242 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912 + NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI + NOTE: https://github.com/golang/go/commit/c92adf420a3d9a5510f9aea382d826f0c9216a10 (1.15) + NOTE: Incomplete fix, cf. CVE-2021-39293 +CVE-2021-33195 (Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS looku ...) + - golang-1.16 1.16.5-1 + - golang-1.15 1.15.9-5 + [bullseye] - golang-1.15 <no-dsa> (Minor issue; will be fixed via point release) + - golang-1.11 <removed> + [buster] - golang-1.11 <no-dsa> (Minor issue) + - golang-1.8 <removed> + [stretch] - golang-1.8 <postponed> (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies) + - golang-1.7 <removed> + [stretch] - golang-1.7 <postponed> (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies) + NOTE: https://github.com/golang/go/issues/46241 + NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI + NOTE: https://github.com/golang/go/commit/31d60cda1f58b7558fc5725d2b9e4531655d980e (1.15) +CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ...) + - golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-4 + - golang-golang-x-net-dev <removed> + [stretch] - golang-golang-x-net-dev <no-dsa> (Limited support in stretch) + NOTE: https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ + NOTE: https://github.com/golang/go/issues/46288 + TODO: check completeness +CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and be for ...) + - apache2 2.4.48-4 + [bullseye] - apache2 2.4.48-3.1+deb11u1 + [buster] - apache2 <postponed> (Revisit when a suitable backport is available for 2.4.38) + [stretch] - apache2 <postponed> (Revisit when a suitable backport is available for 2.4.25) + NOTE: https://portswigger.net/research/http2 + NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-33193 +CVE-2021-33192 (A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ...) + NOT-FOR-US: Apache Jena Fuseki +CVE-2021-33191 (From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements a ...) + NOT-FOR-US: Apache NiFi +CVE-2021-33190 (In Apache APISIX Dashboard version 2.6, we changed the default value o ...) + NOT-FOR-US: Apache APISIX Dashboard +CVE-2021-33481 (A stack-based buffer overflow vulnerability was discovered in gocr thr ...) + - gocr <unfixed> (unimportant) + NOTE: https://sourceforge.net/p/jocr/bugs/42/ + NOTE: Crash in CLI tool, no security impact +CVE-2021-33480 (An use-after-free vulnerability was discovered in gocr through 0.53-20 ...) + - gocr <unfixed> (unimportant) + NOTE: https://sourceforge.net/p/jocr/bugs/40/ + NOTE: https://sourceforge.net/p/jocr/bugs/41/ + NOTE: Crash in CLI tool, no security impact +CVE-2021-33479 (A stack-based buffer overflow vulnerability was discovered in gocr thr ...) + - gocr <unfixed> (unimportant) + NOTE: https://sourceforge.net/p/jocr/bugs/39/ + NOTE: Crash in CLI tool, no security impact +CVE-2021-33477 (rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (po ...) + {DLA-2683-1 DLA-2682-1 DLA-2681-1 DLA-2671-1} + - rxvt <removed> + - rxvt-unicode 9.22-11 (bug #988763) + [buster] - rxvt-unicode 9.22-6+deb10u1 + - mrxvt <removed> + - eterm 0.9.6-6.1 (bug #989041) + [buster] - eterm 0.9.6-5+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/17/1 + NOTE: Mentioned first in: https://www.openwall.com/lists/oss-security/2017/05/01/20 + NOTE: Fixed by: http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583 + NOTE: Disabled problematic code in: http://cvs.schmorp.de/rxvt-unicode/src/command.C?view=log#rev1.585 +CVE-2021-33189 + RESERVED +CVE-2021-33188 + RESERVED +CVE-2021-33187 + RESERVED +CVE-2021-3555 + RESERVED +CVE-2021-33186 (SerenityOS in test-crypto.cpp contains a stack buffer overflow which c ...) + NOT-FOR-US: SerenityOS +CVE-2021-33185 (SerenityOS contains a buffer overflow in the set_range test in TestBit ...) + NOT-FOR-US: SerenityOS +CVE-2021-33184 (Server-Side request forgery (SSRF) vulnerability in task management co ...) + NOT-FOR-US: Synology +CVE-2021-33183 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2021-33182 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2021-33181 (Server-Side Request Forgery (SSRF) vulnerability in webapi component i ...) + NOT-FOR-US: Synology +CVE-2021-33180 (Improper neutralization of special elements used in an SQL command ('S ...) + NOT-FOR-US: Synology +CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...) + NOT-FOR-US: Nagios XI +CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions prior to 1 ...) + - nagvis 1:1.9.29-1 + [bullseye] - nagvis <no-dsa> (Minor issue) + [buster] - nagvis <no-dsa> (Minor issue) + [stretch] - nagvis <no-dsa> (Minor issue) + TODO: check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/ +CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...) + NOT-FOR-US: Nagios XI +CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...) + NOT-FOR-US: VerneMQ MQTT Broker +CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of ser ...) + NOT-FOR-US: EMQ X Broker +CVE-2021-33174 + RESERVED +CVE-2021-33173 + RESERVED +CVE-2021-33172 + RESERVED +CVE-2021-33171 + RESERVED +CVE-2021-33170 + RESERVED +CVE-2021-33169 + RESERVED +CVE-2021-33168 + RESERVED +CVE-2021-33167 + RESERVED +CVE-2021-33166 (Incorrect default permissions for the Intel(R) RXT for Chromebook appl ...) + NOT-FOR-US: Intel +CVE-2021-33165 + RESERVED +CVE-2021-33164 + RESERVED +CVE-2021-33163 + RESERVED +CVE-2021-33162 + RESERVED +CVE-2021-33161 + RESERVED +CVE-2021-33160 + RESERVED +CVE-2021-33159 + RESERVED +CVE-2021-33158 + RESERVED +CVE-2021-33157 + RESERVED +CVE-2021-33156 + RESERVED +CVE-2021-33155 (Improper input validation in firmware for some Intel(R) Wireless Bluet ...) + - firmware-nonfree <undetermined> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00604.html + TODO: check in which firmware versions fixed +CVE-2021-33154 + RESERVED +CVE-2021-33153 + RESERVED +CVE-2021-33152 + RESERVED +CVE-2021-33151 + RESERVED +CVE-2021-33150 + RESERVED +CVE-2021-33149 + RESERVED +CVE-2021-33148 + RESERVED +CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library before ve ...) + NOT-FOR-US: Intel +CVE-2021-33146 + RESERVED +CVE-2021-33145 + RESERVED +CVE-2021-33144 + RESERVED +CVE-2021-33143 + RESERVED +CVE-2021-33142 + RESERVED +CVE-2021-33141 + RESERVED +CVE-2021-33140 + RESERVED +CVE-2021-33139 (Improper conditions check in firmware for some Intel(R) Wireless Bluet ...) + - firmware-nonfree <undetermined> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00604.html + TODO: check in which firmware versions fixed +CVE-2021-33138 + RESERVED +CVE-2021-33137 (Out-of-bounds write in the Intel(R) Kernelflinger project may allow an ...) + NOT-FOR-US: Intel +CVE-2021-33136 + RESERVED +CVE-2021-33135 + RESERVED +CVE-2021-33134 + RESERVED +CVE-2021-33133 + RESERVED +CVE-2021-33132 + RESERVED +CVE-2021-33131 + RESERVED +CVE-2021-33130 + RESERVED +CVE-2021-33129 (Incorrect default permissions in the software installer for the Intel( ...) + NOT-FOR-US: Intel +CVE-2021-33128 + RESERVED +CVE-2021-33127 + RESERVED +CVE-2021-33126 + RESERVED +CVE-2021-33125 + RESERVED +CVE-2021-33124 + RESERVED +CVE-2021-33123 + RESERVED +CVE-2021-33122 + RESERVED +CVE-2021-33121 + RESERVED +CVE-2021-33120 (Out of bounds read under complex microarchitectural condition in memor ...) + - intel-microcode <unfixed> + [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release) + [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00589.html +CVE-2021-33119 (Improper access control in the Intel(R) RealSense(TM) DCM before versi ...) + NOT-FOR-US: Intel +CVE-2021-33118 (Improper access control in the software installer for the Intel(R) Ser ...) + NOT-FOR-US: Intel +CVE-2021-33117 + RESERVED +CVE-2021-33116 + RESERVED +CVE-2021-33115 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in UE ...) + NOT-FOR-US: Intel +CVE-2021-33114 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...) + NOT-FOR-US: Intel +CVE-2021-33113 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...) + NOT-FOR-US: Intel +CVE-2021-33112 + RESERVED +CVE-2021-33111 + RESERVED +CVE-2021-33110 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...) + NOT-FOR-US: Intel +CVE-2021-33109 + RESERVED +CVE-2021-33108 + RESERVED +CVE-2021-33107 (Insufficiently protected credentials in USB provisioning for Intel(R) ...) + NOT-FOR-US: Intel +CVE-2021-33106 (Integer overflow in the Safestring library maintained by Intel(R) may ...) + NOT-FOR-US: Intel +CVE-2021-33105 (Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM ...) + NOT-FOR-US: Intel +CVE-2021-33104 + RESERVED +CVE-2021-33103 + RESERVED +CVE-2021-33102 + RESERVED +CVE-2021-33101 (Uncontrolled search path in the Intel(R) GPA software before version 2 ...) + NOT-FOR-US: Intel +CVE-2021-33100 + RESERVED +CVE-2021-33099 + RESERVED +CVE-2021-33098 (Improper input validation in the Intel(R) Ethernet ixgbe driver for Li ...) + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/63e39d29b3da02e901349f6cd71159818a4737a6 (5.13-rc4) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00555.html +CVE-2021-33097 (Time-of-check time-of-use vulnerability in the Crypto API Toolkit for ...) + NOT-FOR-US: Intel +CVE-2021-33096 (Improper isolation of shared resources in network on chip for the Inte ...) + NOT-FOR-US: Intel +CVE-2021-33095 (Unquoted search path in the installer for the Intel(R) NUC M15 Laptop ...) + NOT-FOR-US: Intel +CVE-2021-33094 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...) + NOT-FOR-US: Intel +CVE-2021-33093 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...) + NOT-FOR-US: Intel +CVE-2021-33092 (Incorrect default permissions in the installer for the Intel(R) NUC M1 ...) + NOT-FOR-US: Intel +CVE-2021-33091 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...) + NOT-FOR-US: Intel +CVE-2021-33090 (Incorrect default permissionsin the software installer for the Intel(R ...) + NOT-FOR-US: Intel +CVE-2021-33089 (Improper access control in the software installer for the Intel(R) NUC ...) + NOT-FOR-US: Intel +CVE-2021-33088 (Incorrect default permissions in the installer for the Intel(R) NUC M1 ...) + NOT-FOR-US: Intel +CVE-2021-33087 (Improper authentication in the installer for the Intel(R) NUC M15 Lapt ...) + NOT-FOR-US: Intel +CVE-2021-33086 (Out-of-bounds write in firmware for some Intel(R) NUCs may allow an au ...) + NOT-FOR-US: Intel +CVE-2021-33085 + RESERVED +CVE-2021-33084 + RESERVED +CVE-2021-33083 + RESERVED +CVE-2021-33082 + RESERVED +CVE-2021-33081 + RESERVED +CVE-2021-33080 + RESERVED +CVE-2021-33079 + RESERVED +CVE-2021-33078 + RESERVED +CVE-2021-33077 + RESERVED +CVE-2021-33076 + RESERVED +CVE-2021-33075 + RESERVED +CVE-2021-33074 + RESERVED +CVE-2021-33073 (Uncontrolled resource consumption in the Intel(R) Distribution of Open ...) + NOT-FOR-US: Intel +CVE-2021-33072 + RESERVED +CVE-2021-33071 (Incorrect default permissions in the installer for the Intel(R) oneAPI ...) + NOT-FOR-US: Intel +CVE-2021-33070 + RESERVED +CVE-2021-33069 + RESERVED +CVE-2021-33068 (Null pointer dereference in subsystem for Intel(R) AMT before versions ...) + NOT-FOR-US: Intel +CVE-2021-33067 + RESERVED +CVE-2021-33066 + RESERVED +CVE-2021-33065 + RESERVED +CVE-2021-33064 + RESERVED +CVE-2021-33063 (Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP ...) + NOT-FOR-US: Intel +CVE-2021-33062 (Incorrect default permissions in the software installer for the Intel( ...) + NOT-FOR-US: Intel +CVE-2021-33061 (Insufficient control flow management for the Intel(R) 82599 Ethernet C ...) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00571.html + TODO: check, might affect the src:linux ixgbe driver +CVE-2021-33060 + RESERVED +CVE-2021-33059 (Improper input validation in the Intel(R) Administrative Tools for Int ...) + NOT-FOR-US: Intel +CVE-2021-33058 (Improper access control in the installer Intel(R)Administrative Tools ...) + NOT-FOR-US: Intel +CVE-2021-33057 + RESERVED +CVE-2021-33056 (Belledonne Belle-sip before 4.5.20, as used in Linphone and other prod ...) + NOT-FOR-US: Belledonne Belle-sip +CVE-2021-33055 (Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticat ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ...) + {DSA-5029-1 DLA-2707-1} + - sogo 5.1.1-1 (bug #989479) + NOTE: https://www.sogo.nu/news/2021/saml-vulnerability.html + NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html + NOTE: https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html + NOTE: https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html + NOTE: Introduced by: https://github.com/inverse-inc/sogo/commit/5487f34b9ee9b9639e3f1d4a7abf4fad2d240d66 (SOGo-2.0.5) + NOTE: Fixed by: https://github.com/inverse-inc/sogo/commit/e53636564680ac0df11ec898304bc442908ba746 (SOGo-5.1.1) + NOTE: CVE is assigned for the SOGo vulnerability regarding the lasso usage. +CVE-2021-33053 + RESERVED +CVE-2021-33052 + RESERVED +CVE-2021-33051 + RESERVED +CVE-2021-33050 + RESERVED +CVE-2021-33049 + RESERVED +CVE-2021-33048 + RESERVED +CVE-2021-33047 + RESERVED +CVE-2021-33046 (Some Dahua products have access control vulnerability in the password ...) + NOT-FOR-US: Dahua +CVE-2021-33045 (The identity authentication bypass vulnerability found in some Dahua p ...) + NOT-FOR-US: Dahua +CVE-2021-33044 (The identity authentication bypass vulnerability found in some Dahua p ...) + NOT-FOR-US: Dahua +CVE-2021-3554 (Improper Access Control vulnerability in the patchesUpdate API as impl ...) + NOT-FOR-US: Bitdefender +CVE-2021-3553 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...) + NOT-FOR-US: Bitdefender +CVE-2021-3552 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...) + NOT-FOR-US: Bitdefender +CVE-2021-33043 + RESERVED +CVE-2021-33042 + RESERVED +CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...) + NOT-FOR-US: vmd +CVE-2021-33040 (managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows X ...) + NOT-FOR-US: FuturePress EPub.js +CVE-2021-33039 + RESERVED +CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...) + {DSA-4922-1} + - hyperkitty 1.3.4-4 (bug #989183) + NOTE: https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa + NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380 + NOTE: https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/ +CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5 ...) + {DSA-4952-1 DLA-2733-1} + - tomcat9 9.0.43-2 (bug #991046) + [bullseye] - tomcat9 9.0.43-2~deb11u1 + - tomcat8 <removed> + NOTE: https://github.com/apache/tomcat/commit/45d70a86a901cbd534f8f570bed2aec9f7f7b88e (9.0.47) + NOTE: https://github.com/apache/tomcat/commit/05f9e8b00f5d9251fcd3c95dcfd6cf84177f46c8 (9.0.47) + NOTE: https://github.com/apache/tomcat/commit/a2c3dc4c96168743ac0bab613709a5bbdaec41d0 (9.0.47) + NOTE: https://github.com/apache/tomcat/commit/3202703e6d635e39b74262e81f0cb4bcbe2170dc (8.5.67) + NOTE: https://github.com/apache/tomcat/commit/da0e7cb093cf68b052d9175e469dbd0464441b0b (8.5.67) + NOTE: https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02 (8.5.67) +CVE-2021-33036 + RESERVED +CVE-2021-33035 (Apache OpenOffice opens dBase/DBF documents and shows the contents as ...) + - libreoffice 1:4.3.1-1 + NOTE: OpenOffice fixed this in https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56 + NOTE: Libreoffice fixed in this 2014 with https://github.com/LibreOffice/core/commit/d4e64d030092984077021a9af9d281cd64c476bf ... +CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3 +CVE-2021-33032 (A Remote Code Execution (RCE) vulnerability in the WebUI component of ...) + NOT-FOR-US: eQ-3 HomeMatic CCU2 +CVE-2021-33031 (In LabCup before <v2_next_18022, it is possible to use the save API ...) + NOT-FOR-US: LabCup +CVE-2021-33030 + RESERVED +CVE-2021-33029 + RESERVED +CVE-2021-33028 + RESERVED +CVE-2021-33027 (Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy i ...) + - singularity-container <not-affected> (Only affects Enterprise version) +CVE-2021-33033 (The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genop ...) + - linux 5.10.24-1 + [buster] - linux 4.19.181-1 + NOTE: https://git.kernel.org/linus/ad5d07f4a9cd671233ae20983848874731102c08 +CVE-2021-33026 (The Flask-Caching extension through 1.10.1 for Flask relies on Pickle ...) + - flask-caching <unfixed> (unimportant; bug #988916) + NOTE: https://github.com/sh4nks/flask-caching/pull/209 + NOTE: Negligible security impact +CVE-2021-33025 + RESERVED +CVE-2021-33024 + RESERVED +CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-b ...) + NOT-FOR-US: Advantech WebAccess +CVE-2021-33022 + RESERVED +CVE-2021-33021 + RESERVED +CVE-2021-33020 + RESERVED +CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics DOPSo ...) + NOT-FOR-US: Delta Electronics +CVE-2021-33018 + RESERVED +CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.0 ...) + NOT-FOR-US: Philips +CVE-2021-33016 + RESERVED +CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) + NOT-FOR-US: Cscape +CVE-2021-33014 + RESERVED +CVE-2021-33013 + RESERVED +CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...) + NOT-FOR-US: Rockwell +CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series, ...) + NOT-FOR-US: JTEKT Corporation +CVE-2021-33010 + RESERVED +CVE-2021-33009 + RESERVED +CVE-2021-33008 + RESERVED +CVE-2021-33007 (A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 a ...) + NOT-FOR-US: Delta Electronics +CVE-2021-33006 + RESERVED +CVE-2021-33005 + RESERVED +CVE-2021-33004 (The affected product is vulnerable to memory corruption condition due ...) + NOT-FOR-US: WebAccess HMI Designer +CVE-2021-33003 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...) + NOT-FOR-US: Delta Electronics +CVE-2021-33002 (Opening a maliciously crafted project file may cause an out-of-bounds ...) + NOT-FOR-US: WebAccess HMI Designer +CVE-2021-33001 + RESERVED +CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...) + NOT-FOR-US: WebAccess HMI Designer +CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while ...) + NOT-FOR-US: Suitelink +CVE-2021-32998 (The FANUC R-30iA and R-30iB series controllers are vulnerable to an ou ...) + NOT-FOR-US: FANUC +CVE-2021-32997 + RESERVED +CVE-2021-32996 (The FANUC R-30iA and R-30iB series controllers are vulnerable to integ ...) + NOT-FOR-US: FANUC +CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) + NOT-FOR-US: Cscape +CVE-2021-32994 + RESERVED +CVE-2021-32993 (IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded ...) + NOT-FOR-US: Philips +CVE-2021-32992 (FATEK Automation WinProladder Versions 3.30 and prior do not properly ...) + NOT-FOR-US: FATEK Automation WinProladder +CVE-2021-32991 (Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to ...) + NOT-FOR-US: Delta Electronics +CVE-2021-32990 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...) + NOT-FOR-US: FATEK Automation WinProladder +CVE-2021-32989 + RESERVED +CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...) + NOT-FOR-US: FATEK Automation WinProladder +CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing command ...) + NOT-FOR-US: Suitelink +CVE-2021-32986 + RESERVED +CVE-2021-32985 + RESERVED +CVE-2021-32984 + RESERVED +CVE-2021-32983 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...) + NOT-FOR-US: Delta Electronics +CVE-2021-32982 + RESERVED +CVE-2021-32981 + RESERVED +CVE-2021-32980 + RESERVED +CVE-2021-32979 (Null pointer dereference in SuiteLink server while processing commands ...) + NOT-FOR-US: Suitelink +CVE-2021-32978 + RESERVED +CVE-2021-32977 + RESERVED +CVE-2021-32976 + RESERVED +CVE-2021-32975 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) + NOT-FOR-US: Cscape +CVE-2021-32974 + RESERVED +CVE-2021-32973 + RESERVED +CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...) + NOT-FOR-US: Panasonic +CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing command ...) + NOT-FOR-US: Suitelink +CVE-2021-32970 + RESERVED +CVE-2021-32969 + RESERVED +CVE-2021-32968 + RESERVED +CVE-2021-32967 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...) + NOT-FOR-US: Delta Electronics +CVE-2021-32966 + RESERVED +CVE-2021-32965 + RESERVED +CVE-2021-32964 + RESERVED +CVE-2021-32963 (Null pointer dereference in SuiteLink server while processing commands ...) + NOT-FOR-US: Suitelink +CVE-2021-32962 + RESERVED +CVE-2021-32961 + RESERVED +CVE-2021-32960 + RESERVED +CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while processing comman ...) + NOT-FOR-US: Suitelink +CVE-2021-32958 + RESERVED +CVE-2021-32957 + RESERVED +CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...) + NOT-FOR-US: Advantech WebAccess/SCADA +CVE-2021-32955 (Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestrict ...) + NOT-FOR-US: Delta Electronics +CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a ...) + NOT-FOR-US: Advantech WebAccess/SCADA +CVE-2021-32953 + RESERVED +CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper aut ...) + NOT-FOR-US: WebAccess/NMS +CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF files in ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32949 + RESERVED +CVE-2021-32948 (An out-of-bounds write issue exists in the DWG file-reading procedure ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32947 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...) + NOT-FOR-US: FATEK Automation FvDesigner +CVE-2021-32946 (An improper check for unusual or exceptional conditions issue exists w ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32945 + RESERVED +CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading procedure in the ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32943 (The affected product is vulnerable to a stack-based buffer overflow, w ...) + NOT-FOR-US: WebAccess/SCADA +CVE-2021-32942 (The vulnerability could expose cleartext credentials from AVEVA InTouc ...) + NOT-FOR-US: AVEVA InTouch Runtime +CVE-2021-32941 + RESERVED +CVE-2021-32940 (An out-of-bounds read issue exists in the DWG file-recovering procedur ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32939 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...) + NOT-FOR-US: FATEK Automation FvDesigner +CVE-2021-32938 (Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-o ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32937 + RESERVED +CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering procedu ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32935 + RESERVED +CVE-2021-32934 + RESERVED +CVE-2021-32933 + RESERVED +CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...) + NOT-FOR-US: Advantech +CVE-2021-32931 (An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5. ...) + NOT-FOR-US: FATEK Automation FvDesigner +CVE-2021-32930 (The affected product’s configuration is vulnerable due to missin ...) + NOT-FOR-US: Advantech +CVE-2021-32929 + RESERVED +CVE-2021-32928 (The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prio ...) + NOT-FOR-US: Sentinel LDK Run-Time Environment installer +CVE-2021-32927 + RESERVED +CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...) + NOT-FOR-US: Rockwell Automation +CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when ...) + - dogtag-pki 10.10.6-1 (bug #991665) + [bullseye] - dogtag-pki <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971 + NOTE: https://github.com/dogtagpki/pki/commit/0c2f3b84499584bb6029f5ba3988ed3cb081e548 + NOTE: https://github.com/dogtagpki/pki/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6 + NOTE: https://github.com/dogtagpki/pki/commit/5b09fcaff11d33010469e695ef365a91c91674b5 +CVE-2021-3550 (A DLL search path vulnerability was reported in Lenovo PCManager, prio ...) + NOT-FOR-US: Microsoft +CVE-2021-32925 (admin/user_import.php in Chamilo 1.11.x reads XML data without disabli ...) + NOT-FOR-US: Chamilo +CVE-2021-32924 (Invision Community (aka IPS Community Suite) before 4.6.0 allows eval- ...) + NOT-FOR-US: Invision Community (aka IPS Community Suite) +CVE-2021-32923 (HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-exp ...) + NOT-FOR-US: HashiCorp Vault and Vault Enterprise +CVE-2021-32922 + RESERVED +CVE-2021-32921 (An issue was discovered in Prosody before 0.11.9. It does not use a co ...) + {DSA-4916-1 DLA-2687-1} + - prosody 0.11.9-1 (bug #988668) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 + NOTE: https://prosody.im/security/advisory_20210512.txt + NOTE: https://hg.prosody.im/trunk/rev/c98aebe601f9 + NOTE: https://hg.prosody.im/trunk/rev/13b84682518e + NOTE: https://hg.prosody.im/trunk/rev/6f56170ea986 +CVE-2021-32920 (Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood ...) + {DSA-4916-1} + - prosody 0.11.9-1 (bug #988668) + [stretch] - prosody <ignored> (Fix is consisting of many patches. Not appliable. Ingored) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 + NOTE: https://prosody.im/security/advisory_20210512.txt + NOTE: https://hg.prosody.im/trunk/rev/55ef50d6cf65 + NOTE: https://hg.prosody.im/trunk/rev/5a484bd050a7 + NOTE: https://hg.prosody.im/trunk/rev/aaf9c6b6d18d +CVE-2021-32919 (An issue was discovered in Prosody before 0.11.9. The undocumented dia ...) + {DSA-4916-1} + - prosody 0.11.9-1 (bug #988668) + [stretch] - prosody <not-affected> (Vulnerable code (=dwd) introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 + NOTE: https://prosody.im/security/advisory_20210512.txt + NOTE: https://hg.prosody.im/trunk/rev/6be890ca492e + NOTE: https://hg.prosody.im/trunk/rev/d0e9ffccdef9 +CVE-2021-32918 (An issue was discovered in Prosody before 0.11.9. Default settings are ...) + {DSA-4916-1} + - prosody 0.11.9-1 (bug #988668) + [stretch] - prosody <ignored> (Fix is consisting of many patches. Not appliable. Ingored) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 + NOTE: https://prosody.im/security/advisory_20210512.txt + NOTE: https://hg.prosody.im/trunk/rev/db8e41eb6eff + NOTE: https://hg.prosody.im/trunk/rev/b0d8920ed5e5 + NOTE: https://hg.prosody.im/trunk/rev/929de6ade6b6 + NOTE: https://hg.prosody.im/trunk/rev/63fd4c8465fb + NOTE: https://hg.prosody.im/trunk/rev/1937b3c3efb5 + NOTE: https://hg.prosody.im/trunk/rev/3413fea9e6db +CVE-2021-32917 (An issue was discovered in Prosody before 0.11.9. The proxy65 componen ...) + {DSA-4916-1 DLA-2687-1} + - prosody 0.11.9-1 (bug #988668) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 + NOTE: https://prosody.im/security/advisory_20210512.txt + NOTE: https://hg.prosody.im/trunk/rev/65dcc175ef5b +CVE-2021-32916 + RESERVED +CVE-2021-32915 + RESERVED +CVE-2021-32914 + RESERVED +CVE-2021-32913 + RESERVED +CVE-2021-32912 + RESERVED +CVE-2021-32911 + RESERVED +CVE-2021-32910 + RESERVED +CVE-2021-32909 + RESERVED +CVE-2021-32908 + RESERVED +CVE-2021-32907 + RESERVED +CVE-2021-32906 + RESERVED +CVE-2021-32905 + RESERVED +CVE-2021-32904 + RESERVED +CVE-2021-32903 + RESERVED +CVE-2021-32902 + RESERVED +CVE-2021-32901 + RESERVED +CVE-2021-32900 + RESERVED +CVE-2021-32899 + RESERVED +CVE-2021-32898 + RESERVED +CVE-2021-32897 + RESERVED +CVE-2021-32896 + RESERVED +CVE-2021-32895 + RESERVED +CVE-2021-32894 + RESERVED +CVE-2021-32893 + RESERVED +CVE-2021-32892 + RESERVED +CVE-2021-32891 + RESERVED +CVE-2021-32890 + RESERVED +CVE-2021-32889 + RESERVED +CVE-2021-32888 + RESERVED +CVE-2021-32887 + RESERVED +CVE-2021-32886 + RESERVED +CVE-2021-32885 + RESERVED +CVE-2021-32884 + RESERVED +CVE-2021-32883 + RESERVED +CVE-2021-32882 + RESERVED +CVE-2021-32881 + RESERVED +CVE-2021-32880 + RESERVED +CVE-2021-32879 + RESERVED +CVE-2021-32878 + RESERVED +CVE-2021-32877 + RESERVED +CVE-2021-32876 + RESERVED +CVE-2021-32875 + RESERVED +CVE-2021-32874 + RESERVED +CVE-2021-32873 + RESERVED +CVE-2021-32872 + RESERVED +CVE-2021-32871 + RESERVED +CVE-2021-32870 + RESERVED +CVE-2021-32869 + RESERVED +CVE-2021-32868 + RESERVED +CVE-2021-32867 + RESERVED +CVE-2021-32866 + RESERVED +CVE-2021-32865 + RESERVED +CVE-2021-32864 + RESERVED +CVE-2021-32863 + RESERVED +CVE-2021-32862 + RESERVED +CVE-2021-32861 + RESERVED +CVE-2021-32860 + RESERVED +CVE-2021-32859 + RESERVED +CVE-2021-32858 + RESERVED +CVE-2021-32857 + RESERVED +CVE-2021-32856 + RESERVED +CVE-2021-32855 + RESERVED +CVE-2021-32854 + RESERVED +CVE-2021-32853 + RESERVED +CVE-2021-32852 + RESERVED +CVE-2021-32851 + RESERVED +CVE-2021-32850 + RESERVED +CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to version ...) + NOT-FOR-US: Gerapy +CVE-2021-32848 + RESERVED +CVE-2021-32847 + RESERVED +CVE-2021-32846 + RESERVED +CVE-2021-32845 + RESERVED +CVE-2021-32844 + RESERVED +CVE-2021-32843 + RESERVED +CVE-2021-32842 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...) + - mono <not-affected> (Vulnerable code not yet uploaded) + NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/ + NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3) + NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b +CVE-2021-32841 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...) + - mono <not-affected> (Vulnerable code not yet uploaded) + NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/ + NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3) + NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b +CVE-2021-32840 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior ...) + - mono <not-affected> (Vulnerable code not yet uploaded) + NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/ + NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3) + NOTE: CVE refers to the commit for the test case: + NOTE: https://github.com/icsharpcode/SharpZipLib/commit/a0e96de70b5264f4c919b09253b1522bc7a221cc + NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b +CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sqlparse ...) + - sqlparse 0.4.2-1 (bug #994841) + [bullseye] - sqlparse <no-dsa> (Minor issue) + [buster] - sqlparse <not-affected> (Vulnerable code introduced later) + [stretch] - sqlparse <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf + NOTE: Introduced by: https://github.com/andialbrecht/sqlparse/commit/1499cffcd7c4d635b4297b44d48fb4fe94cf988e (0.4.0) + NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb (0.4.2) +CVE-2021-32838 (Flask-RESTX (pypi package flask-restx) is a community driven fork of F ...) + NOT-FOR-US: Flask restx +CVE-2021-32837 + RESERVED +CVE-2021-32836 (ZStack is open source IaaS(infrastructure as a service) software. In Z ...) + NOT-FOR-US: ZStack +CVE-2021-32835 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...) + NOT-FOR-US: Eclipse Keti +CVE-2021-32834 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...) + NOT-FOR-US: Eclipse Keti +CVE-2021-32833 (Emby Server is a personal media server with apps on many devices. In E ...) + NOT-FOR-US: Emby Server +CVE-2021-32832 (Rocket.Chat is an open-source fully customizable communications platfo ...) + NOT-FOR-US: Rocket.Chat +CVE-2021-32831 (Total.js framework (npm package total.js) is a framework for Node.js p ...) + NOT-FOR-US: Total.js +CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locateFont ...) + NOT-FOR-US: Node @diez/generation +CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...) + NOT-FOR-US: ZStack +CVE-2021-32828 + RESERVED +CVE-2021-32827 (MockServer is open source software which enables easy mocking of any s ...) + NOT-FOR-US: MockServer +CVE-2021-32826 (Proxyee-Down is open source proxy software. An attacker being able to ...) + NOT-FOR-US: Proxyee-Down +CVE-2021-32825 (bblfshd is an open source self-hosted server for source code parsing. ...) + NOT-FOR-US: bblfshd +CVE-2021-32824 + RESERVED +CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potential deni ...) + - ruby-bindata <unfixed> (bug #990577) + [bullseye] - ruby-bindata <no-dsa> (Minor issue) + [buster] - ruby-bindata <no-dsa> (Minor issue) + [stretch] - ruby-bindata <no-dsa> (Minor issue) + NOTE: https://github.com/dmendel/bindata/commit/d99f050b88337559be2cb35906c1f8da49531323 + NOTE: https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency + NOTE: https://github.com/dmendel/bindata/blob/v2.4.10/ChangeLog.rdoc#version-2410-2021-05-18- +CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for Handlebars. ...) + NOT-FOR-US: Node hbs +CVE-2021-32821 + RESERVED +CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express. Express-ha ...) + NOT-FOR-US: Express-handlebars +CVE-2021-32819 (Squirrelly is a template engine implemented in JavaScript that works o ...) + NOT-FOR-US: Squirrelly +CVE-2021-32818 (haml-coffee is a JavaScript templating solution. haml-coffee mixes pur ...) + NOT-FOR-US: haml-coffee +CVE-2021-32817 (express-hbs is an Express handlebars template engine. express-hbs mixe ...) + NOT-FOR-US: express-hbs +CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for the Pro ...) + NOT-FOR-US: ProtonMail Web Client +CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 (bug #992705) + [bullseye] - exiv2 <ignored> (Minor issue) + [buster] - exiv2 <ignored> (Minor issue) + [stretch] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m + NOTE: https://github.com/Exiv2/exiv2/pull/1739 +CVE-2021-32814 (Skytable is a NoSQL database with automated snapshots and TLS. Version ...) + NOT-FOR-US: Skytable +CVE-2021-32813 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...) + NOT-FOR-US: Traefik +CVE-2021-32812 (Monkshu is an enterprise application server for mobile apps (iOS and A ...) + NOT-FOR-US: Monkshu +CVE-2021-32811 (Zope is an open-source web application server. Zope versions prior to ...) + NOT-FOR-US: zope + NOTE: only affects specific versions using Python3 with options enabled. +CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for building task ...) + - firefox 93.0-1 + - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version) + - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version) + - rust-crossbeam-deque 0.7.4-1 (bug #993146) + [bullseye] - rust-crossbeam-deque <no-dsa> (Minor issue) + [buster] - rust-crossbeam-deque <no-dsa> (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0093.html + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-32810 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-32810 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-32810 +CVE-2021-32809 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...) + - ckeditor 4.16.2+dfsg-1 (bug #992291) + [bullseye] - ckeditor <no-dsa> (Minor issue) + [buster] - ckeditor <no-dsa> (Minor issue) + [stretch] - ckeditor <no-dsa> (Minor issue) + NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg + NOTE: https://github.com/ckeditor/ckeditor4/commit/f6856decd5992b2b07945292416bb113d5f7ff82 (v4.16.2) + NOTE: Introduced by https://github.com/ckeditor/ckeditor4/commit/ca0851c7a14f616a0c4cda905816aa87ca399efb (v4.5.2) +CVE-2021-32808 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...) + - ckeditor 4.16.2+dfsg-1 (bug #992292) + [bullseye] - ckeditor <no-dsa> (Minor issue) + [buster] - ckeditor <not-affected> (Vulnerable code introduced later) + [stretch] - ckeditor <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c + NOTE: https://github.com/ckeditor/ckeditor4/commit/0cb59313c834c94cec4c4d4c114b6ecb0270e21a (v4.16.2) + NOTE: Introduced by https://github.com/ckeditor/ckeditor4/commit/72428a762271d5e54a609a7913356a6d309c895d (v4.13.0) +CVE-2021-32807 (The module `AccessControl` defines security policies for Python code u ...) + NOT-FOR-US: Zope AccessControl +CVE-2021-32806 (Products.isurlinportal is a replacement for isURLInPortal method in Pl ...) + NOT-FOR-US: Plone +CVE-2021-32805 (Flask-AppBuilder is an application development framework, built on top ...) + - flask-appbuilder <itp> (bug #998029) + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-624f-cqvr-3qw4 + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/6af28521589599b1dbafd6313256229ee9a4fa74 (v3.3.2) +CVE-2021-32804 (The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4 ...) + - node-tar 6.1.7+~cs11.3.10-1 (bug #992111) + [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1 + [buster] - node-tar 4.4.6+ds1-3+deb10u1 + [stretch] - node-tar <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9 + NOTE: https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4 +CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4 ...) + - node-tar 6.1.7+~cs11.3.10-1 (bug #992110) + [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1 + [buster] - node-tar 4.4.6+ds1-3+deb10u1 + [stretch] - node-tar <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw + NOTE: https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20 +CVE-2021-32802 (Nextcloud server is an open source, self hosted personal cloud. Nextcl ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32801 (Nextcloud server is an open source, self hosted personal cloud. In aff ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32800 (Nextcloud server is an open source, self hosted personal cloud. In aff ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32799 + RESERVED +CVE-2021-32798 (The Jupyter notebook is a web-based notebook environment for interacti ...) + - jupyter-notebook 6.4.3-1 (bug #992704) + [bullseye] - jupyter-notebook <no-dsa> (Minor issue) + [buster] - jupyter-notebook <no-dsa> (Minor issue) + [stretch] - jupyter-notebook <no-dsa> (Minor issue) + NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797 + NOTE: https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5 +CVE-2021-32797 (JupyterLab is a user interface for Project Jupyter which will eventual ...) + - jupyterlab <itp> (bug #934258) +CVE-2021-32796 (xmldom is an open source pure JavaScript W3C standard-based (XML DOM L ...) + - node-xmldom 0.7.3-1 (bug #991612) + [bullseye] - node-xmldom <ignored> (Minor issue, too intrusive to backport) + [buster] - node-xmldom <ignored> (Minor issue, too intrusive to backport) + NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q + NOTE: https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b +CVE-2021-32795 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...) + NOT-FOR-US: ArchiSteamFarm +CVE-2021-32794 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...) + NOT-FOR-US: ArchiSteamFarm +CVE-2021-32793 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...) + NOT-FOR-US: Pi-hole +CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for the Apa ...) + - libapache2-mod-auth-openidc 2.4.9-1 (bug #991580) + [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) + [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) + NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 (v2.4.9) + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 (v2.4.9) +CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for the Apa ...) + - libapache2-mod-auth-openidc 2.4.9-1 (bug #991581) + [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) + [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) + NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c (v2.4.9) +CVE-2021-32790 (Woocommerce is an open source eCommerce plugin for WordPress. An SQL i ...) + NOT-FOR-US: Woocommerce +CVE-2021-32789 (woocommerce-gutenberg-products-block is a feature plugin for WooCommer ...) + NOT-FOR-US: woocommerce-gutenberg-products-block +CVE-2021-32788 (Discourse is an open source discussion platform. In versions prior to ...) + NOT-FOR-US: Discourse +CVE-2021-32787 (Sourcegraph is a code search and navigation engine. Sourcegraph before ...) + NOT-FOR-US: Sourcegraph +CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...) + - libapache2-mod-auth-openidc 2.4.9-1 (bug #991582) + [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) + [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) + NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7 + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544 (v2.4.9) +CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for the Apa ...) + - libapache2-mod-auth-openidc 2.4.9-1 (bug #991583) + [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) + [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) + NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4 + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 (v2.4.9) +CVE-2021-32784 + RESERVED +CVE-2021-32783 (Contour is a Kubernetes ingress controller using Envoy proxy. In Conto ...) + NOT-FOR-US: Countour +CVE-2021-32782 (Nextcloud Circles is an open source social network built for the nextc ...) + NOT-FOR-US: Nextcloud Circles +CVE-2021-32781 (Envoy is an open source L7 proxy and communication bus designed for la ...) + - envoyproxy <itp> (bug #987544) +CVE-2021-32780 (Envoy is an open source L7 proxy and communication bus designed for la ...) + - envoyproxy <itp> (bug #987544) +CVE-2021-32779 (Envoy is an open source L7 proxy and communication bus designed for la ...) + - envoyproxy <itp> (bug #987544) +CVE-2021-32778 (Envoy is an open source L7 proxy and communication bus designed for la ...) + - envoyproxy <itp> (bug #987544) +CVE-2021-32777 (Envoy is an open source L7 proxy and communication bus designed for la ...) + - envoyproxy <itp> (bug #987544) +CVE-2021-32776 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) + NOT-FOR-US: Combodo iTop +CVE-2021-32775 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) + NOT-FOR-US: Combodo iTop +CVE-2021-32774 (DataDump is a MediaWiki extension that provides dumps of wikis. Prior ...) + NOT-FOR-US: DataDump MediaWiki extension +CVE-2021-32773 (Racket is a general-purpose programming language and an ecosystem for ...) + [experimental] - racket 8.2+dfsg1-1 + - racket 7.9+dfsg1-2 (bug #991327) + [buster] - racket <no-dsa> (Minor issue) + [stretch] - racket <no-dsa> (Minor issue) + NOTE: https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c +CVE-2021-32772 (Poddycast is a podcast app made with Electron. Prior to version 0.8.1, ...) + NOT-FOR-US: Poddycast +CVE-2021-32771 + RESERVED +CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-wordpre ...) + NOT-FOR-US: Gatsby +CVE-2021-32769 (Micronaut is a JVM-based, full stack Java framework designed for build ...) + NOT-FOR-US: Micronaut +CVE-2021-32768 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: Typo 3 +CVE-2021-32767 (TYPO3 is an open source PHP based web content management system. In ve ...) + NOT-FOR-US: Typo 3 +CVE-2021-32766 (Nextcloud Text is an open source plaintext editing application which s ...) + NOT-FOR-US: Nextcloud Text +CVE-2021-32765 (Hiredis is a minimalistic C client library for the Redis database. In ...) + {DLA-2783-1} + - hiredis 0.14.1-2 (unimportant) + NOTE: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 + NOTE: https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e (v1.0.1) + NOTE: Only a hardening for insecure libcs: + NOTE: https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e#commitcomment-57544143 +CVE-2021-32764 (Discourse is an open-source discussion platform. In Discourse versions ...) + NOT-FOR-US: Discourse +CVE-2021-32763 (OpenProject is open-source, web-based project management software. In ...) + NOT-FOR-US: OpenProject +CVE-2021-32762 (Redis is an open source, in-memory database that persists on disk. The ...) + {DSA-5001-1 DLA-2810-1} + - redis 5:6.0.16-1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr +CVE-2021-32761 (Redis is an in-memory database that persists on disk. A vulnerability ...) + {DLA-2717-2 DLA-2717-1} + - redis 5:6.0.15-1 (bug #991375) + [buster] - redis 5:5.0.14-1+deb10u1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj +CVE-2021-32760 (containerd is a container runtime. A bug was found in containerd versi ...) + - containerd 1.4.5~ds1-2 + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w +CVE-2021-32759 (OpenMage magento-lts is an alternative to the Magento CE official rele ...) + NOT-FOR-US: Magento +CVE-2021-32758 (OpenMage Magento LTS is an alternative to the Magento CE official rele ...) + NOT-FOR-US: Magento +CVE-2021-32757 + RESERVED +CVE-2021-32756 (ManageIQ is an open-source management platform. In versions prior to j ...) + NOT-FOR-US: ManageIQ +CVE-2021-32755 (Wire is a collaboration platform. wire-ios-transport handles authentic ...) + NOT-FOR-US: wire-ios (iOS version of Wire) +CVE-2021-32754 (FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2. ...) + NOT-FOR-US: FlowDroid +CVE-2021-32753 (EdgeX Foundry is an open source project for building a common open fra ...) + NOT-FOR-US: EdgeX Foundry +CVE-2021-32752 (Ether Logs is a package that allows one to check one's logs in the Cra ...) + NOT-FOR-US: Ether Logs +CVE-2021-32751 (Gradle is a build tool with a focus on build automation. In versions p ...) + - gradle <unfixed> + [bullseye] - gradle <ignored> (Minor issue) + [buster] - gradle <ignored> (Minor issue) + [stretch] - gradle <no-dsa> (Minor issue) + NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8 +CVE-2021-32750 (MuWire is a file publishing and networking tool that protects the iden ...) + NOT-FOR-US: MuWire +CVE-2021-32749 (fail2ban is a daemon to ban hosts that cause multiple authentication e ...) + - fail2ban 0.11.2-2 + [buster] - fail2ban <no-dsa> (Minor issue, can be fixed in point release) + [stretch] - fail2ban <no-dsa> (Minor issue, can be fixed after fix of regression) + NOTE: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm + NOTE: https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9 (0.9) + NOTE: https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844 (0.10, 0.11, 1.0) + NOTE: Fix introduces regression for installations with mail command from the bsd-mailx package: + NOTE: https://github.com/fail2ban/fail2ban/issues/3059 +CVE-2021-32748 (Nextcloud Richdocuments in an open source self hosted online office. N ...) + NOT-FOR-US: Nextcloud Richdocuments +CVE-2021-32747 (Icinga Web 2 is an open source monitoring web interface, framework, an ...) + [experimental] - icingaweb2 2.8.3-1~exp1 + - icingaweb2 2.8.4-1 (bug #991116) + [buster] - icingaweb2 <no-dsa> (Minor issue) + [stretch] - icingaweb2 <no-dsa> (Minor issue) + NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx + NOTE: https://github.com/Icinga/icingaweb2/commit/ffe8741c66af6ea085514a35ec878093b991875c (v2.8.3) +CVE-2021-32746 (Icinga Web 2 is an open source monitoring web interface, framework and ...) + [experimental] - icingaweb2 2.8.3-1~exp1 + - icingaweb2 2.8.4-1 (bug #991116) + [buster] - icingaweb2 <no-dsa> (Minor issue) + [stretch] - icingaweb2 <no-dsa> (Minor issue) + NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43 + NOTE: https://github.com/Icinga/icingaweb2/commit/80875d91bbfa52553fe7bb2c1a32a9814880d9c1 (v2.8.3) +CVE-2021-32745 (Collabora Online is a collaborative online office suite. A reflected X ...) + NOT-FOR-US: Collabora Online +CVE-2021-32744 (Collabora Online is a collaborative online office suite. In versions p ...) + NOT-FOR-US: Collabora Online +CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...) + {DLA-2816-1} + [experimental] - icinga2 2.12.5-1~exp1 + - icinga2 2.12.5-1 (bug #991494) + [bullseye] - icinga2 <no-dsa> (Minor issue) + [buster] - icinga2 <no-dsa> (Minor issue) + NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ + NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 + NOTE: https://github.com/Icinga/icinga2/commit/843353ab69f79b3abfeb38ac249b05e1944369ab (v2.12.5) +CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug ...) + NOT-FOR-US: Vapor +CVE-2021-32741 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32740 (Addressable is an alternative implementation to the URI implementation ...) + - ruby-addressable 2.7.0-2 (bug #990791) + [stretch] - ruby-addressable <no-dsa> (Minor issue) + NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g + NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76 +CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...) + {DLA-2816-1} + [experimental] - icinga2 2.12.5-1~exp1 + - icinga2 2.12.5-1 (bug #991494) + [bullseye] - icinga2 <no-dsa> (Minor issue) + [buster] - icinga2 <no-dsa> (Minor issue) + NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ + NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5 + NOTE: https://github.com/Icinga/icinga2/commit/b5b83fa51564662ff2e78d7529ff77e1085d4522 (v2.12.5) +CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with a Stella ...) + NOT-FOR-US: js-stellar-sdk +CVE-2021-32737 (Sulu is an open-source PHP content management system based on the Symf ...) + NOT-FOR-US: Sulu +CVE-2021-32736 (think-helper defines a set of helper functions for ThinkJS. In version ...) + NOT-FOR-US: think-helper +CVE-2021-32735 (Kirby is a content management system. In Kirby CMS versions 3.5.5 and ...) + NOT-FOR-US: Kirby +CVE-2021-32734 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32733 (Nextcloud Text is a collaborative document editing application that us ...) + NOT-FOR-US: Nextcloud Text +CVE-2021-32732 (### Impact It's possible to know if a user has or not an account in a ...) + NOT-FOR-US: XWiki +CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2021-32728 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) + {DSA-4974-1} + - nextcloud-desktop 3.3.1-1 + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5 + NOTE: https://github.com/nextcloud/desktop/pull/3338 +CVE-2021-32727 (Nextcloud Android Client is the Android client for Nextcloud. Clients ...) + NOT-FOR-US: Nextcloud Android Client +CVE-2021-32726 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32725 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32724 (check-spelling is a github action which provides CI spell checking. In ...) + NOT-FOR-US: Github +CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before 1.24.0 a ...) + NOT-FOR-US: Prism +CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb705 ...) + NOT-FOR-US: GlobalNewFiles MediaWiki extension +CVE-2021-32721 (PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux ...) + NOT-FOR-US: PowerMux +CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. In vers ...) + NOT-FOR-US: Sylius +CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...) + - rabbitmq-server 3.9.4-1 (bug #990524) + [bullseye] - rabbitmq-server <no-dsa> (Minor issue) + [buster] - rabbitmq-server <no-dsa> (Minor issue) + [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present) + NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x + NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3122 + NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/f01f0f2d840b98128cdb7ff966d8234b06ef7c75 (master) + NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/51df93b45fb05f935456f09b88e7554e0b36317f (v3.9.0-beta.1) + NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/08beb82e9ab8923ded88ece2800cd80971e2bd05 (v3.8.18) +CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...) + - rabbitmq-server 3.9.4-1 (bug #990524) + [bullseye] - rabbitmq-server <no-dsa> (Minor issue) + [buster] - rabbitmq-server <no-dsa> (Minor issue) + [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present) + NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772 + NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3028 + NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/a8dffdf7de9793a76fc4685c89b968d8eddca4ca (v3.9.0-beta.1) + NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/a7373585faeac0aaede5a9c245094d8022e81299 (v3.8.17-rc.1) +CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions prior to 6. ...) + NOT-FOR-US: Shopware +CVE-2021-32716 (Shopware is an open source eCommerce platform. In versions prior to 6. ...) + NOT-FOR-US: Shopware +CVE-2021-32715 (hyper is an HTTP library for rust. hyper's HTTP/1 server code had a fl ...) + - rust-hyper <unfixed> + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0078.html + NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c +CVE-2021-32714 (hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper ...) + - rust-hyper <unfixed> + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0079.html + NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9 +CVE-2021-32713 (Shopware is an open source eCommerce platform. Versions prior to 5.6.1 ...) + NOT-FOR-US: Shopware +CVE-2021-32712 (Shopware is an open source eCommerce platform. Versions prior to 5.6.1 ...) + NOT-FOR-US: Shopware +CVE-2021-32711 (Shopware is an open source eCommerce platform. Versions prior to 6.3.5 ...) + NOT-FOR-US: Shopware +CVE-2021-32710 (Shopware is an open source eCommerce platform. Potential session hijac ...) + NOT-FOR-US: Shopware +CVE-2021-32709 (Shopware is an open source eCommerce platform. Creation of order credi ...) + NOT-FOR-US: Shopware +CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The whitespa ...) + - php-league-flysystem 1.1.3-4 (bug #990288) + NOTE: https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm +CVE-2021-32707 (Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6 ...) + NOT-FOR-US: Nextcloud Mail +CVE-2021-32706 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...) + NOT-FOR-US: Pi-hole +CVE-2021-32705 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32704 (DHIS 2 is an information system for data capture, management, validati ...) + NOT-FOR-US: DHIS 2 +CVE-2021-32703 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32702 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...) + NOT-FOR-US: Auth0 Next.js SDK +CVE-2021-32701 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Cont ...) + NOT-FOR-US: ORY Oathkeeper +CVE-2021-32700 (Ballerina is an open source programming language and platform for clou ...) + NOT-FOR-US: Ballerina +CVE-2021-32699 (Wings is the control plane software for the open source Pterodactyl ga ...) + NOT-FOR-US: Wings +CVE-2021-32698 (eLabFTW is an open source electronic lab notebook for research labs. T ...) + NOT-FOR-US: eLabFTW +CVE-2021-32697 (neos/forms is an open source framework to build web forms. By crafting ...) + NOT-FOR-US: neos/forms +CVE-2021-32696 (The npm package "striptags" is an implementation of PHP's strip_tags i ...) + NOT-FOR-US: Node striptags +CVE-2021-32695 (Nextcloud Android app is the Android client for Nextcloud. In versions ...) + NOT-FOR-US: Nextcloud Android app +CVE-2021-32694 (Nextcloud Android app is the Android client for Nextcloud. In versions ...) + NOT-FOR-US: Nextcloud Android app +CVE-2021-32693 (Symfony is a PHP framework for web and console applications and a set ...) + - symfony <not-affected> (Vulnerable code not present) + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq + NOTE: Fixed by: https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728 (v5.3.2) + NOTE: https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one +CVE-2021-32692 + RESERVED +CVE-2021-32691 (Apollos Apps is an open source platform for launching church-related a ...) + NOT-FOR-US: Apollo Apps +CVE-2021-32690 (Helm is a tool for managing Charts (packages of pre-configured Kuberne ...) + - helm-kubernetes <itp> (bug #910799) +CVE-2021-32689 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...) + NOT-FOR-US: Nextcloud Talk +CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32687 (Redis is an open source, in-memory database that persists on disk. An ...) + {DSA-5001-1 DLA-2810-1} + - redis 5:6.0.16-1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q +CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-4999-1} + - asterisk 1:16.16.1~dfsg-2 (bug #991931) + [stretch] - asterisk <not-affected> (Vulnerable code not present) + - pjproject <removed> + [stretch] - pjproject <no-dsa> (Minor issue; https://people.debian.org/~abhijith/upload/CVE-2021-32686.patch) + - ring <unfixed> + NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr + NOTE: https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd + NOTE: https://github.com/pjsip/pjproject/pull/2716 +CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...) + NOT-FOR-US: tEnvoy +CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...) + NOT-FOR-US: Create Magento app +CVE-2021-32683 (wire-webapp is the web version of Wire, an open-source messenger. A cr ...) + NOT-FOR-US: wire-webapp +CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...) + NOT-FOR-US: elFinder +CVE-2021-32681 (Wagtail is an open source content management system built on Django. A ...) + NOT-FOR-US: Wagtail +CVE-2021-32680 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32679 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32678 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32677 (FastAPI is a web framework for building APIs with Python 3.6+ based on ...) + - fastapi 0.70.0-1 (bug #990582) + [bullseye] - fastapi <no-dsa> (Minor issue) + NOTE: https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7 + NOTE: https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d (0.65.2) +CVE-2021-32676 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...) + NOT-FOR-US: Nextcloud Talk +CVE-2021-32675 (Redis is an open source, in-memory database that persists on disk. Whe ...) + {DSA-5001-1 DLA-2810-1} + - redis 5:6.0.16-1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p +CVE-2021-32674 (Zope is an open-source web application server. This advisory extends t ...) + NOT-FOR-US: Zope +CVE-2021-32673 (reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot ...) + NOT-FOR-US: reg-keygen-git-hash-plugin +CVE-2021-32672 (Redis is an open source, in-memory database that persists on disk. Whe ...) + {DSA-5001-1 DLA-2810-1} + - redis 5:6.0.16-1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm +CVE-2021-32671 (Flarum is a forum software for building communities. Flarum's translat ...) + NOT-FOR-US: Flarum +CVE-2021-32670 (Datasette is an open source multi-tool for exploring and publishing da ...) + NOT-FOR-US: Datasette +CVE-2021-32669 (TYPO3 is an open source PHP based web content management system. Versi ...) + NOT-FOR-US: Typo 3 +CVE-2021-32668 (TYPO3 is an open source PHP based web content management system. Versi ...) + NOT-FOR-US: Typo 3 +CVE-2021-32667 (TYPO3 is an open source PHP based web content management system. Versi ...) + NOT-FOR-US: Typo 3 +CVE-2021-32666 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...) + NOT-FOR-US: wire-ios (iOS version of Wire) +CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...) + NOT-FOR-US: wire-ios (iOS version of Wire) +CVE-2021-32664 (Combodo iTop is an open source web based IT Service Management tool. I ...) + NOT-FOR-US: Combodo iTop +CVE-2021-32663 (iTop is an open source web based IT Service Management tool. In affect ...) + NOT-FOR-US: Combodo iTop +CVE-2021-32662 (Backstage is an open platform for building developer portals, and tech ...) + NOT-FOR-US: Backstage +CVE-2021-32661 (Backstage is an open platform for building developer portals. In versi ...) + NOT-FOR-US: Backstage +CVE-2021-32660 (Backstage is an open platform for building developer portals, and tech ...) + NOT-FOR-US: Backstage +CVE-2021-32659 (Matrix-appservice-bridge is the bridging service for the Matrix commun ...) + NOT-FOR-US: Matrix-appservice-bridge +CVE-2021-32658 (Nextcloud Android is the Android client for the Nextcloud open source ...) + NOT-FOR-US: Nextcloud client for Android +CVE-2021-32657 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32656 (Nextcloud Server is a Nextcloud package that handles data storage. A v ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32655 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32654 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32653 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32652 (Nextcloud Mail is a mail app for the Nextcloud platform. A missing per ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-32651 (OneDev is a development operations platform. If the LDAP external auth ...) + NOT-FOR-US: OneDev +CVE-2021-32650 (October CMS is a self-hosted content management system (CMS) platform ...) + NOT-FOR-US: October CMS +CVE-2021-32649 (October CMS is a self-hosted content management system (CMS) platform ...) + NOT-FOR-US: October CMS +CVE-2021-32648 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...) + NOT-FOR-US: October CMS +CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected versions ...) + NOT-FOR-US: Emissary +CVE-2021-32646 (Roomer is a discord bot cog (extension) which provides automatic voice ...) + NOT-FOR-US: Roomer +CVE-2021-32645 (Tenancy multi-tenant is an open source multi-domain controller for the ...) + NOT-FOR-US: Teancy multi-tenant +CVE-2021-32644 (Ampache is an open source web based audio/video streaming application ...) + - ampache <removed> +CVE-2021-32643 (Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` ca ...) + NOT-FOR-US: Http4s +CVE-2021-32642 (radsecproxy is a generic RADIUS proxy that supports both UDP and TLS ( ...) + - radsecproxy 1.8.2-4 (unimportant) + NOTE: https://github.com/radsecproxy/radsecproxy/commit/ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af + NOTE: Only affects example script +CVE-2021-32641 (auth0-lock is Auth0's signin solution. Versions of nauth0-lock before ...) + NOT-FOR-US: auth0-lock +CVE-2021-32640 (ws is an open source WebSocket client and server library for Node.js. ...) + - node-ws 7.4.2+~cs18.0.8-2 + [buster] - node-ws 1.1.0+ds1.e6ddaae4-5+deb10u1 + [stretch] - node-ws <no-dsa> (Minor issue) + NOTE: https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693 + NOTE: https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff +CVE-2021-32639 (Emissary is a P2P-based, data-driven workflow engine. Emissary version ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32638 (Github's CodeQL action is provided to run CodeQL-based code scanning o ...) + NOT-FOR-US: Github +CVE-2021-32637 (Authelia is a a single sign-on multi-factor portal for web apps. This ...) + NOT-FOR-US: Authelia +CVE-2021-32636 + RESERVED +CVE-2021-32635 (Singularity is an open source container platform. In verions 3.7.2 and ...) + - singularity-container <not-affected> (Vulnerable code introduced in 3.7.2) + NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-jq42-hfch-42f3 + NOTE: https://github.com/hpcng/singularity/commit/cd298aaeb7698fb692689e2e1b49972c94bfa440 +CVE-2021-32634 (Emissary is a distributed, peer-to-peer, data-driven workflow framewor ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32633 (Zope is an open-source web application server. In Zope versions prior ...) + NOT-FOR-US: Zope +CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnera ...) + NOT-FOR-US: Pajbot +CVE-2021-32631 (Common is a package of common modules that can be accessed by NIMBLE s ...) + NOT-FOR-US: NIMBLE +CVE-2021-32630 (Admidio is a free, open source user management system for websites of ...) + NOT-FOR-US: Admidio +CVE-2021-32629 (Cranelift is an open-source code generator maintained by Bytecode Alli ...) + NOT-FOR-US: Cranelift +CVE-2021-32628 (Redis is an open source, in-memory database that persists on disk. An ...) + {DSA-5001-1} + - redis 5:6.0.16-1 + [stretch] - redis <no-dsa> (Minor issue; invasive patch) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr +CVE-2021-32627 (Redis is an open source, in-memory database that persists on disk. In ...) + {DSA-5001-1} + - redis 5:6.0.16-1 + [stretch] - redis <no-dsa> (Minor issue; invasive patch) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v +CVE-2021-32626 (Redis is an open source, in-memory database that persists on disk. In ...) + {DSA-5001-1 DLA-2810-1} + - redis 5:6.0.16-1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c +CVE-2021-32625 (Redis is an open source (BSD licensed), in-memory data structure store ...) + - redis 5:6.0.14-1 (bug #989351) + [buster] - redis <not-affected> (Vulnerable code not present) + [stretch] - redis <not-affected> (Vulnerable code not present) + NOTE: https://github.com/redis/redis/pull/9011 + NOTE: https://github.com/redis/redis/commit/1ddecf1958924b178b76a31d989ef1e05af81964 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq + NOTE: CVE is result of incomplete fix by CVE-2021-29477. +CVE-2021-32624 (Keystone 5 is an open source CMS platform to build Node.js application ...) + NOT-FOR-US: Keystone CMS +CVE-2021-32623 (Opencast is a free and open source solution for automated video captur ...) + NOT-FOR-US: Opencast +CVE-2021-32622 (Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip ...) + NOT-FOR-US: Matrix-React-SDK +CVE-2021-32621 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2021-32620 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2021-32619 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...) + NOT-FOR-US: Deno +CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding security fe ...) + NOT-FOR-US: Flask-Security-Too +CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 (bug #988731) + [bullseye] - exiv2 <no-dsa> (Minor issue) + [buster] - exiv2 <no-dsa> (Minor issue) + [stretch] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj + NOTE: https://github.com/Exiv2/exiv2/pull/1657 +CVE-2021-32616 (1CDN is open-source file sharing software. In 1CDN before commit f88a2 ...) + NOT-FOR-US: 1CDN +CVE-2021-3549 (An out of bounds flaw was found in GNU binutils objdump utility versio ...) + - binutils 2.37-3 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27294 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7 + NOTE: binutils not covered by security support +CVE-2021-32615 (Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Inj ...) + - piwigo <removed> +CVE-2021-32614 (A flaw was found in dmg2img through 20170502. fill_mishblk() does not ...) + - dmg2img <unfixed> (unimportant; bug #989008) + NOTE: https://github.com/Lekensteyn/dmg2img/issues/11 + NOTE: Crash in CLI tool, no security impact +CVE-2021-32613 (In radare2 through 5.3.0 there is a double free vulnerability in the p ...) + - radare2 5.5.0+dfsg-1 (bug #989067) + NOTE: https://github.com/radareorg/radare2/issues/18679 + NOTE: https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc +CVE-2021-32612 (The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android d ...) + NOT-FOR-US: VeryFitPro +CVE-2021-32611 (A NULL pointer dereference vulnerability exists in eXcall_api.c in Ant ...) + - libexosip2 <removed> + [buster] - libexosip2 <no-dsa> (Minor issue) + [stretch] - libexosip2 <no-dsa> (Minor issue) + NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=f2ed389fe84613512cc560127883e51e6cf8c054 +CVE-2021-32610 (In Archive_Tar before 1.4.14, symlinks can refer to targets outside of ...) + {DLA-2721-1} + - drupal7 <removed> + - php-pear <unfixed> (bug #991541) + [bullseye] - php-pear <no-dsa> (Minor issue) + [buster] - php-pear <no-dsa> (Minor issue) + [stretch] - php-pear <no-dsa> (Minor issue) + NOTE: https://www.drupal.org/sa-core-2021-004 + NOTE: https://pear.php.net/package/Archive_Tar/download/1.4.14/ + NOTE: https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4 (1.4.14) +CVE-2021-32609 (Apache Superset up to and including 1.1 does not sanitize titles corre ...) + NOT-FOR-US: Apache Superset +CVE-2021-32608 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...) + NOT-FOR-US: Smartstore +CVE-2021-32607 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...) + NOT-FOR-US: Smartstore +CVE-2021-3547 (OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middl ...) + - openvpn3 <itp> (bug #904044) +CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrar ...) + NOT-FOR-US: zzzcms +CVE-2021-32604 (Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles ...) + NOT-FOR-US: SolarWinds +CVE-2021-32603 (A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiM ...) + NOT-FOR-US: FortiGuard +CVE-2021-32602 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: FortiGuard +CVE-2021-32601 + RESERVED +CVE-2021-32600 (An exposure of sensitive information to an unauthorized actor vulnerab ...) + NOT-FOR-US: Fortiguard +CVE-2021-32599 + RESERVED +CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...) + NOT-FOR-US: FortiGuard +CVE-2021-32597 (Multiple improper neutralization of input during web page generation ( ...) + NOT-FOR-US: Fortiguard +CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in the pas ...) + NOT-FOR-US: FortiPortal +CVE-2021-32595 (Multiple uncontrolled resource consumption vulnerabilities in the web ...) + NOT-FOR-US: Fortiguard +CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface of Fort ...) + NOT-FOR-US: FortiPortal +CVE-2021-32593 + RESERVED +CVE-2021-32592 (An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 ...) + NOT-FOR-US: FortiGuard +CVE-2021-32591 (A missing cryptographic steps vulnerability in the function that encry ...) + NOT-FOR-US: FortiGuard +CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...) + NOT-FOR-US: FortiPortal +CVE-2021-32589 + RESERVED +CVE-2021-32588 (A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal ...) + NOT-FOR-US: FortiGuard +CVE-2021-32587 (An improper access control vulnerability in FortiManager and FortiAnal ...) + NOT-FOR-US: Fortiguard +CVE-2021-32586 + RESERVED +CVE-2021-32585 + RESERVED +CVE-2021-32584 + RESERVED +CVE-2021-32583 + RESERVED +CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5. A blind ...) + NOT-FOR-US: ConnectWise Automate +CVE-2021-32581 (Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Im ...) + NOT-FOR-US: Acronis +CVE-2021-32580 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...) + NOT-FOR-US: Acronis +CVE-2021-32579 (Acronis True Image prior to 2021 Update 4 for Windows and Acronis True ...) + NOT-FOR-US: Acronis +CVE-2021-32578 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...) + NOT-FOR-US: Acronis +CVE-2021-32577 (Acronis True Image prior to 2021 Update 5 for Windows allowed local pr ...) + NOT-FOR-US: Acronis +CVE-2021-32576 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...) + NOT-FOR-US: Acronis +CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/i ...) + - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/16 +CVE-2021-3545 (An information disclosure vulnerability was found in the virtio vhost- ...) + {DSA-4980-1} + - qemu 1:6.1+dfsg-1 (bug #989042) + [buster] - qemu <not-affected> (Only minimal support present and not installed in binary packages) + [stretch] - qemu <not-affected> (The vulnerable code was introduced later) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01153.html + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/121841b2 +CVE-2021-3544 (Several memory leaks were found in the virtio vhost-user GPU device (v ...) + {DSA-4980-1} + - qemu 1:6.1+dfsg-1 (bug #989042) + [buster] - qemu <not-affected> (Only minimal support present and not installed in binary packages) + [stretch] - qemu <not-affected> (The vulnerable code was introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958935 + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01151.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01157.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01152.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01156.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01158.html + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/86dd8fac + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b9f79858 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b7afebcf + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f6091d86 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/63736af5 +CVE-2021-3548 (A flaw was found in dmg2img through 20170502. dmg2img did not validate ...) + - dmg2img <unfixed> (unimportant) + NOTE: https://github.com/Lekensteyn/dmg2img/issues/9 + NOTE: Crash in CLI tool, no security impact +CVE-2021-3543 (A flaw null pointer dereference in the Nitro Enclaves kernel driver wa ...) + - linux 5.10.38-1 (unimportant) + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/f1ce3986baa62cffc3c5be156994de87524bab99 + NOTE: nitro_enclaves not enabled in Debian binary builds +CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networ ...) + - nomad 0.12.10+dfsg1-3 (bug #990581) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296 +CVE-2021-32574 (HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy prox ...) + - consul <unfixed> (bug #991719) + [bullseye] - consul <no-dsa> (Minor issue) + [buster] - consul <not-affected> (Only affects 1.3.0 and later) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 + NOTE: https://github.com/hashicorp/consul/pull/10619 +CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node.js all ...) + NOT-FOR-US: Node express-cart +CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET ...) + NOT-FOR-US: Speco Web Viewer +CVE-2021-32571 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...) + NOT-FOR-US: OSS-RC +CVE-2021-32570 + RESERVED +CVE-2021-32569 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...) + NOT-FOR-US: OSS-RC +CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...) + NOT-FOR-US: mrdoc +CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...) + {DSA-4957-1} + - trafficserver 8.1.1+ds-1.1 (bug #990303) + NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) + NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master) + NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) +CVE-2021-32566 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...) + {DSA-4957-1} + - trafficserver 8.1.1+ds-1.1 (bug #990303) + NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) + NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master) + NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) +CVE-2021-32565 (Invalid values in the Content-Length header sent to Apache Traffic Ser ...) + {DSA-4957-1} + - trafficserver 8.1.1+ds-1.1 (bug #990303) + NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) + NOTE: https://github.com/apache/trafficserver/commit/668d0f8668fec1cd350b0ceba3f7f8e4020ae3ca (master) + NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) +CVE-2021-32564 + RESERVED +CVE-2021-32562 + RESERVED +CVE-2021-32561 (OctoPrint before 1.6.0 allows XSS because API error messages include t ...) + NOT-FOR-US: OctoPrint +CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect access c ...) + NOT-FOR-US: OctoPrint +CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when addin ...) + NOT-FOR-US: pywin32 +CVE-2021-32558 (An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x ...) + {DSA-4999-1 DLA-2729-1} + - asterisk 1:16.16.1~dfsg-2 (bug #991710) + NOTE: https://downloads.asterisk.org/pub/security/AST-2021-008.html +CVE-2021-32557 (It was discovered that the process_report() function in data/whoopsie- ...) + NOT-FOR-US: Apport +CVE-2021-32556 (It was discovered that the get_modified_conffiles() function in backen ...) + NOT-FOR-US: Apport +CVE-2021-32555 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32554 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32553 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32552 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32551 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32550 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32549 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32548 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32547 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32546 + RESERVED +CVE-2021-32545 (Pexip Infinity before 26 allows remote denial of service because of mi ...) + NOT-FOR-US: Pexip Infinity +CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in ...) + NOT-FOR-US: igt+ +CVE-2021-32543 (The CTS Web transaction system related to authentication management is ...) + NOT-FOR-US: CTS Web transaction system +CVE-2021-32542 (The parameters of the specific functions in the CTS Web trading system ...) + NOT-FOR-US: CTS Web trading system +CVE-2021-32541 (The CTS Web transaction system related to authentication and session m ...) + NOT-FOR-US: CTS Web transaction system +CVE-2021-32540 (Add announcement function in the 101EIP system does not filter special ...) + NOT-FOR-US: 101EIP system +CVE-2021-32539 (Add event in calendar function in the 101EIP system does not filter sp ...) + NOT-FOR-US: 101EIP system +CVE-2021-32538 (ARTWARE CMS parameter of image upload function does not filter the typ ...) + NOT-FOR-US: ARTWARE CMS +CVE-2021-32537 (Realtek HAD contains a driver crashed vulnerability which allows local ...) + NOT-FOR-US: Realtek +CVE-2021-32536 (The login page in the MCUsystem does not filter with special character ...) + NOT-FOR-US: MCUsystem +CVE-2021-32535 (The vulnerability of hard-coded default credentials in QSAN SANOS allo ...) + NOT-FOR-US: QSAN SANOS +CVE-2021-32534 (QSAN SANOS factory reset function does not filter special parameters. ...) + NOT-FOR-US: QSAN SANOS +CVE-2021-32533 (The QSAN SANOS setting page does not filter special parameters. Remote ...) + NOT-FOR-US: QSAN SANOS +CVE-2021-32532 (Path traversal vulnerability in back-end analysis function in QSAN XEV ...) + NOT-FOR-US: QSAN XEVO +CVE-2021-32531 (OS command injection vulnerability in Init function in QSAN XEVO allow ...) + NOT-FOR-US: QSAN XEVO +CVE-2021-32530 (OS command injection vulnerability in Array function in QSAN XEVO allo ...) + NOT-FOR-US: QSAN XEVO +CVE-2021-32529 (Command injection vulnerability in QSAN XEVO, SANOS allows remote unau ...) + NOT-FOR-US: QSAN +CVE-2021-32528 (Observable behavioral discrepancy vulnerability in QSAN Storage Manage ...) + NOT-FOR-US: QSAN +CVE-2021-32527 (Path traversal vulnerability in QSAN Storage Manager allows remote una ...) + NOT-FOR-US: QSAN +CVE-2021-32526 (Incorrect permission assignment for critical resource vulnerability in ...) + NOT-FOR-US: QSAN +CVE-2021-32525 (The same hard-coded password in QSAN Storage Manager's in the firmware ...) + NOT-FOR-US: QSAN +CVE-2021-32524 (Command injection vulnerability in QSAN Storage Manager allows remote ...) + NOT-FOR-US: QSAN +CVE-2021-32523 (Improper authorization vulnerability in QSAN Storage Manager allows re ...) + NOT-FOR-US: QSAN +CVE-2021-32522 (Improper restriction of excessive authentication attempts vulnerabilit ...) + NOT-FOR-US: QSAN +CVE-2021-32521 (Use of MAC address as an authenticated password in QSAN Storage Manage ...) + NOT-FOR-US: QSAN +CVE-2021-32520 (Use of hard-coded cryptographic key vulnerability in QSAN Storage Mana ...) + NOT-FOR-US: QSAN +CVE-2021-32519 (Use of password hash with insufficient computational effort vulnerabil ...) + NOT-FOR-US: QSAN +CVE-2021-32518 (A vulnerability in share_link in QSAN Storage Manager allows remote at ...) + NOT-FOR-US: QSAN +CVE-2021-32517 (Improper access control vulnerability in share_link in QSAN Storage Ma ...) + NOT-FOR-US: QSAN +CVE-2021-32516 (Path traversal vulnerability in share_link in QSAN Storage Manager all ...) + NOT-FOR-US: QSAN +CVE-2021-32515 (Directory listing vulnerability in share_link in QSAN Storage Manager ...) + NOT-FOR-US: QSAN +CVE-2021-32514 (Improper access control vulnerability in FirmwareUpgrade in QSAN Stora ...) + NOT-FOR-US: QSAN +CVE-2021-32513 (QsanTorture in QSAN Storage Manager does not filter special parameters ...) + NOT-FOR-US: QSAN +CVE-2021-32512 (QuickInstall in QSAN Storage Manager does not filter special parameter ...) + NOT-FOR-US: QSAN +CVE-2021-32511 (QSAN Storage Manager through directory listing vulnerability in ViewBr ...) + NOT-FOR-US: QSAN +CVE-2021-32510 (QSAN Storage Manager through directory listing vulnerability in antivi ...) + NOT-FOR-US: QSAN +CVE-2021-32509 (Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage M ...) + NOT-FOR-US: QSAN +CVE-2021-32508 (Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage ...) + NOT-FOR-US: QSAN +CVE-2021-32507 (Absolute Path Traversal vulnerability in FileDownload in QSAN Storage ...) + NOT-FOR-US: QSAN +CVE-2021-32506 (Absolute Path Traversal vulnerability in GetImage in QSAN Storage Mana ...) + NOT-FOR-US: QSAN +CVE-2021-32505 + RESERVED +CVE-2021-32504 + RESERVED +CVE-2021-32503 + RESERVED +CVE-2021-32502 + RESERVED +CVE-2021-32501 + RESERVED +CVE-2021-32500 + RESERVED +CVE-2021-32499 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...) + NOT-FOR-US: SICK SOPAS ET +CVE-2021-32498 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...) + NOT-FOR-US: SICK SOPAS ET +CVE-2021-32497 (SICK SOPAS ET before version 4.8.0 allows attackers to wrap any execut ...) + NOT-FOR-US: SICK SOPAS ET +CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...) + NOT-FOR-US: SICK Visionary-S CX +CVE-2021-32495 + RESERVED +CVE-2021-32494 + RESERVED +CVE-2021-32489 (An issue was discovered in the _send_secure_msg() function of Yubico y ...) + NOT-FOR-US: Yubico yubihsm-shell +CVE-2021-32488 + RESERVED +CVE-2021-32487 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) + NOT-FOR-US: modem 2G RRM +CVE-2021-32486 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) + NOT-FOR-US: modem 2G RRM +CVE-2021-32485 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) + NOT-FOR-US: modem 2G RRM +CVE-2021-32484 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) + NOT-FOR-US: modem 2G RRM +CVE-2021-32483 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...) + NOT-FOR-US: Cloudera Manager +CVE-2021-32482 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the ...) + NOT-FOR-US: Cloudera Manager +CVE-2021-32481 (Cloudera Hue 4.6.0 allows XSS via the type parameter. ...) + NOT-FOR-US: Cloudera Hue +CVE-2021-32480 + RESERVED +CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17 ...) + - thunar 4.16.8-1 (bug #988394) + [buster] - thunar <no-dsa> (Minor issue) + [stretch] - thunar <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/09/2 + NOTE: Fixed by: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b + NOTE: Regression fix: https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664 + NOTE: Regression: https://gitlab.xfce.org/xfce/thunar/-/issues/575 +CVE-2021-3546 (An out-of-bounds write vulnerability was found in the virtio vhost-use ...) + {DSA-4980-1} + - qemu 1:6.1+dfsg-1 (bug #989042) + [buster] - qemu <not-affected> (Only minimal support present and not installed in binary packages) + [stretch] - qemu <not-affected> (The vulnerable code was introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958978 + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01154.html + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/9f22893a +CVE-2021-3542 + REJECTED +CVE-2021-32493 (A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overfl ...) + {DSA-5032-1 DLA-2667-1} + - djvulibre 3.5.28-2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424 + NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #3 / Patch12) +CVE-2021-32492 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds rea ...) + {DSA-5032-1 DLA-2667-1} + - djvulibre 3.5.28-2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410 + NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #1 / Patch10) +CVE-2021-32491 (A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow ...) + {DSA-5032-1 DLA-2667-1} + - djvulibre 3.5.28-2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409 + NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #5 / Patch9) +CVE-2021-32490 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds wri ...) + {DSA-5032-1 DLA-2667-1} + - djvulibre 3.5.28-2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408 + NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #4 / Patch8) +CVE-2021-3541 (A flaw was found in libxml2. Exponential entity expansion attack its p ...) + {DLA-2669-1} + - libxml2 2.9.10+dfsg-6.7 (bug #988603) + [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950515 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/228 (currently private) + NOTE: https://blog.hartwork.org/posts/cve-2021-3541-parameter-laughs-fixed-in-libxml2-2-9-11/ +CVE-2021-32479 + RESERVED +CVE-2021-32478 + RESERVED +CVE-2021-32477 + RESERVED +CVE-2021-32476 + RESERVED +CVE-2021-32475 + RESERVED +CVE-2021-32474 + RESERVED +CVE-2021-32473 + RESERVED +CVE-2021-32472 + RESERVED +CVE-2021-32471 (Insufficient input validation in the Marvin Minsky 1967 implementation ...) + NOT-FOR-US: Marvin Minsky 1967 implementation of the Universal Turing Machine +CVE-2021-32470 (Craft CMS before 3.6.13 has an XSS vulnerability. ...) + NOT-FOR-US: Craft CMS +CVE-2021-32469 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-32468 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-32467 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-32466 (An uncontrolled search path element privilege escalation vulnerability ...) + NOT-FOR-US: Trend Micro +CVE-2021-32465 (An incorrect permission preservation vulnerability in Trend Micro Apex ...) + NOT-FOR-US: Trend Micro +CVE-2021-32464 (An incorrect permission assignment privilege escalation vulnerability ...) + NOT-FOR-US: Trend Micro +CVE-2021-32463 (An incorrect permission assignment denial-of-service vulnerability in ...) + NOT-FOR-US: Trend Micro +CVE-2021-32462 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...) + NOT-FOR-US: Trend Micro +CVE-2021-32461 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...) + NOT-FOR-US: Trend Micro +CVE-2021-32460 (The Trend Micro Maximum Security 2021 (v17) consumer product is vulner ...) + NOT-FOR-US: Trend Micro +CVE-2021-32459 (Trend Micro Home Network Security version 6.6.604 and earlier contains ...) + NOT-FOR-US: Trend Micro +CVE-2021-32458 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...) + NOT-FOR-US: Trend Micro +CVE-2021-32457 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...) + NOT-FOR-US: Trend Micro +CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...) + NOT-FOR-US: SITEL CAP/PRX firmware +CVE-2021-32455 (SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access ...) + NOT-FOR-US: SITEL CAP/PRX firmware +CVE-2021-32454 (SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded passwor ...) + NOT-FOR-US: SITEL CAP/PRX firmware +CVE-2021-32453 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...) + NOT-FOR-US: SITEL CAP/PRX firmware +CVE-2021-3540 (By abusing the 'install rpm info detail' command, an attacker can esca ...) + NOT-FOR-US: Ivanti MobileIron Core +CVE-2021-32452 + RESERVED +CVE-2021-32451 + RESERVED +CVE-2021-32450 + RESERVED +CVE-2021-32449 + RESERVED +CVE-2021-32448 + RESERVED +CVE-2021-32447 + RESERVED +CVE-2021-32446 + RESERVED +CVE-2021-32445 + RESERVED +CVE-2021-32444 + RESERVED +CVE-2021-32443 + RESERVED +CVE-2021-32442 + RESERVED +CVE-2021-32441 + RESERVED +CVE-2021-32440 (The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to ca ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + [stretch] - gpac <ignored> (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor <no-dsa> (Minor issue) + [buster] - ccextractor <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011 + NOTE: https://github.com/gpac/gpac/issues/1772 +CVE-2021-32439 (Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0. ...) + - gpac <unfixed> + [stretch] - gpac <postponed> (Minor issue; can be fixed in next update) + NOTE: https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae + NOTE: https://github.com/gpac/gpac/issues/1774 +CVE-2021-32438 (The gf_media_export_filters function in GPAC 1.0.1 allows attackers to ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/00194f5fe462123f70b0bae7987317b52898b868 + NOTE: https://github.com/gpac/gpac/issues/1769 +CVE-2021-32437 (The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to caus ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + [stretch] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e + NOTE: https://github.com/gpac/gpac/issues/1770 +CVE-2021-32436 + RESERVED +CVE-2021-32435 + RESERVED +CVE-2021-32434 + RESERVED +CVE-2021-32433 + RESERVED +CVE-2021-32432 + RESERVED +CVE-2021-32431 + RESERVED +CVE-2021-32430 + RESERVED +CVE-2021-32429 + RESERVED +CVE-2021-32428 + RESERVED +CVE-2021-32427 + RESERVED +CVE-2021-32426 (In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary Ja ...) + NOT-FOR-US: TrendNet TW100-S4W1CA +CVE-2021-32425 + RESERVED +CVE-2021-32424 (In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session contr ...) + NOT-FOR-US: TrendNet TW100-S4W1CA +CVE-2021-32423 + RESERVED +CVE-2021-32422 + RESERVED +CVE-2021-32421 + RESERVED +CVE-2021-32420 + RESERVED +CVE-2021-32419 + RESERVED +CVE-2021-32418 + RESERVED +CVE-2021-32417 + RESERVED +CVE-2021-32416 + RESERVED +CVE-2021-32415 + RESERVED +CVE-2021-32414 + RESERVED +CVE-2021-32413 + RESERVED +CVE-2021-32412 + RESERVED +CVE-2021-32411 + RESERVED +CVE-2021-32410 + RESERVED +CVE-2021-32409 + RESERVED +CVE-2021-32408 + RESERVED +CVE-2021-32407 + RESERVED +CVE-2021-32406 + RESERVED +CVE-2021-32405 + RESERVED +CVE-2021-32404 + RESERVED +CVE-2021-32403 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...) + NOT-FOR-US: Intelbras Router RF 301K Firmware +CVE-2021-32402 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...) + NOT-FOR-US: Intelbras Router RF 301K Firmware +CVE-2021-32401 + RESERVED +CVE-2021-32400 + RESERVED +CVE-2021-32399 (net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a r ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/2 +CVE-2021-32398 + RESERVED +CVE-2021-32397 + RESERVED +CVE-2021-32396 + RESERVED +CVE-2021-32395 + RESERVED +CVE-2021-32394 + RESERVED +CVE-2021-32393 + RESERVED +CVE-2021-32392 + RESERVED +CVE-2021-32391 + RESERVED +CVE-2021-32390 + RESERVED +CVE-2021-32389 + RESERVED +CVE-2021-32388 + RESERVED +CVE-2021-32387 + RESERVED +CVE-2021-32386 + RESERVED +CVE-2021-32385 + RESERVED +CVE-2021-32384 + RESERVED +CVE-2021-32383 + RESERVED +CVE-2021-32382 + RESERVED +CVE-2021-32381 + RESERVED +CVE-2021-32380 + RESERVED +CVE-2021-32379 + RESERVED +CVE-2021-32378 + RESERVED +CVE-2021-32377 + RESERVED +CVE-2021-32376 + RESERVED +CVE-2021-32375 + RESERVED +CVE-2021-32374 + RESERVED +CVE-2021-32373 + RESERVED +CVE-2021-32372 + RESERVED +CVE-2021-32371 + RESERVED +CVE-2021-32370 + RESERVED +CVE-2021-32369 + RESERVED +CVE-2021-32368 + RESERVED +CVE-2021-32367 + RESERVED +CVE-2021-32366 + RESERVED +CVE-2021-32365 + RESERVED +CVE-2021-32364 + RESERVED +CVE-2021-32363 + RESERVED +CVE-2021-32362 + RESERVED +CVE-2021-32361 + RESERVED +CVE-2021-32360 + RESERVED +CVE-2021-32359 + RESERVED +CVE-2021-32358 + RESERVED +CVE-2021-32357 + RESERVED +CVE-2021-32356 + RESERVED +CVE-2021-32355 + RESERVED +CVE-2021-32354 + RESERVED +CVE-2021-32353 + RESERVED +CVE-2021-32352 + RESERVED +CVE-2021-32351 + RESERVED +CVE-2021-32350 + RESERVED +CVE-2021-32349 + RESERVED +CVE-2021-32348 + RESERVED +CVE-2021-32347 + RESERVED +CVE-2021-32346 + RESERVED +CVE-2021-32345 + RESERVED +CVE-2021-32344 + RESERVED +CVE-2021-32343 + RESERVED +CVE-2021-32342 + RESERVED +CVE-2021-32341 + RESERVED +CVE-2021-32340 + RESERVED +CVE-2021-32339 + RESERVED +CVE-2021-32338 + RESERVED +CVE-2021-32337 + RESERVED +CVE-2021-32336 + RESERVED +CVE-2021-32335 + RESERVED +CVE-2021-32334 + RESERVED +CVE-2021-32333 + RESERVED +CVE-2021-32332 + RESERVED +CVE-2021-32331 + RESERVED +CVE-2021-32330 + RESERVED +CVE-2021-32329 + RESERVED +CVE-2021-32328 + RESERVED +CVE-2021-32327 + RESERVED +CVE-2021-32326 + RESERVED +CVE-2021-32325 + RESERVED +CVE-2021-32324 + RESERVED +CVE-2021-32323 + RESERVED +CVE-2021-32322 + RESERVED +CVE-2021-32321 + RESERVED +CVE-2021-32320 + RESERVED +CVE-2021-32319 + RESERVED +CVE-2021-32318 + RESERVED +CVE-2021-32317 + RESERVED +CVE-2021-32316 + RESERVED +CVE-2021-32315 + RESERVED +CVE-2021-32314 + RESERVED +CVE-2021-32313 + RESERVED +CVE-2021-32312 + RESERVED +CVE-2021-32311 + RESERVED +CVE-2021-32310 + RESERVED +CVE-2021-32309 + RESERVED +CVE-2021-32308 + RESERVED +CVE-2021-32307 + RESERVED +CVE-2021-32306 + RESERVED +CVE-2021-32305 (WebSVN before 2.6.1 allows remote attackers to execute arbitrary comma ...) + - websvn <removed> +CVE-2021-32304 + RESERVED +CVE-2021-32303 + RESERVED +CVE-2021-32302 + RESERVED +CVE-2021-32301 + RESERVED +CVE-2021-32300 + RESERVED +CVE-2021-32299 (An issue was discovered in pbrt through 20200627. A stack-buffer-overf ...) + NOT-FOR-US: pbrt +CVE-2021-32298 (An issue was discovered in libiff through 20190123. A global-buffer-ov ...) + NOT-FOR-US: libiff +CVE-2021-32297 (An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow ...) + NOT-FOR-US: LIEF +CVE-2021-32296 + RESERVED +CVE-2021-32295 + RESERVED +CVE-2021-32294 (An issue was discovered in libgig through 20200507. A heap-buffer-over ...) + - libgig <unfixed> + [bullseye] - libgig <ignored> (Minor issue) + [buster] - libgig <ignored> (Minor issue) + [stretch] - libgig <postponed> (Minor issue, revisit when/if fixed upstream) + NOTE: https://github.com/drbye78/libgig/issues/1 +CVE-2021-32293 + RESERVED +CVE-2021-32292 + RESERVED +CVE-2021-32291 + RESERVED +CVE-2021-32290 + RESERVED +CVE-2021-32289 (An issue was discovered in heif through through v3.6.2. A NULL pointer ...) + NOT-FOR-US: Nokia HEIF implementation (different from libheif) +CVE-2021-32288 (An issue was discovered in heif through v3.6.2. A global-buffer-overfl ...) + NOT-FOR-US: Nokia HEIF implementation (different from libheif) +CVE-2021-32287 (An issue was discovered in heif through v3.6.2. A global-buffer-overfl ...) + NOT-FOR-US: Nokia HEIF implementation (different from libheif) +CVE-2021-32286 (An issue was discovered in hcxtools through 6.1.6. A global-buffer-ove ...) + - hcxtools 6.2.4-1 (bug #994790) + [bullseye] - hcxtools <no-dsa> (Minor issue) + NOTE: https://github.com/ZerBea/hcxtools/issues/155 + NOTE: https://github.com/ZerBea/hcxtools/commit/e6505ddc262bc3254b39844895ebac70861001d2 (6.1.2) +CVE-2021-32285 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) + NOT-FOR-US: Gravity +CVE-2021-32284 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) + NOT-FOR-US: Gravity +CVE-2021-32283 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) + NOT-FOR-US: Gravity +CVE-2021-32282 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) + NOT-FOR-US: Gravity +CVE-2021-32281 (An issue was discovered in gravity through 0.8.1. A heap-buffer-overfl ...) + NOT-FOR-US: Gravity +CVE-2021-32280 (An issue was discovered in fig2dev before 3.2.8.. A NULL pointer deref ...) + {DLA-2778-1} + - fig2dev 1:3.2.7b-5 (bug #960736) + [buster] - fig2dev <no-dsa> (Minor issue) + - transfig <removed> + NOTE: https://sourceforge.net/p/mcj/tickets/107/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/ +CVE-2021-32279 + RESERVED +CVE-2021-32278 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...) + {DLA-2792-1} + - faad2 2.10.0-1 + NOTE: https://github.com/knik0/faad2/issues/62 + NOTE: https://github.com/knik0/faad2/commit/e19a5e491354e0e4664d02b796dacee28fb2521e (2_10_0) +CVE-2021-32277 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...) + {DLA-2792-1} + - faad2 2.10.0-1 + NOTE: https://github.com/knik0/faad2/issues/59 + NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0) +CVE-2021-32276 (An issue was discovered in faad2 through 2.10.0. A NULL pointer derefe ...) + {DLA-2792-1} + - faad2 2.10.0-1 + NOTE: https://github.com/knik0/faad2/issues/58 + NOTE: https://github.com/knik0/faad2/commit/b58840121d1827b4b6c7617e2431589af1776ddc (2_10_0) +CVE-2021-32275 (An issue was discovered in faust through v2.30.5. A NULL pointer deref ...) + - faust <unfixed> (unimportant) + NOTE: https://github.com/grame-cncm/faust/issues/482 + NOTE: Negligible security impact +CVE-2021-32274 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...) + {DLA-2792-1} + - faad2 2.10.0-1 + NOTE: https://github.com/knik0/faad2/issues/60 + NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0) +CVE-2021-32273 (An issue was discovered in faad2 through 2.10.0. A stack-buffer-overfl ...) + - faad2 2.10.0-1 + [stretch] - faad2 <not-affected> (Vulnerable code not present, introduced in 2.8.2) + NOTE: https://github.com/knik0/faad2/issues/56 + NOTE: https://github.com/knik0/faad2/commit/1073aeef823cafd844704389e9a497c257768e2f (2_10_0) +CVE-2021-32272 (An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow ...) + - faad2 2.10.0-1 + [stretch] - faad2 <not-affected> (Vulnerable code not present, introduced in 2.8.2) + NOTE: https://github.com/knik0/faad2/issues/57 + NOTE: https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24 (2_10_0) +CVE-2021-32271 (An issue was discovered in gpac through 20200801. A stack-buffer-overf ...) + - gpac 1.0.1+dfsg1-2 + NOTE: https://github.com/gpac/gpac/commit/71f1d75eaf71f47944ddbd9356fb498ca252b19a (v1.0.1) + NOTE: https://github.com/gpac/gpac/issues/1575 +CVE-2021-32270 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...) + - gpac 1.0.1+dfsg1-2 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/1586 + NOTE: https://github.com/gpac/gpac/commit/362fc486b5c0eea04f26793d5623f6a9272bd85a (v1.0.1) +CVE-2021-32269 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...) + - gpac 1.0.1+dfsg1-2 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/1574 + NOTE: https://github.com/gpac/gpac/commit/fc4d8f594acfd97fc750403cca734671bb623afc (v1.0.1) +CVE-2021-32268 (Buffer overflow vulnerability in function gf_fprintf in os_file.c in g ...) + - gpac 1.0.1+dfsg1-2 + NOTE: https://github.com/gpac/gpac/issues/1587 + NOTE: https://github.com/gpac/gpac/commit/388ecce75d05e11fc8496aa4857b91245007d26e (v1.0.1) +CVE-2021-32267 + RESERVED +CVE-2021-32266 + RESERVED +CVE-2021-32265 (An issue was discovered in Bento4 through v1.6.0-637. A global-buffer- ...) + NOT-FOR-US: Bento4 +CVE-2021-32264 + RESERVED +CVE-2021-32263 (ok-file-formats through 2021-04-29 has a heap-based buffer overflow in ...) + NOT-FOR-US: ok-file-formats +CVE-2021-32262 + RESERVED +CVE-2021-32261 + RESERVED +CVE-2021-32260 + RESERVED +CVE-2021-32259 + REJECTED +CVE-2021-32258 + RESERVED +CVE-2021-32257 + RESERVED +CVE-2021-32256 + RESERVED +CVE-2021-32255 + RESERVED +CVE-2021-32254 + RESERVED +CVE-2021-32253 + RESERVED +CVE-2021-32252 + RESERVED +CVE-2021-32251 + RESERVED +CVE-2021-32250 + RESERVED +CVE-2021-32249 + RESERVED +CVE-2021-32248 + RESERVED +CVE-2021-32247 + RESERVED +CVE-2021-32246 + RESERVED +CVE-2021-32245 (In PageKit v1.0.18, a user can upload SVG files in the file upload por ...) + NOT-FOR-US: PageKit CMS +CVE-2021-32244 (Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to ...) + - moodle <removed> +CVE-2021-32243 (FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). ...) + NOT-FOR-US: FOGProject +CVE-2021-32242 + RESERVED +CVE-2021-32241 + RESERVED +CVE-2021-32240 + RESERVED +CVE-2021-32239 + RESERVED +CVE-2021-32238 (Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Ove ...) + NOT-FOR-US: Epic Games / Psyonix Rocket League +CVE-2021-32237 + RESERVED +CVE-2021-32236 + RESERVED +CVE-2021-32235 + RESERVED +CVE-2021-32234 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows r ...) + NOT-FOR-US: SmarterTools +CVE-2021-32233 (SmarterTools SmarterMail before Build 7776 allows XSS. ...) + NOT-FOR-US: SmarterTools SmarterMail +CVE-2021-32232 + RESERVED +CVE-2021-32231 + RESERVED +CVE-2021-32230 + RESERVED +CVE-2021-32229 + RESERVED +CVE-2021-32228 + RESERVED +CVE-2021-32227 + RESERVED +CVE-2021-32226 + RESERVED +CVE-2021-32225 + RESERVED +CVE-2021-32224 + RESERVED +CVE-2021-32223 + RESERVED +CVE-2021-32222 + RESERVED +CVE-2021-32221 + RESERVED +CVE-2021-32220 + RESERVED +CVE-2021-32219 + RESERVED +CVE-2021-32218 + RESERVED +CVE-2021-32217 + RESERVED +CVE-2021-32216 + RESERVED +CVE-2021-32215 + RESERVED +CVE-2021-32214 + RESERVED +CVE-2021-32213 + RESERVED +CVE-2021-32212 + RESERVED +CVE-2021-32211 + RESERVED +CVE-2021-32210 + RESERVED +CVE-2021-32209 + RESERVED +CVE-2021-32208 + RESERVED +CVE-2021-32207 + RESERVED +CVE-2021-32206 + RESERVED +CVE-2021-32205 + RESERVED +CVE-2021-32204 + RESERVED +CVE-2021-32203 + RESERVED +CVE-2021-32202 (In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by ...) + NOT-FOR-US: CS-Cart +CVE-2021-32201 + RESERVED +CVE-2021-32200 + RESERVED +CVE-2021-32199 + RESERVED +CVE-2021-32198 (EmTec ZOC through 8.02.4 allows remote servers to cause a denial of se ...) + NOT-FOR-US: EmTec ZOC +CVE-2021-32197 + RESERVED +CVE-2021-32196 + RESERVED +CVE-2021-32195 + RESERVED +CVE-2021-32194 + RESERVED +CVE-2021-32193 + RESERVED +CVE-2021-32192 + RESERVED +CVE-2021-32191 + RESERVED +CVE-2021-32190 + RESERVED +CVE-2021-32189 + RESERVED +CVE-2021-32188 + RESERVED +CVE-2021-32187 + RESERVED +CVE-2021-32186 + RESERVED +CVE-2021-32185 + RESERVED +CVE-2021-32184 + RESERVED +CVE-2021-32183 + RESERVED +CVE-2021-32182 + RESERVED +CVE-2021-32181 + RESERVED +CVE-2021-32180 + RESERVED +CVE-2021-32179 + RESERVED +CVE-2021-32178 + RESERVED +CVE-2021-32177 + RESERVED +CVE-2021-32176 + RESERVED +CVE-2021-32175 + RESERVED +CVE-2021-32174 + RESERVED +CVE-2021-32173 + RESERVED +CVE-2021-32172 (Maian Cart v3.8 contains a preauthorization remote code execution (RCE ...) + NOT-FOR-US: Maian Cart +CVE-2021-32171 + RESERVED +CVE-2021-32170 + RESERVED +CVE-2021-32169 + RESERVED +CVE-2021-32168 + RESERVED +CVE-2021-32167 + RESERVED +CVE-2021-32166 + RESERVED +CVE-2021-32165 + RESERVED +CVE-2021-32164 + RESERVED +CVE-2021-32163 + RESERVED +CVE-2021-32162 + RESERVED +CVE-2021-32161 + RESERVED +CVE-2021-32160 + RESERVED +CVE-2021-32159 + RESERVED +CVE-2021-32158 + RESERVED +CVE-2021-32157 + RESERVED +CVE-2021-32156 + RESERVED +CVE-2021-32155 + RESERVED +CVE-2021-32154 + RESERVED +CVE-2021-32153 + RESERVED +CVE-2021-32152 + RESERVED +CVE-2021-32151 + RESERVED +CVE-2021-32150 + RESERVED +CVE-2021-32149 + RESERVED +CVE-2021-32148 + RESERVED +CVE-2021-32147 + RESERVED +CVE-2021-32146 + RESERVED +CVE-2021-32145 + RESERVED +CVE-2021-32144 + RESERVED +CVE-2021-32143 + RESERVED +CVE-2021-32142 + RESERVED +CVE-2021-32141 + RESERVED +CVE-2021-32140 + RESERVED +CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to c ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + [stretch] - gpac <ignored> (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor <not-affected> (Vulnerable code introduced later) + [buster] - ccextractor <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e + NOTE: https://github.com/gpac/gpac/issues/1768 +CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a d ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + [stretch] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/289ffce3e0d224d314f5f92a744d5fe35999f20b + NOTE: https://github.com/gpac/gpac/issues/1767 +CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4Box in ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + [stretch] - gpac <ignored> (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor <no-dsa> (Minor issue) + [buster] - ccextractor <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca + NOTE: https://github.com/gpac/gpac/issues/1766 +CVE-2021-32136 (Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0. ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + [stretch] - gpac <ignored> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed + NOTE: https://github.com/gpac/gpac/issues/1765 +CVE-2021-32135 (The trak_box_size function in GPAC 1.0.1 allows attackers to cause a d ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/b8f8b202d4fc23eb0ab4ce71ae96536ca6f5d3f8 + NOTE: https://github.com/gpac/gpac/issues/1757 +CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <ignored> (Minor issue) + [stretch] - gpac <ignored> (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor <not-affected> (Vulnerable code introduced later) + [buster] - ccextractor <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01 + NOTE: https://github.com/gpac/gpac/issues/1756 +CVE-2021-32133 + RESERVED +CVE-2021-32132 (The abst_box_size function in GPAC 1.0.1 allows attackers to cause a d ...) + - gpac <unfixed> + [bullseye] - gpac <ignored> (Minor issue) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/e74be5976a6fee059c638050a237893f7e9a3b23 + NOTE: https://github.com/gpac/gpac/issues/1753 +CVE-2021-32131 + RESERVED +CVE-2021-32130 + RESERVED +CVE-2021-32129 + RESERVED +CVE-2021-32128 + RESERVED +CVE-2021-32127 + RESERVED +CVE-2021-32126 + RESERVED +CVE-2021-32125 + RESERVED +CVE-2021-32124 + RESERVED +CVE-2021-32123 + RESERVED +CVE-2021-32122 (Certain NETGEAR devices are affected by CSRF. This affects EX3700 befo ...) + NOT-FOR-US: Netgear +CVE-2021-32121 + RESERVED +CVE-2021-32120 + RESERVED +CVE-2021-32119 + RESERVED +CVE-2021-32118 + RESERVED +CVE-2021-32117 + RESERVED +CVE-2021-32116 + RESERVED +CVE-2021-32115 + RESERVED +CVE-2021-32114 + RESERVED +CVE-2021-32113 + RESERVED +CVE-2021-32112 + RESERVED +CVE-2021-32111 + RESERVED +CVE-2021-32110 + RESERVED +CVE-2021-32109 + RESERVED +CVE-2021-32108 + RESERVED +CVE-2021-32107 + RESERVED +CVE-2021-32106 (In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified i ...) + NOT-FOR-US: ICEcoder +CVE-2021-32105 + RESERVED +CVE-2021-32104 (A SQL injection vulnerability exists (with user privileges) in interfa ...) + NOT-FOR-US: OpenEMR +CVE-2021-32103 (A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php ...) + NOT-FOR-US: OpenEMR +CVE-2021-32102 (A SQL injection vulnerability exists (with user privileges) in library ...) + NOT-FOR-US: OpenEMR +CVE-2021-32101 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect acces ...) + NOT-FOR-US: OpenEMR +CVE-2021-32100 (A remote file inclusion vulnerability exists in Artica Pandora FMS 742 ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2021-32099 (A SQL injection vulnerability in the pandora_console component of Arti ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2021-32098 (Artica Pandora FMS 742 allows unauthenticated attackers to perform Pha ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2021-32097 + RESERVED +CVE-2021-32096 (The ConsoleAction component of U.S. National Security Agency (NSA) Emi ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32095 (U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authentic ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32094 (U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authentic ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32093 (The ConfigFileAction component of U.S. National Security Agency (NSA) ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32092 (A Cross-site scripting (XSS) vulnerability in the DocumentAction compo ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32091 (A Cross-site scripting (XSS) vulnerability exists in StackLift LocalSt ...) + NOT-FOR-US: StackList LocalStack +CVE-2021-32090 (The dashboard component of StackLift LocalStack 0.12.6 allows attacker ...) + NOT-FOR-US: StackList LocalStack +CVE-2021-32089 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on Zebra (form ...) + NOT-FOR-US: Zebra +CVE-2021-32088 + RESERVED +CVE-2021-32087 + RESERVED +CVE-2021-32086 + RESERVED +CVE-2021-32085 + RESERVED +CVE-2021-32084 + RESERVED +CVE-2021-32083 + RESERVED +CVE-2021-32082 + RESERVED +CVE-2021-32081 + RESERVED +CVE-2021-32080 + RESERVED +CVE-2021-32079 + RESERVED +CVE-2021-32078 (An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/perso ...) + - linux 5.14.6-1 (unimportant) + NOTE: https://kirtikumarar.com/CVE-2021-32078.txt + NOTE: https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f (5.13-rc1) +CVE-2021-3539 (EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site ...) + NOT-FOR-US: EspoCRM +CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from commit ...) + - golang-github-satori-go.uuid <not-affected> (Vulnerable code introduced later and not in any released version) + NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488 + NOTE: Possibly introduced by: https://github.com/satori/go.uuid/commit/0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c + NOTE: Fixed by: https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45 + NOTE: https://github.com/satori/go.uuid/issues/73 +CVE-2021-32077 (Primary Source Verification in VerityStream MSOW Solutions before 3.1. ...) + NOT-FOR-US: VerityStream MSOW Solutions +CVE-2021-32076 (Access Restriction Bypass via referrer spoof was discovered in SolarWi ...) + NOT-FOR-US: SolarWinds +CVE-2021-32075 (Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. ...) + NOT-FOR-US: Re-Logic Terraria +CVE-2021-32074 (HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows a ...) + NOT-FOR-US: HashiCorp vault-action (aka Vault GitHub Action) +CVE-2021-32073 (DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote at ...) + NOT-FOR-US: DedeCMS +CVE-2021-32072 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...) + NOT-FOR-US: Mitel +CVE-2021-32071 (The MiCollab Client service in Mitel MiCollab before 9.3 could allow a ...) + NOT-FOR-US: Mitel +CVE-2021-32070 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...) + NOT-FOR-US: Mitel +CVE-2021-32069 (The AWV component of Mitel MiCollab before 9.3 could allow an attacker ...) + NOT-FOR-US: Mitel +CVE-2021-32068 (The AWV and MiCollab Client Service components in Mitel MiCollab befor ...) + NOT-FOR-US: Mitel +CVE-2021-32067 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...) + NOT-FOR-US: Mitel +CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...) + {DSA-5066-1 DLA-2780-1} + - ruby2.7 2.7.4-1 (bug #990815) + - ruby2.5 <removed> + - ruby2.3 <removed> + - jruby <unfixed> + [buster] - jruby <no-dsa> (Minor issue) + [stretch] - jruby <no-dsa> (Minor issue) + NOTE: https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/ + NOTE: https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a (2.7) +CVE-2021-32065 + RESERVED +CVE-2021-32064 + RESERVED +CVE-2021-32063 + RESERVED +CVE-2021-32062 (MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x ...) + [experimental] - mapserver 7.6.3-1~exp1 + - mapserver 7.6.2-2 (bug #988208) + [bullseye] - mapserver <ignored> (Minor issue; #988224) + [buster] - mapserver <no-dsa> (Minor issue; will be fixed via point release) + [stretch] - mapserver <postponed> (Minor issue; can be fixed in next update) + NOTE: https://github.com/mapserver/mapserver/issues/6313 + NOTE: https://github.com/MapServer/MapServer/pull/6314 + NOTE: https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732 (branch-7-6) + NOTE: https://github.com/mapserver/mapserver/commit/7db7cbb26b6bc6e651db268e9536836a56e6825a (branch-7-2) + NOTE: https://github.com/mapserver/mapserver/commit/82a3eb5f6c8f75cedd095b909cc4990f3d8a99e1 (branch-7-0) + NOTE: Fixed in 7.0.8, 7.2.3, 7.4.5, 7.6.3 +CVE-2021-3537 (A vulnerability found in libxml2 in versions before 2.9.11 shows that ...) + {DLA-2653-1} + - libxml2 2.9.10+dfsg-6.6 (bug #988123) + [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/243 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/244 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/245 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61 +CVE-2021-3536 (A flaw was found in Wildfly in versions before 23.0.2.Final while crea ...) + - wildfly <itp> (bug #752018) +CVE-2021-3535 (Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting ...) + NOT-FOR-US: Rapid7 +CVE-2021-32061 (S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket ...) + NOT-FOR-US: S3Scanner +CVE-2021-32060 + RESERVED +CVE-2021-32059 + RESERVED +CVE-2021-32058 + RESERVED +CVE-2021-32057 + RESERVED +CVE-2021-32056 (Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remo ...) + - cyrus-imapd 3.2.6-2 + [buster] - cyrus-imapd <not-affected> (Vulnerable code introduced in the 3.2.x series) + [stretch] - cyrus-imapd <not-affected> (Vulnerable code introduced in the 3.2.x series) + NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995 + NOTE: https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released +CVE-2021-32054 (Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers ...) + NOT-FOR-US: Firely/Incendi Spark +CVE-2021-32053 (JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e. ...) + NOT-FOR-US: HAPI FHIR +CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 ( ...) + - python-django 2:2.2.22-1 (bug #988136; unimportant) + NOTE: https://www.djangoproject.com/weblog/2021/may/06/security-releases/ + NOTE: Only an issue in combination with python3.9 3.9.5+ +CVE-2021-32051 (Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via ...) + NOT-FOR-US: Hexagon G!nius Auskunftsportal +CVE-2021-32050 + RESERVED +CVE-2021-32049 + RESERVED +CVE-2021-32048 + RESERVED +CVE-2021-32047 + RESERVED +CVE-2021-32046 + RESERVED +CVE-2021-32045 + RESERVED +CVE-2021-32044 + RESERVED +CVE-2021-32043 + RESERVED +CVE-2021-32042 + RESERVED +CVE-2021-32041 + RESERVED +CVE-2021-32040 + RESERVED +CVE-2021-32039 (Users with appropriate file access may be able to access unencrypted u ...) + NOT-FOR-US: MongoDB VSCode Extension +CVE-2021-32038 + RESERVED +CVE-2021-32037 (An authorized user may trigger an invariant which may result in denial ...) + - mongodb <removed> + [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html) + NOTE: https://jira.mongodb.org/browse/SERVER-59071 +CVE-2021-32036 (An authenticated user without any specific authorizations may be able ...) + - mongodb <removed> + [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html) + NOTE: https://jira.mongodb.org/browse/SERVER-59294 +CVE-2021-32035 + RESERVED +CVE-2021-32034 + RESERVED +CVE-2021-32033 (Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in ...) + NOT-FOR-US: Protectimus SLIM NFC +CVE-2021-32032 (In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated ...) + NOT-FOR-US: Trusted Firmware-M +CVE-2021-32031 + RESERVED +CVE-2021-32055 (Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through ...) + - mutt 2.0.5-4.1 (bug #988106) + [buster] - mutt <not-affected> (Vulnerable code introduced later) + [stretch] - mutt <not-affected> (Vulnerable code introduced later) + - neomutt 20201127+dfsg.1-1.2 (bug #988107) + [buster] - neomutt <not-affected> (Vulnerable code introduced later) + NOTE: https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5 + NOTE: https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc + NOTE: imap_qresync not enabled by default and considered an experimental feature +CVE-2021-32030 (The administrator application on ASUS GT-AC2900 devices before 3.0.0.4 ...) + NOT-FOR-US: ASUS +CVE-2021-32029 (A flaw was found in postgresql. Using an UPDATE ... RETURNING command ...) + {DSA-4915-1} + - postgresql-13 13.3-1 + - postgresql-11 <removed> + - postgresql-9.6 <removed> + [stretch] - postgresql-9.6 <not-affected> (Vulnerable code introduced later) + NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a71cfc56bf6013e3ea1d673acaf73fe7ebbd6bf3 (REL_13_3) +CVE-2021-32028 (A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO ...) + {DSA-4915-1 DLA-2662-1} + - postgresql-13 13.3-1 + - postgresql-11 <removed> + - postgresql-9.6 <removed> + NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4a8656a7ee0c155b0249376af58eb3fc3a90415f (REL_13_3) +CVE-2021-32027 (A flaw was found in postgresql in versions before 13.3, before 12.7, b ...) + {DSA-4915-1 DLA-2662-1} + - postgresql-13 13.3-1 + - postgresql-11 <removed> + - postgresql-9.6 <removed> + NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb (REL_13_3) +CVE-2021-3534 + REJECTED +CVE-2021-3533 (A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR ...) + - ansible <unfixed> + [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream) + [buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream) + - ansible-base <removed> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956477 +CVE-2021-32026 + RESERVED +CVE-2021-32025 + RESERVED +CVE-2021-32024 (A remote code execution vulnerability in the BMP image codec of BlackB ...) + NOT-FOR-US: BlackBerry +CVE-2021-32023 (An elevation of privilege vulnerability in the message broker of Black ...) + NOT-FOR-US: BlackBerry +CVE-2021-32022 (A low privileged delete vulnerability using CEF RPC server of BlackBer ...) + NOT-FOR-US: BlackBerry +CVE-2021-32021 (A denial of service vulnerability in the message broker of BlackBerry ...) + NOT-FOR-US: BlackBerry +CVE-2021-32020 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insuffici ...) + NOT-FOR-US: kernel in Amazon Web Services FreeRTOS +CVE-2021-32019 (There is missing input validation of host names displayed in OpenWrt b ...) + NOT-FOR-US: OpenWrt +CVE-2021-32018 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP A ...) + NOT-FOR-US: JUMP AMS +CVE-2021-32017 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...) + NOT-FOR-US: JUMP AMS +CVE-2021-32016 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...) + NOT-FOR-US: JUMP AMS +CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated mal ...) + NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware +CVE-2021-32014 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...) + NOT-FOR-US: SheetJS +CVE-2021-32013 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...) + NOT-FOR-US: SheetJS +CVE-2021-32012 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...) + NOT-FOR-US: SheetJS +CVE-2021-3532 (A flaw was found in Ansible where the secret information present in as ...) + - ansible <unfixed> + [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream) + [buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream) + - ansible-base <removed> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956464 +CVE-2021-3531 (A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ...) + - ceph 14.2.21-1 (bug #988890) + [buster] - ceph <no-dsa> (Minor issue) + [stretch] - ceph <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/5 + NOTE: Nautilus: https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e + NOTE: Octopus: https://github.com/ceph/ceph/commit/b87e64e3206210580f4a6df2d77f9ae3f1033039 + NOTE: Pacific: https://github.com/ceph/ceph/commit/bf06990ab41d7ac299e4441ad9cd434e926a18e7 +CVE-2021-3530 (A flaw was discovered in GNU libiberty within demangle_path() in rust- ...) + - binutils <unfixed> (unimportant) + NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1925348 + NOTE: binutils not covered by security support +CVE-2021-32011 + RESERVED +CVE-2021-32010 + RESERVED +CVE-2021-32009 + RESERVED +CVE-2021-32008 + RESERVED +CVE-2021-32007 + RESERVED +CVE-2021-32006 + RESERVED +CVE-2021-32005 + RESERVED +CVE-2021-32004 (This issue affects: Secomea GateManager All versions prior to 9.6. Imp ...) + NOT-FOR-US: Secomea GateManager +CVE-2021-32003 (Unprotected Transport of Credentials vulnerability in SiteManager prov ...) + NOT-FOR-US: Secomea SiteManager +CVE-2021-32002 (Improper Access Control vulnerability in web service of Secomea SiteMa ...) + NOT-FOR-US: Secomea SiteManager +CVE-2021-32001 (A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of S ...) + NOT-FOR-US: Rancher +CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-ma ...) + NOT-FOR-US: clone-master-clean-up in SUSE Linux Enterprise Server +CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...) + NOT-FOR-US: Rancher +CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn ...) + - inn2 <not-affected> (SuSE-specific packaging issue) +CVE-2021-31997 (a UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...) + - postorius <not-affected> (SuSE-specific packaging issue) +CVE-2021-31996 (An issue was discovered in the algorithmica crate through 2021-03-07 f ...) + NOT-FOR-US: Rust crate algorithmica +CVE-2021-3529 (A flaw was found in noobaa-core in versions before 5.7.0. This flaw re ...) + NOT-FOR-US: noobaa +CVE-2021-31995 + RESERVED +CVE-2021-31994 + RESERVED +CVE-2021-31993 + RESERVED +CVE-2021-31992 + RESERVED +CVE-2021-31991 + RESERVED +CVE-2021-31990 + RESERVED +CVE-2021-31989 (A user with permission to log on to the machine hosting the AXIS Devic ...) + NOT-FOR-US: AXIS +CVE-2021-31988 (A user controlled parameter related to SMTP test functionality is not ...) + NOT-FOR-US: AXIS +CVE-2021-31987 (A user controlled parameter related to SMTP test functionality is not ...) + NOT-FOR-US: AXIS +CVE-2021-31986 (User controlled parameters related to SMTP notifications are not corre ...) + NOT-FOR-US: AXIS +CVE-2021-31985 (Microsoft Defender Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31984 (Power BI Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31983 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...) + NOT-FOR-US: Microsoft +CVE-2021-31982 + RESERVED +CVE-2021-31981 + RESERVED +CVE-2021-31980 (Microsoft Intune Management Extension Remote Code Execution Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2021-31979 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-31978 (Microsoft Defender Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31977 (Windows Hyper-V Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31976 (Server for NFS Information Disclosure Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-31975 (Server for NFS Information Disclosure Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-31974 (Server for NFS Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31973 (Windows GPSVC Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31972 (Event Tracing for Windows Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31971 (Windows HTML Platform Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31970 (Windows TCP/IP Driver Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31969 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2021-31968 (Windows Remote Desktop Services Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31967 (VP9 Video Extensions Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31966 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-31965 (Microsoft SharePoint Server Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31964 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-31963 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-31962 (Kerberos AppContainer Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31961 (Windows InstallService Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31960 (Windows Bind Filter Driver Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31959 (Scripting Engine Memory Corruption Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31958 (Windows NTLM Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31957 (ASP.NET Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31956 (Windows NTFS Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31955 (Windows Kernel Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31954 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-31953 (Windows Filter Manager Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31952 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31951 (Windows Kernel Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31950 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-31949 (Microsoft Outlook Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31948 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-31947 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-31946 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...) + NOT-FOR-US: Microsoft +CVE-2021-31945 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...) + NOT-FOR-US: Microsoft +CVE-2021-31944 (3D Viewer Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31943 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...) + NOT-FOR-US: Microsoft +CVE-2021-31942 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...) + NOT-FOR-US: Microsoft +CVE-2021-31941 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-31940 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-31939 (Microsoft Excel Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31938 (Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vul ...) + NOT-FOR-US: Microsoft +CVE-2021-31937 + RESERVED +CVE-2021-31936 (Microsoft Accessibility Insights for Web Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-31935 (OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution ...) + NOT-FOR-US: OX App Suite +CVE-2021-31934 (OX App Suite 7.10.4 and earlier allows XSS via a crafted contact objec ...) + NOT-FOR-US: OX App Suite +CVE-2021-31933 (A remote code execution vulnerability exists in Chamilo through 1.11.1 ...) + NOT-FOR-US: Chamilo +CVE-2021-31932 (Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentic ...) + NOT-FOR-US: Nokia +CVE-2021-31931 + RESERVED +CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of Concerto ...) + NOT-FOR-US: Concerto +CVE-2021-31929 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any auth ...) + NOT-FOR-US: Annex Cloud Loyalty Experience Platform +CVE-2021-31928 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any auth ...) + NOT-FOR-US: Annex Cloud Loyalty Experience Platform +CVE-2021-31927 (An Insecure Direct Object Reference (IDOR) vulnerability in Annex Clou ...) + NOT-FOR-US: Annex Cloud Loyalty Experience Platform +CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1. ...) + NOT-FOR-US: CubeCoders AMP +CVE-2021-31925 (Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thu ...) + NOT-FOR-US: Pexip +CVE-2021-31924 (Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the p ...) + - pam-u2f 1.1.0-1.1 (bug #987545) + [buster] - pam-u2f <not-affected> (Vulnerable code not present) + [stretch] - pam-u2f <not-affected> (Vulnerable code not present) + NOTE: https://www.yubico.com/support/security-advisories/ysa-2021-03 + NOTE: https://github.com/Yubico/pam-u2f/commit/6059b057dd9b6d0164fc16f9422c0d728f902bb5 (pam_u2f-1.1.1) + NOTE: https://github.com/Yubico/pam-u2f/issues/175 + NOTE: Support for PIN verification introduced in 1.1.0. +CVE-2021-31923 (Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling vi ...) + NOT-FOR-US: Ping Identity PingAccess +CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffi ...) + NOT-FOR-US: Pulse Secure +CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...) + NOT-FOR-US: noobaa +CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of QEMU. Sma ...) + {DLA-2753-1} + - qemu 1:5.2+dfsg-11 (bug #988157) + [buster] - qemu <no-dsa> (Minor issue) + NOTE: Initial patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html + NOTE: Revisited: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01373.html + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c +CVE-2021-3526 + REJECTED +CVE-2021-3525 + REJECTED +CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...) + {DLA-2735-1} + - ceph 14.2.21-1 (bug #988889) + [buster] - ceph <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674 + NOTE: Fixed by: https://github.com/ceph/ceph/commit/763aebb94678018f89427137ffbc0c5205b1edc1 +CVE-2021-3523 + RESERVED +CVE-2021-31921 (Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploita ...) + NOT-FOR-US: Istio +CVE-2021-31920 (Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable v ...) + NOT-FOR-US: Istio +CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust. When ...) + NOT-FOR-US: Rust crate rkyv +CVE-2021-31918 (A flaw was found in tripleo-ansible version as shipped in Red Hat Open ...) + NOT-FOR-US: tripleo-ansible +CVE-2021-31917 (A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1. ...) + NOT-FOR-US: Infinispan +CVE-2021-31916 (An out-of-bounds (OOB) memory write flaw was found in list_devices in ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.28-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a + NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/1 +CVE-2021-31915 (In JetBrains TeamCity before 2020.2.4, OS command injection leading to ...) + NOT-FOR-US: JetBrains +CVE-2021-31914 (In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execu ...) + NOT-FOR-US: JetBrains +CVE-2021-31913 (In JetBrains TeamCity before 2020.2.3, insufficient checks of the redi ...) + NOT-FOR-US: JetBrains +CVE-2021-31912 (In JetBrains TeamCity before 2020.2.3, account takeover was potentiall ...) + NOT-FOR-US: JetBrains +CVE-2021-31911 (In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on s ...) + NOT-FOR-US: JetBrains +CVE-2021-31910 (In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF ...) + NOT-FOR-US: JetBrains +CVE-2021-31909 (In JetBrains TeamCity before 2020.2.3, argument injection leading to r ...) + NOT-FOR-US: JetBrains +CVE-2021-31908 (In JetBrains TeamCity before 2020.2.3, stored XSS was possible on seve ...) + NOT-FOR-US: JetBrains +CVE-2021-31907 (In JetBrains TeamCity before 2020.2.2, permission checks for changing ...) + NOT-FOR-US: JetBrains +CVE-2021-31906 (In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient ...) + NOT-FOR-US: JetBrains +CVE-2021-31905 (In JetBrains YouTrack before 2020.6.8801, information disclosure in an ...) + NOT-FOR-US: JetBrains +CVE-2021-31904 (In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on ...) + NOT-FOR-US: JetBrains +CVE-2021-31903 (In JetBrains YouTrack before 2021.1.9819, a pull request's title was s ...) + NOT-FOR-US: JetBrains +CVE-2021-31902 (In JetBrains YouTrack before 2020.6.6600, access control during the ex ...) + NOT-FOR-US: JetBrains +CVE-2021-31901 (In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't ...) + NOT-FOR-US: JetBrains +CVE-2021-31900 (In JetBrains Code With Me bundled to the compatible IDE versions befor ...) + NOT-FOR-US: JetBrains +CVE-2021-31899 (In JetBrains Code With Me bundled to the compatible IDEs before versio ...) + NOT-FOR-US: JetBrains +CVE-2021-31898 (In JetBrains WebStorm before 2021.1, HTTP requests were used instead o ...) + NOT-FOR-US: JetBrains +CVE-2021-31897 (In JetBrains WebStorm before 2021.1, code execution without user confi ...) + NOT-FOR-US: JetBrains +CVE-2021-31896 + RESERVED +CVE-2021-31895 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...) + NOT-FOR-US: Siemens +CVE-2021-31894 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + NOT-FOR-US: Siemens +CVE-2021-31893 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + NOT-FOR-US: Siemens +CVE-2021-31892 (A vulnerability has been identified in SINUMERIK Analyse MyCondition ( ...) + NOT-FOR-US: Siemens +CVE-2021-31891 (A vulnerability has been identified in Desigo CC (All versions with OI ...) + NOT-FOR-US: Siemens +CVE-2021-31890 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31889 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31888 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31887 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31886 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31885 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31884 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31883 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31882 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31881 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31880 + RESERVED +CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a ...) + - wget <unfixed> (bug #988209) + [bullseye] - wget <no-dsa> (Minor issue) + [buster] - wget <no-dsa> (Minor issue) + [stretch] - wget <postponed> (Minor issue; can be fixed in next update) + NOTE: https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html +CVE-2021-31878 (An issue was discovered in PJSIP in Asterisk before 16.19.1 and before ...) + - asterisk <not-affected> (Vulnerability introduced in 16.17.0) + NOTE: http://downloads.asterisk.org/pub/security/AST-2021-007.html + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29381 +CVE-2021-31877 + REJECTED +CVE-2021-31876 (Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the rep ...) + - bitcoin <unfixed> + NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876 + NOTE: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html +CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSO ...) + NOT-FOR-US: Cesanta MongooseOS mJS +CVE-2021-31874 (Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, ...) + NOT-FOR-US: Zoho +CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in the malloc ...) + {DLA-2695-1} + - klibc 2.0.8-6 (bug #989505) + [buster] - klibc 2.0.6-1+deb10u1 + NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202 + NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 +CVE-2021-31872 (An issue was discovered in klibc before 2.0.9. Multiple possible integ ...) + {DLA-2695-1} + - klibc 2.0.8-6 (bug #989505) + [buster] - klibc 2.0.6-1+deb10u1 + NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff + NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 +CVE-2021-31871 (An issue was discovered in klibc before 2.0.9. An integer overflow in ...) + {DLA-2695-1} + - klibc 2.0.8-6 (bug #989505) + [buster] - klibc 2.0.6-1+deb10u1 + NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5 + NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 +CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in the c ...) + {DLA-2695-1} + - klibc 2.0.8-6 (bug #989505) + [buster] - klibc 2.0.6-1+deb10u1 + NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2 + NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 +CVE-2021-3521 + RESERVED + - rpm <unfixed> + [bullseye] - rpm <no-dsa> (Minor issue) + [buster] - rpm <no-dsa> (Minor issue) + [stretch] - rpm <no-dsa> (Minor issue) + NOTE: https://github.com/rpm-software-management/rpm/pull/1788 +CVE-2021-3520 (There's a flaw in lz4. An attacker who submits a crafted file to an ap ...) + {DSA-4919-1 DLA-2657-1} + - lz4 1.9.3-2 (bug #987856) + NOTE: https://github.com/lz4/lz4/pull/972 + NOTE: Fixed by: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7 +CVE-2021-31869 (Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injec ...) + NOT-FOR-US: Pimcore +CVE-2021-31868 (Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users o ...) + NOT-FOR-US: Rapid7 Nexpose +CVE-2021-31867 (Pimcore Customer Data Framework version 3.0.0 and earlier suffers from ...) + NOT-FOR-US: Pimcore +CVE-2021-3519 (A vulnerability was reported in some Lenovo Desktop models that could ...) + NOT-FOR-US: Lenovo +CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...) + {DLA-2658-1} + - redmine <unfixed> (bug #990792) + NOTE: https://www.redmine.org/news/131 + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20854 +CVE-2021-31865 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...) + {DLA-2658-1} + - redmine <unfixed> (bug #990792) + NOTE: https://www.redmine.org/news/131 + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20946 +CVE-2021-31864 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...) + {DLA-2658-1} + - redmine <unfixed> (bug #990792) + NOTE: https://www.redmine.org/news/131 + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20970 +CVE-2021-31863 (Insufficient input validation in the Git repository integration of Red ...) + {DLA-2658-1} + - redmine <unfixed> (bug #990792) + NOTE: https://www.redmine.org/news/131 + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20962 +CVE-2021-31862 (SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter withou ...) + NOT-FOR-US: SysAid +CVE-2021-31861 + RESERVED +CVE-2021-31860 + RESERVED +CVE-2021-31859 (Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 ...) + NOT-FOR-US: Ysoft SafeQ +CVE-2021-31858 + RESERVED +CVE-2021-31857 (In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, att ...) + NOT-FOR-US: Zoho ManageEngine Password Manager Pro +CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 ...) + NOT-FOR-US: Layer Meshery +CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages ...) + - kf5-messagelib 4:20.08.3-5 (bug #989438) + [buster] - kf5-messagelib <no-dsa> (Minor issue) + [stretch] - kf5-messagelib <no-dsa> (Minor issue) + - kdepim4 <removed> + [stretch] - kdepim4 <no-dsa> (Minor issue) + NOTE: https://kde.org/info/security/advisory-20210429-1.txt + NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799 +CVE-2021-31854 (A command Injection Vulnerability in McAfee Agent (MA) for Windows pri ...) + NOT-FOR-US: McAfee +CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...) + NOT-FOR-US: McAfee +CVE-2021-31852 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...) + NOT-FOR-US: McAfee +CVE-2021-31851 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...) + NOT-FOR-US: McAfee +CVE-2021-31850 (A denial-of-service vulnerability in Database Security (DBS) prior to ...) + NOT-FOR-US: McAfee +CVE-2021-31849 (SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO e ...) + NOT-FOR-US: McAfee +CVE-2021-31848 (Cross site scripting (XSS) vulnerability in McAfee Data Loss Preventio ...) + NOT-FOR-US: McAfee +CVE-2021-31847 (Improper access control vulnerability in the repair process for McAfee ...) + NOT-FOR-US: McAfee +CVE-2021-31846 + RESERVED +CVE-2021-31845 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) D ...) + NOT-FOR-US: McAfee +CVE-2021-31844 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) E ...) + NOT-FOR-US: McAfee +CVE-2021-31843 (Improper privileges management vulnerability in McAfee Endpoint Securi ...) + NOT-FOR-US: McAfee +CVE-2021-31842 (XML Entity Expansion injection vulnerability in McAfee Endpoint Securi ...) + NOT-FOR-US: McAfee +CVE-2021-31841 (A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5 ...) + NOT-FOR-US: McAfee +CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...) + NOT-FOR-US: McAfee +CVE-2021-31839 (Improper privilege management vulnerability in McAfee Agent for Window ...) + NOT-FOR-US: McAfee +CVE-2021-31838 (A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4. ...) + NOT-FOR-US: MVISION EDR (MVEDR) +CVE-2021-31837 (Memory corruption vulnerability in the driver file component in McAfee ...) + NOT-FOR-US: McAfee +CVE-2021-31836 (Improper privilege management vulnerability in maconfig for McAfee Age ...) + NOT-FOR-US: McAfee +CVE-2021-31835 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...) + NOT-FOR-US: McAfee +CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrat ...) + NOT-FOR-US: McAfee +CVE-2021-31833 (Potential product security bypass vulnerability in McAfee Application ...) + NOT-FOR-US: McAfee +CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...) + NOT-FOR-US: McAfee +CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...) + NOT-FOR-US: McAfee +CVE-2021-31830 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: McAfee +CVE-2021-3518 (There's a flaw in libxml2 in versions before 2.9.11. An attacker who i ...) + {DLA-2653-1} + - libxml2 2.9.10+dfsg-6.6 (bug #987737) + [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7 +CVE-2021-3517 (There is a flaw in the xml entity encoding functionality of libxml2 in ...) + {DLA-2653-1} + - libxml2 2.9.10+dfsg-6.6 (bug #987738) + [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2 +CVE-2021-3516 (There's a flaw in libxml2's xmllint in versions before 2.9.11. An atta ...) + {DLA-2653-1} + - libxml2 2.9.10+dfsg-6.6 (bug #987739) + [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539 +CVE-2021-3515 (A shell injection flaw was found in pglogical in versions before 2.3.4 ...) + - pglogical 2.3.3-3 (bug #988735) + [buster] - pglogical <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1954112 + NOTE: https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5 +CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated attacke ...) + - 389-ds-base 1.4.4.11-2 (bug #988727) + [stretch] - 389-ds-base <no-dsa> (Minor issue) + NOTE: https://github.com/389ds/389-ds-base/issues/4711 +CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs unde ...) + {DLA-2690-1} + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4 +CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 ...) + NOT-FOR-US: OpenDistro for Elasticsearch +CVE-2021-31827 (In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vuln ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2021-31825 + RESERVED +CVE-2021-31824 + RESERVED +CVE-2021-31823 + RESERVED +CVE-2021-31822 (When Octopus Tentacle is installed on a Linux operating system, the sy ...) + NOT-FOR-US: Octopus Tentacle +CVE-2021-31821 (When the Windows Tentacle docker image starts up it logs all the comma ...) + NOT-FOR-US: Octopus Tentacle +CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...) + NOT-FOR-US: Octopus Server +CVE-2021-31819 (In Halibut versions prior to 4.4.7 there is a deserialisation vulnerab ...) + NOT-FOR-US: Octopus +CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL ...) + NOT-FOR-US: Octopus Server +CVE-2021-31817 (When configuring Octopus Server if it is configured with an external S ...) + NOT-FOR-US: Octopus Server +CVE-2021-31816 (When configuring Octopus Server if it is configured with an external S ...) + NOT-FOR-US: Octopus Server +CVE-2021-3513 + NOT-FOR-US: Keycloak +CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on A ...) + NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications) +CVE-2021-31814 (In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a ...) + NOT-FOR-US: Stormshield +CVE-2021-31813 (Zoho ManageEngine Applications Manager before 15130 is vulnerable to S ...) + NOT-FOR-US: Zoho +CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an infinite ...) + - libpdfbox2-java 2.0.24-1 (bug #991526) + [bullseye] - libpdfbox2-java <no-dsa> (Minor issue) + [buster] - libpdfbox2-java <no-dsa> (Minor issue) + - libpdfbox-java <unfixed> (bug #991527) + [bullseye] - libpdfbox-java <no-dsa> (Minor issue) + [buster] - libpdfbox-java <no-dsa> (Minor issue) + [stretch] - libpdfbox-java <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/1 + NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33 +CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMem ...) + - libpdfbox2-java 2.0.24-1 (bug #991526) + [bullseye] - libpdfbox2-java <no-dsa> (Minor issue) + [buster] - libpdfbox2-java <no-dsa> (Minor issue) + - libpdfbox-java <unfixed> (bug #991527) + [bullseye] - libpdfbox-java <no-dsa> (Minor issue) + [buster] - libpdfbox-java <no-dsa> (Minor issue) + [stretch] - libpdfbox-java <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2 + NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33 +CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...) + {DSA-5066-1 DLA-2780-1} + - ruby2.7 2.7.4-1 (bug #990815) + - ruby2.5 <removed> + - ruby2.3 <removed> + - jruby <unfixed> + [buster] - jruby <no-dsa> (Minor issue) + [stretch] - jruby <no-dsa> (Minor issue) + NOTE: https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/ + NOTE: https://github.com/ruby/ruby/commit/3ca1399150ed4eacfd2fe1ee251b966f8d1ee469 (2.7) +CVE-2021-31809 + RESERVED +CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) + {DSA-4924-1 DLA-2685-1} + - squid 4.13-10 (bug #989043) + - squid3 <removed> + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch +CVE-2021-31807 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An ...) + {DSA-4924-1 DLA-2685-1} + - squid 4.13-10 (bug #989043) + - squid3 <removed> + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch +CVE-2021-31806 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) + {DSA-4924-1 DLA-2685-1} + - squid 4.13-10 (bug #989043) + - squid3 <removed> + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch +CVE-2021-31805 + RESERVED +CVE-2021-31826 (Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointe ...) + {DSA-4905-1} + - shibboleth-sp 3.2.2+dfsg1-1 (bug #987608) + NOTE: https://shibboleth.net/community/advisories/secadv_20210426.txt + NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-927 + NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=5a47c3b9378f4c49392dd4d15189b70956f9f2ec +CVE-2021-31804 (LeoCAD before 21.03 sometimes allows a use-after-free during the openi ...) + - leocad <unfixed> (unimportant) + NOTE: https://github.com/leozide/leocad/issues/645 + NOTE: https://github.com/leozide/leocad/commit/233affe3fcdc851fa82cb058871bddd0046e1c87 + NOTE: Crash in CLI tool, no security impact +CVE-2021-31803 (cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SE ...) + NOT-FOR-US: cPanel +CVE-2021-31802 (NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow tha ...) + NOT-FOR-US: Netgear +CVE-2021-31801 + RESERVED +CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py in Impac ...) + - impacket 0.9.22-2 (bug #988141) + [buster] - impacket <no-dsa> (Minor issue) + [stretch] - impacket <no-dsa> (Minor issue) + NOTE: https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f +CVE-2021-31799 (In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ...) + {DSA-5066-1 DLA-2780-1} + - ruby2.7 2.7.4-1 (bug #990815) + - ruby2.5 <removed> + - ruby2.3 <removed> + NOTE: Introduced in (rdoc): https://github.com/ruby/rdoc/commit/4a8b7bed7cd5647db92c620bc6f33e4c309d2212 (v3.11) + NOTE: Fixed in (rdoc): https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7 (v6.3.1) + NOTE: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/ + NOTE: https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e (master) + NOTE: https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522 (2.7) +CVE-2021-31798 (The effective key space used to encrypt the cache in CyberArk Credenti ...) + NOT-FOR-US: CyberArk +CVE-2021-31797 (The user identification mechanism used by CyberArk Credential Provider ...) + NOT-FOR-US: CyberArk +CVE-2021-31796 (An inadequate encryption vulnerability discovered in CyberArk Credenti ...) + NOT-FOR-US: CyberArk +CVE-2021-31795 (The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for th ...) + NOT-FOR-US: PowerVR GPU kernel driver (OOT) +CVE-2021-31794 (Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP Use ...) + NOT-FOR-US: Directum +CVE-2021-31793 (An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that ...) + NOT-FOR-US: NightOwl WDB-20-V2 WDB-20-V2_20190314 devices +CVE-2021-31792 (XSS in the client account page in SuiteCRM before 7.11.19 allows an at ...) + NOT-FOR-US: SuiteCRM +CVE-2021-31791 (In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext passw ...) + NOT-FOR-US: Sentry KM +CVE-2021-31790 + RESERVED +CVE-2021-31789 + RESERVED +CVE-2021-31788 + RESERVED +CVE-2021-31787 (The Bluetooth Classic implementation on Actions ATS2815 chipsets does ...) + NOT-FOR-US: Bluetooth Classic implementation on Actions ATS2815 chipsets +CVE-2021-31786 (The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2 ...) + NOT-FOR-US: Actions ATS +CVE-2021-31785 (The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 ch ...) + NOT-FOR-US: Actions ATS +CVE-2021-31784 (An out-of-bounds write vulnerability exists in the file-reading proced ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-31783 (show_default.php in the LocalFilesEditor extension before 11.4.0.1 for ...) + NOT-FOR-US: Piwigo extension +CVE-2021-31782 + RESERVED +CVE-2021-31781 + RESERVED +CVE-2021-31780 (In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing grou ...) + NOT-FOR-US: MISP +CVE-2021-31779 (The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows ...) + NOT-FOR-US: Typo3 extension +CVE-2021-31778 (The media2click (aka 2 Clicks for External Media) extension 1.x before ...) + NOT-FOR-US: Typo3 extension +CVE-2021-31777 (The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x be ...) + NOT-FOR-US: Typo3 extension +CVE-2021-31776 (Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search p ...) + NOT-FOR-US: Aviatrix VPN Client +CVE-2021-31775 + RESERVED +CVE-2021-31774 + RESERVED +CVE-2021-31773 + RESERVED +CVE-2021-31772 + RESERVED +CVE-2021-31771 + REJECTED +CVE-2021-31770 + RESERVED +CVE-2021-31769 (MyQ Server in MyQ X Smart before 8.2 allows remote code execution by u ...) + NOT-FOR-US: MyQ +CVE-2021-31768 + RESERVED +CVE-2021-31767 + RESERVED +CVE-2021-31766 + RESERVED +CVE-2021-31765 + RESERVED +CVE-2021-31764 + RESERVED +CVE-2021-31763 + RESERVED +CVE-2021-31762 (Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to creat ...) + - webmin <removed> +CVE-2021-31761 (Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to ac ...) + - webmin <removed> +CVE-2021-31760 (Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achie ...) + - webmin <removed> +CVE-2021-31759 + RESERVED +CVE-2021-31758 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) + NOT-FOR-US: Tenda AC11 devices +CVE-2021-31757 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) + NOT-FOR-US: Tenda AC11 devices +CVE-2021-31756 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) + NOT-FOR-US: Tenda AC11 devices +CVE-2021-31755 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) + NOT-FOR-US: Tenda AC11 devices +CVE-2021-31754 + RESERVED +CVE-2021-31753 + RESERVED +CVE-2021-31752 + RESERVED +CVE-2021-31751 + RESERVED +CVE-2021-31750 + RESERVED +CVE-2021-31749 + RESERVED +CVE-2021-31748 + RESERVED +CVE-2021-31747 (Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in upd ...) + NOT-FOR-US: Pluck CMS +CVE-2021-31746 (Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to ...) + NOT-FOR-US: Pluck CMS +CVE-2021-31745 (Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 ...) + NOT-FOR-US: Pluck CMS +CVE-2021-31744 + RESERVED +CVE-2021-31743 + RESERVED +CVE-2021-31742 + RESERVED +CVE-2021-31741 + RESERVED +CVE-2021-31740 + RESERVED +CVE-2021-31739 + RESERVED +CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. ...) + NOT-FOR-US: Adiscon LogAnalyzer +CVE-2021-31737 (emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerabili ...) + NOT-FOR-US: emlog +CVE-2021-31736 + RESERVED +CVE-2021-31735 + RESERVED +CVE-2021-31734 + RESERVED +CVE-2021-31733 + RESERVED +CVE-2021-31732 + RESERVED +CVE-2021-31731 (A directory traversal issue in KiteCMS 1.1.1 allows remote administrat ...) + NOT-FOR-US: KiteCMS +CVE-2021-31730 + RESERVED +CVE-2021-31729 + RESERVED +CVE-2021-31728 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...) + NOT-FOR-US: MalwareFox AntiMalware +CVE-2021-31727 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...) + NOT-FOR-US: MalwareFox AntiMalware +CVE-2021-31726 (Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_ ...) + NOT-FOR-US: Akuvox +CVE-2021-31725 + RESERVED +CVE-2021-31724 + RESERVED +CVE-2021-31723 + RESERVED +CVE-2021-31722 + RESERVED +CVE-2021-31721 (Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image ...) + NOT-FOR-US: Chevereto +CVE-2021-31720 + RESERVED +CVE-2021-31719 + RESERVED +CVE-2021-31718 (The server in npupnp before 4.1.4 is affected by DNS rebinding in the ...) + NOT-FOR-US: npupnp +CVE-2021-31717 + RESERVED +CVE-2021-31716 + RESERVED +CVE-2021-31715 + RESERVED +CVE-2021-31714 + RESERVED +CVE-2021-31713 + RESERVED +CVE-2021-31712 (react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a j ...) + NOT-FOR-US: react-draft-wysiwyg +CVE-2021-31711 + RESERVED +CVE-2021-31710 + RESERVED +CVE-2021-31709 + RESERVED +CVE-2021-31708 + RESERVED +CVE-2021-31707 + RESERVED +CVE-2021-31706 + RESERVED +CVE-2021-31705 + RESERVED +CVE-2021-31704 + RESERVED +CVE-2021-31703 (Frontier ichris through 5.18 allows users to upload malicious executab ...) + NOT-FOR-US: Frontier ichris +CVE-2021-31702 (Frontier ichris through 5.18 mishandles making a DNS request for the h ...) + NOT-FOR-US: Frontier ichris +CVE-2021-31701 (Mintty before 3.4.7 mishandles Bracketed Paste Mode. ...) + NOT-FOR-US: Mintty +CVE-2021-31700 + RESERVED +CVE-2021-31699 + RESERVED +CVE-2021-31698 (Quectel EG25-G devices through 202006130814 allow executing arbitrary ...) + NOT-FOR-US: Quectel EG25-G devices +CVE-2021-31697 + RESERVED +CVE-2021-31696 + RESERVED +CVE-2021-31695 + RESERVED +CVE-2021-31694 + RESERVED +CVE-2021-31693 + RESERVED +CVE-2021-31692 + RESERVED +CVE-2021-31691 + RESERVED +CVE-2021-31690 + RESERVED +CVE-2021-31689 + RESERVED +CVE-2021-31688 + RESERVED +CVE-2021-31687 + RESERVED +CVE-2021-31686 + RESERVED +CVE-2021-31685 + RESERVED +CVE-2021-31684 (A vulnerability was discovered in the indexOf function of JSONParserBy ...) + - json-smart <unfixed> (unimportant) + NOTE: https://github.com/netplex/json-smart-v2/issues/67 + NOTE: https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5 + NOTE: Security impact disputed by upstream +CVE-2021-31683 + RESERVED +CVE-2021-31682 (The login portal for the Automated Logic WebCTRL/WebCTRL OEM web appli ...) + NOT-FOR-US: Automated Logic WebCTRL/WebCTRL OEM web application +CVE-2021-31681 + RESERVED +CVE-2021-31680 + RESERVED +CVE-2021-31679 + RESERVED +CVE-2021-31678 + RESERVED +CVE-2021-31677 + RESERVED +CVE-2021-31676 + RESERVED +CVE-2021-31675 + RESERVED +CVE-2021-31674 + RESERVED +CVE-2021-31673 + RESERVED +CVE-2021-31672 + RESERVED +CVE-2021-31671 (pgsync before 0.6.7 is affected by Information Disclosure of sensitive ...) + NOT-FOR-US: pgsync +CVE-2021-31670 + RESERVED +CVE-2021-31669 + RESERVED +CVE-2021-31668 + RESERVED +CVE-2021-31667 + RESERVED +CVE-2021-31666 + RESERVED +CVE-2021-31665 + RESERVED +CVE-2021-31664 (RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2021-31663 (RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2021-31662 (RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2021-31661 (RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2021-31660 (RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2021-31659 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is v ...) + NOT-FOR-US: TP-Link +CVE-2021-31658 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is a ...) + NOT-FOR-US: TP-Link +CVE-2021-31657 + RESERVED +CVE-2021-31656 + RESERVED +CVE-2021-31655 (Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2 ...) + NOT-FOR-US: TRENDnet +CVE-2021-31654 + RESERVED +CVE-2021-31653 + RESERVED +CVE-2021-31652 + RESERVED +CVE-2021-31651 + RESERVED +CVE-2021-31650 + RESERVED +CVE-2021-31649 (In applications using jfinal 4.9.08 and below, there is a deserializat ...) + NOT-FOR-US: jfinal +CVE-2021-31648 + RESERVED +CVE-2021-31647 + RESERVED +CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the password rec ...) + NOT-FOR-US: Gestsup +CVE-2021-31645 + RESERVED +CVE-2021-31644 + RESERVED +CVE-2021-31643 (An XSS vulnerability exists in several IoT devices from CHIYU Technolo ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31642 (A denial of service condition exists after an integer overflow in seve ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31641 (An unauthenticated XSS vulnerability exists in several IoT devices fro ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31640 + RESERVED +CVE-2021-31639 + RESERVED +CVE-2021-31638 + RESERVED +CVE-2021-31637 + RESERVED +CVE-2021-31636 + RESERVED +CVE-2021-31635 + RESERVED +CVE-2021-31634 + RESERVED +CVE-2021-31633 + RESERVED +CVE-2021-31632 (b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulne ...) + NOT-FOR-US: b2evolution CMS +CVE-2021-31631 (b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request ...) + NOT-FOR-US: b2evolution CMS +CVE-2021-31630 (Command Injection in Open PLC Webserver v3 allows remote attackers to ...) + NOT-FOR-US: Open PLC webserver +CVE-2021-31629 + RESERVED +CVE-2021-31628 + RESERVED +CVE-2021-31627 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...) + NOT-FOR-US: Tenda +CVE-2021-31626 + RESERVED +CVE-2021-31625 + RESERVED +CVE-2021-31624 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...) + NOT-FOR-US: Tenda +CVE-2021-31623 + RESERVED +CVE-2021-31622 + RESERVED +CVE-2021-31621 + RESERVED +CVE-2021-31620 + RESERVED +CVE-2021-31619 + RESERVED +CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol checks rec ...) + {DSA-4937-1 DLA-2706-1} + [experimental] - apache2 2.4.48-1 + - apache2 2.4.46-5 (bug #989562) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618 + NOTE: https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4 + NOTE: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759 +CVE-2021-31617 (In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8. ...) + NOT-FOR-US: Stormshield Network Security (SNS) +CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...) + NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware +CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Spec ...) + NOTE: Bluetooth protocol issue +CVE-2021-31614 + RESERVED +CVE-2021-31613 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X ...) + NOT-FOR-US: Zhuhai Jieli +CVE-2021-31612 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices do ...) + NOT-FOR-US: Zhuhai Jieli +CVE-2021-31611 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X ...) + NOT-FOR-US: Zhuhai Jieli +CVE-2021-31610 (The Bluetooth Classic implementation on AB32VG1 devices does not prope ...) + NOT-FOR-US: Bluetrum +CVE-2021-31609 (The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and e ...) + NOT-FOR-US: Silicon Labs Bluetooth +CVE-2021-31608 + RESERVED +CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerabi ...) + {DLA-2815-1} + - salt 3002.6+dfsg1-2 (bug #987496) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 + NOTE: https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/ + NOTE: Introduced by: https://gitlab.com/saltstack/open/salt/-/commit/1343078d03613e33eec9e5ec5095d2e0b0aa2e59 (v2016.9) + NOTE: Combined fix and regression fix: https://salsa.debian.org/salt-team/salt/-/commit/71f7f30851f9609bfda5a1b0f5b115d2743372cd +CVE-2021-31606 (furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to ...) + NOT-FOR-US: openvpn-monitor +CVE-2021-31605 (furlongm openvpn-monitor through 1.1.3 allows %0a command injection vi ...) + NOT-FOR-US: openvpn-monitor +CVE-2021-31604 (furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an ar ...) + NOT-FOR-US: openvpn-monitor +CVE-2021-31603 + RESERVED +CVE-2021-31602 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...) + NOT-FOR-US: Hitachi +CVE-2021-31601 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...) + NOT-FOR-US: Hitachi +CVE-2021-31600 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...) + NOT-FOR-US: Hitachi +CVE-2021-31599 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...) + NOT-FOR-US: Hitachi +CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} + - mapcache <unfixed> (bug #989363) + [bullseye] - mapcache <no-dsa> (Minor issue) + [buster] - mapcache <no-dsa> (Minor issue) + [stretch] - mapcache <no-dsa> (Minor issue) + - scilab <unfixed> (bug #989364) + [bullseye] - scilab <no-dsa> (Minor issue) + [buster] - scilab <no-dsa> (Minor issue) + - netcdf <unfixed> (bug #989360) + [bullseye] - netcdf <no-dsa> (Minor issue) + [buster] - netcdf <no-dsa> (Minor issue) + [stretch] - netcdf <not-affected> (vulnerable code not present) + - netcdf-parallel <unfixed> (bug #989361) + [bullseye] - netcdf-parallel <no-dsa> (Minor issue) + [buster] - netcdf-parallel <no-dsa> (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/28/ +CVE-2021-31597 (The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL c ...) + - node-xmlhttprequest-ssl <unfixed> + [buster] - node-xmlhttprequest-ssl <ignored> (Minor issue, should possibly be removed from stable as well) + [stretch] - node-xmlhttprequest-ssl <no-dsa> (Minor issue) + NOTE: https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2 + NOTE: https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt +CVE-2021-31596 + RESERVED +CVE-2021-31595 + RESERVED +CVE-2021-31594 + RESERVED +CVE-2021-31593 + RESERVED +CVE-2021-31592 + RESERVED +CVE-2021-31591 + RESERVED +CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtok ...) + NOT-FOR-US: PwnDoc +CVE-2021-31589 (A cross-site scripting (XSS) vulnerability has been reported and confi ...) + NOT-FOR-US: BeyondTrust +CVE-2021-31588 + RESERVED +CVE-2021-31587 + RESERVED +CVE-2021-31586 (Accellion Kiteworks before 7.4.0 allows an authenticated user to perfo ...) + NOT-FOR-US: Accellion Kiteworks +CVE-2021-31585 (Accellion Kiteworks before 7.3.1 allows a user with Admin privileges t ...) + NOT-FOR-US: Accellion Kiteworks +CVE-2021-31584 (Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGC ...) + NOT-FOR-US: Sipwise +CVE-2021-31583 (Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform v ...) + NOT-FOR-US: Sipwise +CVE-2021-31582 + RESERVED +CVE-2021-31581 (The restricted shell provided by Akkadian Provisioning Manager Engine ...) + NOT-FOR-US: Akkadian Provisioning Manager Engine (PME) +CVE-2021-31580 (The restricted shell provided by Akkadian Provisioning Manager Engine ...) + NOT-FOR-US: Akkadian Provisioning Manager Engine (PME) +CVE-2021-31579 (Akkadian Provisioning Manager Engine (PME) ships with a hard-coded cre ...) + NOT-FOR-US: Akkadian Provisioning Manager Engine (PME) +CVE-2021-31578 + RESERVED +CVE-2021-31577 + RESERVED +CVE-2021-31576 + RESERVED +CVE-2021-31575 + RESERVED +CVE-2021-31574 + RESERVED +CVE-2021-31573 + RESERVED +CVE-2021-3512 (Improper access control vulnerability in Buffalo broadband routers (BH ...) + NOT-FOR-US: Buffalo +CVE-2021-3511 (Disclosure of sensitive information to an unauthorized user vulnerabil ...) + NOT-FOR-US: Buffalo +CVE-2021-31572 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...) + NOT-FOR-US: Amazon Web Services FreeRTOS kernel +CVE-2021-31571 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...) + NOT-FOR-US: Amazon Web Services FreeRTOS kernel +CVE-2021-31570 + RESERVED +CVE-2021-31569 + RESERVED +CVE-2021-31568 + RESERVED +CVE-2021-31557 + RESERVED +CVE-2021-31556 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...) + NOT-FOR-US: MediaWiki extension OAuth +CVE-2021-31555 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...) + NOT-FOR-US: MediaWiki extension OAuth +CVE-2021-31554 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31553 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) + NOT-FOR-US: MediaWiki extension CheckUser +CVE-2021-31552 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31551 (An issue was discovered in the PageForms extension for MediaWiki throu ...) + NOT-FOR-US: MediaWiki extension PageForms +CVE-2021-31550 (An issue was discovered in the CommentBox extension for MediaWiki thro ...) + NOT-FOR-US: MediaWiki extension CommentBox +CVE-2021-31549 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31548 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31547 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31546 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31545 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31544 + RESERVED +CVE-2021-31543 + RESERVED +CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...) + {DLA-2651-1} + - python-django 2:2.2.21-1 (bug #988053) + [buster] - python-django <no-dsa> (Minor issue) + NOTE: https://www.djangoproject.com/weblog/2021/may/04/security-releases/ + NOTE: https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3 (main) + NOTE: https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d (2.2.21) +CVE-2021-31541 + RESERVED +CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default installation) has i ...) + NOT-FOR-US: Wowza Streaming Engine +CVE-2021-31539 (Wowza Streaming Engine before 4.8.8.01 (in a default installation) has ...) + NOT-FOR-US: Wowza Streaming Engine +CVE-2021-31538 (LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allo ...) + NOT-FOR-US: LANCOM +CVE-2021-31537 (SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (a ...) + NOT-FOR-US: SIS-REWE Go +CVE-2021-31536 + RESERVED +CVE-2021-31535 (LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a ...) + {DSA-4920-1 DLA-2666-1} + - libx11 2:1.7.1-1 (bug #988737) + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/2 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/3 + NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt + NOTE: https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/ +CVE-2021-31534 + RESERVED +CVE-2021-31533 + RESERVED +CVE-2021-31532 (NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 ...) + NOT-FOR-US: NXP +CVE-2021-31531 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to S ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-31530 (Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to I ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-31529 + RESERVED +CVE-2021-31528 + RESERVED +CVE-2021-31527 + RESERVED +CVE-2021-31526 + RESERVED +CVE-2021-31525 (net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote a ...) + - golang-1.16 1.16.4-1 + - golang-1.15 1.15.9-2 + - golang-1.11 <removed> + - golang-1.8 <removed> + [stretch] - golang-1.8 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies) + - golang-1.7 <removed> + [stretch] - golang-1.7 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies) + - golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-3 + - golang-golang-x-net-dev <removed> + [stretch] - golang-golang-x-net-dev <no-dsa> (Limited support in stretch) + NOTE: https://github.com/golang/go/issues/45710 + NOTE: https://github.com/golang/go/issues/45711 (1.15 backport) + NOTE: https://github.com/golang/go/issues/45712 (1.16 backport) + NOTE: https://go-review.googlesource.com/c/net/+/313069 + NOTE: golang: introduced by https://github.com/golang/go/commit/ae080c1aecb129a3230e7afecdb4a16ad3da9b3c (go1.5beta1) + NOTE: golang-golang-x-net: introduced by https://github.com/golang/net/commit/5916dcb167ed985a5b9e6871fbfd74848a4c170b +CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found in Ope ...) + - openexr <unfixed> (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947591 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31221 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31228 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/930 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2f01a253db2bc82724405a16c76783c38c67ba05 + NOTE: Only affects exrcheck, which isn't built into the binary packages +CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found in the ...) + {DLA-2701-1} + - openexr 2.5.7-1 (bug #992703) + [bullseye] - openexr <no-dsa> (Minor issue) + [buster] - openexr <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/894 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088a61434568cedf3ac1521c44584be397909078 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5) +CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...) + {DLA-2701-1} + - openexr 2.5.7-1 + [bullseye] - openexr <ignored> (Minor issue, might change ABI) + [buster] - openexr <ignored> (Minor issue, might change ABI) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/901 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0e08c959c5459e2ffd3b81b654c3ce8b71a4b42c (v3.0.0-beta) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (v2.5.5) + NOTE: Depends on https://github.com/AcademySoftwareFoundation/openexr/commit/de27156b77896aeef5b1c99edbca2bc4fa784b51 (v2.3.0) +CVE-2021-23169 (A heap-buffer overflow was found in the copyIntoFrameBuffer function o ...) + - openexr 2.5.4-2 (bug #988240) + [buster] - openexr <not-affected> (Vulnerable code not present) + [stretch] - openexr <not-affected> (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28051 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ae6d203892cc9311917a7f4f05354ef792b3e58e +CVE-2021-31524 + RESERVED +CVE-2021-31522 (Kylin can receive user input and load any class through Class.forName( ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr version ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...) + - ceph 14.2.21-1 (bug #988888) + [buster] - ceph <not-affected> (Vulnerable code introduced later) + [stretch] - ceph <not-affected> (Vulnerable code introduced later) + NOTE: Nautilus: https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca + NOTE: Octopus: https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b + NOTE: Pacific: https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/4 + NOTE: In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly + NOTE: cookie, introducing the specific CVE-2021-3509 issue. +CVE-2021-31521 (Trend Micro InterScan Web Security Virtual Appliance version 6.5 was f ...) + NOT-FOR-US: Trend Micro +CVE-2021-31520 (A weak session token authentication bypass vulnerability in Trend Micr ...) + NOT-FOR-US: Trend Micro +CVE-2021-31519 (An incorrect permission vulnerability in the product installer folders ...) + NOT-FOR-US: Trend Micro +CVE-2021-31518 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...) + NOT-FOR-US: Trend Micro +CVE-2021-31517 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...) + NOT-FOR-US: Trend Micro +CVE-2021-3508 (A flaw was found in PDFResurrect in version 0.22b. There is an infinit ...) + - pdfresurrect <unfixed> (unimportant) + NOTE: https://github.com/enferex/pdfresurrect/issues/17 + NOTE: https://github.com/enferex/pdfresurrect/commit/7e35d1806e111fd28610ccc86bb33f54792ac370 + NOTE: Hang in CLI tool, no security impact +CVE-2021-3507 (A heap buffer overflow was found in the floppy disk emulator of QEMU u ...) + - qemu <unfixed> (bug #987410) + [bullseye] - qemu <no-dsa> (Minor issue) + [buster] - qemu <no-dsa> (Minor issue) + [stretch] - qemu <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118 + NOTE: No upstream patch as of 2022-01-28 +CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c ...) + {DLA-2690-1} + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + [stretch] - linux <ignored> (f2fs is not supportable) + NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2 + NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuchao0@huawei.com/ +CVE-2021-34557 (XScreenSaver 5.45 can be bypassed if the machine has more than ten dis ...) + - xscreensaver 5.45+dfsg1-2 (bug #989508) + [buster] - xscreensaver <no-dsa> (Minor issue) + [stretch] - xscreensaver <postponed> (Minor issue, fix along with next dla) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/1 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/2 + NOTE: https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch +CVE-2021-31523 (The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_ ...) + - xscreensaver 5.45+dfsg1-2 (bug #987149) + [buster] - xscreensaver <not-affected> (Vulnerability introduced later) + [stretch] - xscreensaver <not-affected> (Vulnerability introduced later) + NOTE: Fixed upstream in 6.00 (no public version control): https://twitter.com/jwz/status/1383503845217554444 + NOTE: https://www.openwall.com/lists/oss-security/2021/04/17/1 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2174 + NOTE: Only in 5.44+dfsg1-1 net_raw capability was added to sonar executable via postinst + NOTE: and so exposing the vulnerability. +CVE-2021-3505 (A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implem ...) + - libtpms 0.8.0~dev1-1 + NOTE: https://github.com/stefanberger/libtpms/issues/183 + NOTE: https://github.com/stefanberger/libtpms/commit/625171be0c8225824740b5d0fb7e8562f6a1c6a8 (v0.8.0) + NOTE: https://github.com/stefanberger/libtpms/commit/c1f7bf55099fcd427715aa65e130475c6e836a6b (v0.8.0) +CVE-2021-3504 (A flaw was found in the hivex library in versions before 1.3.20. It is ...) + {DSA-4913-1 DLA-2656-1} + - hivex 1.3.20-1 (bug #988024) + NOTE: https://listman.redhat.com/archives/libguestfs/2021-May/msg00013.html + NOTE: https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381 +CVE-2021-3503 + RESERVED + - wildfly <itp> (bug #752018) +CVE-2021-31516 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Vector 35 Binary Ninja +CVE-2021-31515 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Vector 35 Binary Ninja +CVE-2021-31514 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31513 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31512 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31511 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31510 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31509 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31508 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31507 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31506 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31505 (This vulnerability allows attackers with physical access to escalate p ...) + NOT-FOR-US: Arlo Q Plus +CVE-2021-31504 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31503 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31502 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31501 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31500 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31499 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31498 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31497 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31496 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31495 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31494 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31493 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31492 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31491 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31490 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31489 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31488 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31487 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31486 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31485 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31484 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31483 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31482 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31481 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31480 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31479 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31478 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31477 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: GE Reason RPV311 14A03 +CVE-2021-31476 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31475 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: SolarWinds +CVE-2021-31474 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: SolarWinds +CVE-2021-31473 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31472 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31471 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31470 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31469 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31468 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31467 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31466 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31465 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31464 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31463 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31462 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31461 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31460 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31459 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31458 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31457 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31456 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31455 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31454 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31453 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31452 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31451 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31450 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31449 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31448 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31447 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31446 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31445 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31444 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31443 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31442 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31441 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges on af ...) + - linux 5.10.38-1 + [buster] - linux <not-affected> (Vulnerable code not present) + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/10bf4e83167cc68595b85fd73bb91e8f2c086e36 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-503/ +CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Synology +CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31437 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31436 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31435 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31434 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31433 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31432 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31431 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31430 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31429 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31428 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31427 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31426 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31425 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31424 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31423 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31422 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31421 (This vulnerability allows local attackers to delete arbitrary files on ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31420 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31419 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31418 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31417 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-3501 (A flaw was found in the Linux kernel in versions before 5.12. The valu ...) + - linux 5.10.38-1 + [buster] - linux <not-affected> (Vulnerability introduced later) + [stretch] - linux <not-affected> (Vulnerability introduced later) + NOTE: https://git.kernel.org/linus/04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a +CVE-2021-31416 + RESERVED +CVE-2021-31415 + RESERVED +CVE-2021-31414 (The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studi ...) + NOT-FOR-US: vscode-rpm-spec extension for Visual Studio Code +CVE-2021-31413 + RESERVED +CVE-2021-31412 (Improper sanitization of path in default RouteNotFoundError view in co ...) + NOT-FOR-US: Vaadin +CVE-2021-31411 (Insecure temporary directory usage in frontend build functionality of ...) + NOT-FOR-US: Vaadin +CVE-2021-31410 (Overly relaxed configuration of frontend resources server in Vaadin De ...) + NOT-FOR-US: Vaadin +CVE-2021-31409 (Unsafe validation RegEx in EmailValidator component in com.vaadin:vaad ...) + NOT-FOR-US: Vaadin +CVE-2021-31408 (Authentication.logout() helper in com.vaadin:flow-client versions 5.0. ...) + NOT-FOR-US: Vaadin +CVE-2021-31407 (Vulnerability in OSGi integration in com.vaadin:flow-server versions 1 ...) + NOT-FOR-US: Vaadin +CVE-2021-31406 (Non-constant-time comparison of CSRF tokens in endpoint request handle ...) + NOT-FOR-US: Vaadin +CVE-2021-31405 (Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-t ...) + NOT-FOR-US: Vaadin +CVE-2021-31404 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...) + NOT-FOR-US: Vaadin +CVE-2021-31403 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...) + NOT-FOR-US: Vaadin +CVE-2021-3502 (A flaw was found in avahi 0.8-5. A reachable assertion is present in a ...) + - avahi <unfixed> (bug #986018) + [bullseye] - avahi <no-dsa> (Minor issue) + [buster] - avahi <not-affected> (Vulnerable code introduced later) + [stretch] - avahi <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/lathiat/avahi/issues/338 + NOTE: Fixed by: https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c + NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8) +CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in ...) + {DSA-5032-1 DLA-2667-1} + - djvulibre 3.5.28-2 (bug #988215) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685 + NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/djvulibre/c/fc359410f7131e4ea0a892ef78e6da72f29afeee.patch + NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #2 / Patch11) (fixed differently) +CVE-2021-31402 (The dio package 4.0.0 for Dart allows CRLF injection if the attacker c ...) + NOT-FOR-US: dio package for Dart +CVE-2021-31401 (An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterN ...) + NOT-FOR-US: HCC embedded InterNiche +CVE-2021-31400 (An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embe ...) + NOT-FOR-US: HCC embedded InterNiche +CVE-2021-31399 (On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the ...) + NOT-FOR-US: On 2N Access Unit devices +CVE-2021-31398 + RESERVED +CVE-2021-31397 + RESERVED +CVE-2021-31396 + RESERVED +CVE-2021-31395 + RESERVED +CVE-2021-31394 + RESERVED +CVE-2021-31393 + RESERVED +CVE-2021-31392 + RESERVED +CVE-2021-31391 + RESERVED +CVE-2021-31390 + RESERVED +CVE-2021-31389 + RESERVED +CVE-2021-31388 + RESERVED +CVE-2021-31387 + RESERVED +CVE-2021-31386 (A Protection Mechanism Failure vulnerability in the J-Web HTTP service ...) + NOT-FOR-US: Juniper +CVE-2021-31385 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...) + NOT-FOR-US: Juniper +CVE-2021-31384 (Due to a Missing Authorization weakness and Insufficient Granularity o ...) + NOT-FOR-US: Juniper +CVE-2021-31383 (In Point to MultiPoint (P2MP) scenarios within established sessions be ...) + NOT-FOR-US: Juniper +CVE-2021-31382 (On PTX1000 System, PTX10002-60C System, after upgrading to an affected ...) + NOT-FOR-US: Juniper +CVE-2021-31381 (A configuration weakness in the JBoss Application Server (AppSvr) comp ...) + NOT-FOR-US: Juniper +CVE-2021-31380 (A configuration weakness in the JBoss Application Server (AppSvr) comp ...) + NOT-FOR-US: Juniper +CVE-2021-31379 (An Incorrect Behavior Order vulnerability in the MAP-E automatic tunne ...) + NOT-FOR-US: Juniper +CVE-2021-31378 (In broadband environments, including but not limited to Enhanced Subsc ...) + NOT-FOR-US: Juniper +CVE-2021-31377 (An Incorrect Permission Assignment for Critical Resource vulnerability ...) + NOT-FOR-US: Juniper +CVE-2021-31376 (An Improper Input Validation vulnerability in Packet Forwarding Engine ...) + NOT-FOR-US: Juniper +CVE-2021-31375 (An Improper Input Validation vulnerability in routing process daemon ( ...) + NOT-FOR-US: Juniper +CVE-2021-31374 (On Juniper Networks Junos OS and Junos OS Evolved devices processing a ...) + NOT-FOR-US: Juniper +CVE-2021-31373 (A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Netwo ...) + NOT-FOR-US: Juniper +CVE-2021-31372 (An Improper Input Validation vulnerability in J-Web of Juniper Network ...) + NOT-FOR-US: Juniper +CVE-2021-31371 (Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal com ...) + NOT-FOR-US: Juniper +CVE-2021-31370 (An Incomplete List of Disallowed Inputs vulnerability in Packet Forwar ...) + NOT-FOR-US: Juniper +CVE-2021-31369 (On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources ...) + NOT-FOR-US: Juniper +CVE-2021-31368 (An Uncontrolled Resource Consumption vulnerability in the kernel of Ju ...) + NOT-FOR-US: Juniper +CVE-2021-31367 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2021-31366 (An Unchecked Return Value vulnerability in the authd (authentication d ...) + NOT-FOR-US: Juniper +CVE-2021-31365 (An Uncontrolled Resource Consumption vulnerability in Juniper Networks ...) + NOT-FOR-US: Juniper +CVE-2021-31364 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2021-31363 (In an MPLS P2MP environment a Loop with Unreachable Exit Condition vul ...) + NOT-FOR-US: Juniper +CVE-2021-31362 (A Protection Mechanism Failure vulnerability in RPD (routing protocol ...) + NOT-FOR-US: Juniper +CVE-2021-31361 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2021-31360 (An improper privilege management vulnerability in the Juniper Networks ...) + NOT-FOR-US: Juniper +CVE-2021-31359 (A local privilege escalation vulnerability in Juniper Networks Junos O ...) + NOT-FOR-US: Juniper +CVE-2021-31358 (A command injection vulnerability in sftp command processing on Junipe ...) + NOT-FOR-US: Juniper +CVE-2021-31357 (A command injection vulnerability in tcpdump command processing on Jun ...) + NOT-FOR-US: Juniper +CVE-2021-31356 (A command injection vulnerability in command processing on Juniper Net ...) + NOT-FOR-US: Juniper +CVE-2021-31355 (A persistent cross-site scripting (XSS) vulnerability in the captive p ...) + NOT-FOR-US: Juniper +CVE-2021-31354 (An Out Of Bounds (OOB) access vulnerability in the handling of respons ...) + NOT-FOR-US: Juniper +CVE-2021-31353 (An Improper Handling of Exceptional Conditions vulnerability in Junipe ...) + NOT-FOR-US: Juniper +CVE-2021-31352 (An Information Exposure vulnerability in Juniper Networks SRC Series d ...) + NOT-FOR-US: Juniper +CVE-2021-31351 (An Improper Check for Unusual or Exceptional Conditions in packet proc ...) + NOT-FOR-US: Juniper +CVE-2021-31350 (An Improper Privilege Management vulnerability in the gRPC framework, ...) + NOT-FOR-US: Juniper +CVE-2021-31349 (The usage of an internal HTTP header created an authentication bypass ...) + NOT-FOR-US: Juniper +CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} + - mapcache <unfixed> (bug #989363) + [bullseye] - mapcache <no-dsa> (Minor issue) + [buster] - mapcache <no-dsa> (Minor issue) + [stretch] - mapcache <no-dsa> (Minor issue) + - scilab <unfixed> (bug #989364) + [bullseye] - scilab <no-dsa> (Minor issue) + [buster] - scilab <no-dsa> (Minor issue) + - netcdf <unfixed> (bug #989360) + [bullseye] - netcdf <no-dsa> (Minor issue) + [buster] - netcdf <no-dsa> (Minor issue) + [stretch] - netcdf <not-affected> (vulnerable code not present) + - netcdf-parallel <unfixed> (bug #989361) + [bullseye] - netcdf-parallel <no-dsa> (Minor issue) + [buster] - netcdf-parallel <no-dsa> (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/27/ +CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} + - mapcache <unfixed> (bug #989363) + [bullseye] - mapcache <no-dsa> (Minor issue) + [buster] - mapcache <no-dsa> (Minor issue) + [stretch] - mapcache <no-dsa> (Minor issue) + - scilab <unfixed> (bug #989364) + [bullseye] - scilab <no-dsa> (Minor issue) + [buster] - scilab <no-dsa> (Minor issue) + - netcdf <unfixed> (bug #989360) + [bullseye] - netcdf <no-dsa> (Minor issue) + [buster] - netcdf <no-dsa> (Minor issue) + [stretch] - netcdf <not-affected> (vulnerable code not present) + - netcdf-parallel <unfixed> (bug #989361) + [bullseye] - netcdf-parallel <no-dsa> (Minor issue) + [buster] - netcdf-parallel <no-dsa> (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/27/ +CVE-2021-31346 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31345 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31344 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020 before 2020 ...) + NOT-FOR-US: Solid Edge +CVE-2021-31342 (The ugeom2d.dll library in all versions of Solid Edge SE2020 before 20 ...) + NOT-FOR-US: Solid Edge +CVE-2021-31341 (Uploading a table mapping using a manipulated XML file results in an e ...) + NOT-FOR-US: Mendix Database Replication +CVE-2021-31340 (A vulnerability has been identified in SIMATIC RF166C (All versions &g ...) + NOT-FOR-US: Siemens +CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer Module (A ...) + NOT-FOR-US: Mendix Excel Importer Module +CVE-2021-31338 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...) + NOT-FOR-US: SINEMA Remote Connect Client +CVE-2021-31337 (The Telnet service of the SIMATIC HMI Comfort Panels system component ...) + NOT-FOR-US: Siemens +CVE-2021-31336 + RESERVED +CVE-2021-31335 + RESERVED +CVE-2021-31334 + RESERVED +CVE-2021-31333 + RESERVED +CVE-2021-31332 + RESERVED +CVE-2021-31331 + RESERVED +CVE-2021-31330 + RESERVED +CVE-2021-31329 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "P ...) + NOT-FOR-US: Remote Clinic +CVE-2021-31328 + RESERVED +CVE-2021-31327 (Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Fi ...) + NOT-FOR-US: Remote Clinic +CVE-2021-31326 + RESERVED +CVE-2021-31325 + RESERVED +CVE-2021-31324 (The unprivileged user portal part of CentOS Web Panel is affected by a ...) + NOT-FOR-US: CentOS Web Panel +CVE-2021-31323 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) + - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-lottieparserimpl-parsedashproperty-heap-buffer-overflow/ +CVE-2021-31322 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) + - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-heap-buffer-overflow/ +CVE-2021-31321 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) + - rlottie 0.1+dfsg-2 (bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffer-overflow/ +CVE-2021-31320 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) + - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradientcolortable-heap-buffer-overflow/ +CVE-2021-31319 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) + - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-integer-overflow/ +CVE-2021-31318 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) + - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion/ +CVE-2021-31317 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) + - rlottie 0.1+dfsg-2 (bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-vdasher-vdasher-type-confusion/ +CVE-2021-31316 (The unprivileged user portal part of CentOS Web Panel is affected by a ...) + NOT-FOR-US: CentOS Web Panel +CVE-2021-31315 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram ...) + - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/ +CVE-2021-31314 + RESERVED +CVE-2021-31313 + RESERVED +CVE-2021-31312 + RESERVED +CVE-2021-31311 + RESERVED +CVE-2021-31310 + RESERVED +CVE-2021-31309 + RESERVED +CVE-2021-31308 + RESERVED +CVE-2021-31307 + RESERVED +CVE-2021-31306 + RESERVED +CVE-2021-31305 + RESERVED +CVE-2021-31304 + RESERVED +CVE-2021-31303 + RESERVED +CVE-2021-31302 + RESERVED +CVE-2021-31301 + RESERVED +CVE-2021-31300 + RESERVED +CVE-2021-31299 + RESERVED +CVE-2021-31298 + RESERVED +CVE-2021-31297 + RESERVED +CVE-2021-31296 + RESERVED +CVE-2021-31295 + RESERVED +CVE-2021-31294 + RESERVED +CVE-2021-31293 + RESERVED +CVE-2021-31292 (An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows att ...) + {DSA-4958-1 DLA-2750-1} + - exiv2 0.27.3-3.1 (bug #991706) + [bullseye] - exiv2 0.27.3-3+deb11u1 + NOTE: https://github.com/Exiv2/exiv2/issues/1530 + NOTE: https://github.com/Exiv2/exiv2/commit/9b7a19f957af53304655ed1efe32253a1b11a8d0 + NOTE: In older releases affected code is in src/crwimage.cpp +CVE-2021-31291 + REJECTED +CVE-2021-31290 + RESERVED +CVE-2021-31289 + RESERVED +CVE-2021-31288 + RESERVED +CVE-2021-31287 + RESERVED +CVE-2021-31286 + RESERVED +CVE-2021-31285 + RESERVED +CVE-2021-31284 + RESERVED +CVE-2021-31283 + RESERVED +CVE-2021-31282 + RESERVED +CVE-2021-31281 + RESERVED +CVE-2021-31280 + RESERVED +CVE-2021-31279 + RESERVED +CVE-2021-31278 + RESERVED +CVE-2021-31277 + RESERVED +CVE-2021-31276 + RESERVED +CVE-2021-31275 + RESERVED +CVE-2021-31274 (In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in ...) + NOT-FOR-US: LibreNMS +CVE-2021-31273 + RESERVED +CVE-2021-31272 (SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c cont ...) + NOT-FOR-US: SerenityOS +CVE-2021-31271 + RESERVED +CVE-2021-31270 + RESERVED +CVE-2021-31269 + RESERVED +CVE-2021-31268 + RESERVED +CVE-2021-31267 + RESERVED +CVE-2021-31266 + RESERVED +CVE-2021-31265 + RESERVED +CVE-2021-31264 + RESERVED +CVE-2021-31263 + RESERVED +CVE-2021-31262 (The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cau ...) + - gpac 1.0.1+dfsg1-4 (bug #987280) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50 + NOTE: https://github.com/gpac/gpac/issues/1738 +CVE-2021-31261 (The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to rea ...) + - gpac 1.0.1+dfsg1-4 (unimportant; bug #987280) + NOTE: https://github.com/gpac/gpac/commit/cd3738dea038dbd12e603ad48cd7373ae0440f65 + NOTE: https://github.com/gpac/gpac/issues/1737 + NOTE: Negligible security impact +CVE-2021-31260 (The MergeTrack function in GPAC 1.0.1 allows attackers to cause a deni ...) + - gpac 1.0.1+dfsg1-4 (bug #987280) + [buster] - gpac <no-dsa> (Minor issue) + [stretch] - gpac <no-dsa> (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor <no-dsa> (Minor issue) + [buster] - ccextractor <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9 + NOTE: https://github.com/gpac/gpac/issues/1736 +CVE-2021-31259 (The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allo ...) + - gpac <not-affected> (Vulnerable code was introduced later) + NOTE: https://github.com/gpac/gpac/commit/3b84ffcbacf144ce35650df958432f472b6483f8 + NOTE: https://github.com/gpac/gpac/issues/1735 + NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1) +CVE-2021-31258 (The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers ...) + - gpac 1.0.1+dfsg1-4 (bug #987280) + [buster] - gpac <no-dsa> (Minor issue) + [stretch] - gpac <no-dsa> (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor <no-dsa> (Minor issue) + [buster] - ccextractor <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e + NOTE: https://github.com/gpac/gpac/issues/1706 +CVE-2021-31257 (The HintFile function in GPAC 1.0.1 allows attackers to cause a denial ...) + - gpac 1.0.1+dfsg1-4 (bug #987280) + [buster] - gpac <no-dsa> (Minor issue) + [stretch] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0 + NOTE: https://github.com/gpac/gpac/issues/1734 +CVE-2021-31256 (Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0. ...) + - gpac 1.0.1+dfsg1-4 (bug #987280; unimportant) + NOTE: https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e + NOTE: https://github.com/gpac/gpac/issues/1705 + NOTE: Negligible security impact +CVE-2021-31255 (Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 ...) + - gpac 1.0.1+dfsg1-4 (bug #987280) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/758135e91e623d7dfe7f6aaad7aeb3f791b7a4e5 + NOTE: https://github.com/gpac/gpac/issues/1733 +CVE-2021-31254 (Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 ...) + - gpac <not-affected> (Vulnerable code was introduced later) + NOTE: https://github.com/gpac/gpac/commit/8986422c21fbd9a7bf6561cae65aae42077447e8 + NOTE: https://github.com/gpac/gpac/issues/1703 + NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1) +CVE-2021-31253 + RESERVED +CVE-2021-31252 (An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-4 ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31251 (An authentication bypass in telnet server in BF-430 and BF431 232/422 ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31250 (Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31249 (A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450 ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31248 + RESERVED +CVE-2021-31247 + RESERVED +CVE-2021-31246 + RESERVED +CVE-2021-31245 (omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares ...) + NOT-FOR-US: openmptcprouter-vps-admin +CVE-2021-31244 + RESERVED +CVE-2021-31243 + RESERVED +CVE-2021-31242 + RESERVED +CVE-2021-31241 + RESERVED +CVE-2021-31240 + RESERVED +CVE-2021-31239 + RESERVED +CVE-2021-31238 + RESERVED +CVE-2021-31237 + RESERVED +CVE-2021-31236 + RESERVED +CVE-2021-31235 + RESERVED +CVE-2021-31234 + RESERVED +CVE-2021-31233 + RESERVED +CVE-2021-31232 (The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosu ...) + NOT-FOR-US: CNCF Cortex +CVE-2021-31231 (The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metric ...) + NOT-FOR-US: Grafana Enterprise Metrics and Metrics Enterprise +CVE-2021-31230 + RESERVED +CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} + - mapcache <unfixed> (bug #989363) + [bullseye] - mapcache <no-dsa> (Minor issue) + [buster] - mapcache <no-dsa> (Minor issue) + [stretch] - mapcache <no-dsa> (Minor issue) + - scilab <unfixed> (bug #989364) + [bullseye] - scilab <no-dsa> (Minor issue) + [buster] - scilab <no-dsa> (Minor issue) + - netcdf <unfixed> (bug #989360) + [bullseye] - netcdf <no-dsa> (Minor issue) + [buster] - netcdf <no-dsa> (Minor issue) + [stretch] - netcdf <not-affected> (vulnerable code not present) + - netcdf-parallel <unfixed> (bug #989361) + [bullseye] - netcdf-parallel <no-dsa> (Minor issue) + [buster] - netcdf-parallel <no-dsa> (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/26/ +CVE-2021-31228 (An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnera ...) + NOT-FOR-US: HCC embedded InterNiche +CVE-2021-31227 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...) + NOT-FOR-US: HCC embedded InterNiche +CVE-2021-31226 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...) + NOT-FOR-US: HCC embedded InterNiche +CVE-2021-31225 (SES Evolution before 2.1.0 allows deleting some resources not currentl ...) + NOT-FOR-US: SES Evolution +CVE-2021-31224 (SES Evolution before 2.1.0 allows duplicating an existing security pol ...) + NOT-FOR-US: SES Evolution +CVE-2021-31223 (SES Evolution before 2.1.0 allows reading some parts of a security pol ...) + NOT-FOR-US: SES Evolution +CVE-2021-31222 (SES Evolution before 2.1.0 allows updating some parts of a security po ...) + NOT-FOR-US: SES Evolution +CVE-2021-31221 (SES Evolution before 2.1.0 allows deleting some parts of a security po ...) + NOT-FOR-US: SES Evolution +CVE-2021-31220 (SES Evolution before 2.1.0 allows modifying security policies by lever ...) + NOT-FOR-US: SES Evolution +CVE-2021-31219 + RESERVED +CVE-2021-31218 + RESERVED +CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure ...) + NOT-FOR-US: SolarWinds +CVE-2021-31216 (Siren Investigate before 11.1.1 contains a server side request forgery ...) + NOT-FOR-US: Siren Investigate +CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...) + {DLA-2886-1} + - slurm-wlm 20.11.7+really20.11.4-2 (bug #988439) + - slurm-llnl <removed> + [buster] - slurm-llnl <no-dsa> (Minor issue) + NOTE: https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7) + NOTE: Initially already fixed in 20.11.7-1 (the tracker would do the right thing) + NOTE: but the unstable upload invalidated the changelog 20.11.7-1 so use 20.11.7+really20.11.4-2 + NOTE: for consistency with BTS. +CVE-2021-3499 (A vulnerability was found in OVN Kubernetes in versions up to and incl ...) + NOT-FOR-US: Openshift/ovn-kubernetes +CVE-2021-31214 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-31213 (Visual Studio Code Remote Containers Extension Remote Code Execution V ...) + NOT-FOR-US: Microsoft +CVE-2021-31212 + RESERVED +CVE-2021-31211 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-31210 + RESERVED +CVE-2021-31209 (Microsoft Exchange Server Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31208 (Windows Container Manager Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31207 (Microsoft Exchange Server Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31206 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-31205 (Windows SMB Client Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31204 (.NET and Visual Studio Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31203 + RESERVED +CVE-2021-31202 + RESERVED +CVE-2021-31201 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...) + NOT-FOR-US: Microsoft +CVE-2021-31200 (Common Utilities Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31199 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...) + NOT-FOR-US: Microsoft +CVE-2021-31198 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-31197 + RESERVED +CVE-2021-31196 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-31195 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-31194 (OLE Automation Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31193 (Windows SSDP Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31192 (Windows Media Foundation Core Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31191 (Windows Projected File System FS Filter Driver Information Disclosure ...) + NOT-FOR-US: Microsoft +CVE-2021-31190 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2021-31189 + RESERVED +CVE-2021-31188 (Windows Graphics Component Elevation of Privilege Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-31187 (Windows WalletService Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31186 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-31185 (Windows Desktop Bridge Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31184 (Microsoft Windows Infrared Data Association (IrDA) Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2021-31183 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...) + NOT-FOR-US: Microsoft +CVE-2021-31182 (Microsoft Bluetooth Driver Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31181 (Microsoft SharePoint Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31180 (Microsoft Office Graphics Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31179 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2021-31178 (Microsoft Office Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31177 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2021-31176 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2021-31175 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2021-31174 (Microsoft Excel Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31173 (Microsoft SharePoint Server Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31172 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-31171 (Microsoft SharePoint Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31170 (Windows Graphics Component Elevation of Privilege Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-31169 (Windows Container Manager Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31168 (Windows Container Manager Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31167 (Windows Container Manager Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31166 (HTTP Protocol Stack Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31165 (Windows Container Manager Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-31164 (Apache Unomi prior to version 1.5.5 allows CRLF log injection because ...) + NOT-FOR-US: Apache Unomi +CVE-2021-31163 + RESERVED +CVE-2021-31162 (In the standard library in Rust before 1.52.0, a double free can occur ...) + - rustc 1.53.0+dfsg1-1 + [bullseye] - rustc <no-dsa> (Minor issue) + [buster] - rustc <no-dsa> (Minor issue) + [stretch] - rustc <no-dsa> (Minor issue) + NOTE: https://github.com/rust-lang/rust/issues/83618 + NOTE: https://github.com/rust-lang/rust/pull/83629 + NOTE: https://github.com/rust-lang/rust/commit/542f441d445026d0996eebee9ddddee98f5dc3e5 +CVE-2021-31161 + RESERVED +CVE-2021-31160 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-31159 (Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-31158 (In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, ...) + NOT-FOR-US: Couchbase Server +CVE-2021-31157 + RESERVED +CVE-2021-31156 + RESERVED +CVE-2021-31155 (Failure to normalize the umask in please before 0.4 allows a local att ...) + - rust-pleaser 0.4.1-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 +CVE-2021-31154 (pleaseedit in please before 0.4 uses predictable temporary filenames i ...) + - rust-pleaser 0.4.1-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 +CVE-2021-31153 (please before 0.4 allows a local unprivileged attacker to gain knowled ...) + - rust-pleaser 0.4.1-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 +CVE-2021-31152 (Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request ...) + NOT-FOR-US: Multilaser Router AC1200 +CVE-2021-31151 + REJECTED +CVE-2021-31150 + REJECTED +CVE-2021-31149 + REJECTED +CVE-2021-31148 + REJECTED +CVE-2021-31147 + REJECTED +CVE-2021-31146 + REJECTED +CVE-2021-31145 + REJECTED +CVE-2021-31144 + REJECTED +CVE-2021-31143 + REJECTED +CVE-2021-31142 + REJECTED +CVE-2021-31141 + REJECTED +CVE-2021-31140 + REJECTED +CVE-2021-31139 + REJECTED +CVE-2021-31138 + REJECTED +CVE-2021-31137 + REJECTED +CVE-2021-31136 + REJECTED +CVE-2021-31135 + REJECTED +CVE-2021-31134 + REJECTED +CVE-2021-31133 + REJECTED +CVE-2021-31132 + REJECTED +CVE-2021-31131 + REJECTED +CVE-2021-31130 + REJECTED +CVE-2021-31129 + REJECTED +CVE-2021-31128 + REJECTED +CVE-2021-31127 + REJECTED +CVE-2021-31126 + REJECTED +CVE-2021-31125 + REJECTED +CVE-2021-31124 + REJECTED +CVE-2021-31123 + REJECTED +CVE-2021-31122 + REJECTED +CVE-2021-31121 + REJECTED +CVE-2021-31120 + REJECTED +CVE-2021-31119 + REJECTED +CVE-2021-31118 + REJECTED +CVE-2021-31117 + REJECTED +CVE-2021-31116 + REJECTED +CVE-2021-31115 + REJECTED +CVE-2021-31114 + REJECTED +CVE-2021-31113 + REJECTED +CVE-2021-31112 + REJECTED +CVE-2021-31111 + REJECTED +CVE-2021-31110 + REJECTED +CVE-2021-31109 + REJECTED +CVE-2021-31108 + REJECTED +CVE-2021-31107 + REJECTED +CVE-2021-31106 + REJECTED +CVE-2021-31105 + REJECTED +CVE-2021-31104 + REJECTED +CVE-2021-31103 + REJECTED +CVE-2021-31102 + REJECTED +CVE-2021-31101 + REJECTED +CVE-2021-31100 + REJECTED +CVE-2021-31099 + REJECTED +CVE-2021-31098 + REJECTED +CVE-2021-31097 + REJECTED +CVE-2021-31096 + REJECTED +CVE-2021-31095 + REJECTED +CVE-2021-31094 + REJECTED +CVE-2021-31093 + REJECTED +CVE-2021-31092 + REJECTED +CVE-2021-31091 + REJECTED +CVE-2021-31090 + REJECTED +CVE-2021-31089 + REJECTED +CVE-2021-31088 + REJECTED +CVE-2021-31087 + REJECTED +CVE-2021-31086 + REJECTED +CVE-2021-31085 + REJECTED +CVE-2021-31084 + REJECTED +CVE-2021-31083 + REJECTED +CVE-2021-31082 + REJECTED +CVE-2021-31081 + REJECTED +CVE-2021-31080 + REJECTED +CVE-2021-31079 + REJECTED +CVE-2021-31078 + REJECTED +CVE-2021-31077 + REJECTED +CVE-2021-31076 + REJECTED +CVE-2021-31075 + REJECTED +CVE-2021-31074 + REJECTED +CVE-2021-31073 + REJECTED +CVE-2021-31072 + REJECTED +CVE-2021-31071 + REJECTED +CVE-2021-31070 + REJECTED +CVE-2021-31069 + REJECTED +CVE-2021-31068 + REJECTED +CVE-2021-31067 + REJECTED +CVE-2021-31066 + REJECTED +CVE-2021-31065 + REJECTED +CVE-2021-31064 + REJECTED +CVE-2021-31063 + REJECTED +CVE-2021-31062 + REJECTED +CVE-2021-31061 + REJECTED +CVE-2021-31060 + REJECTED +CVE-2021-31059 + REJECTED +CVE-2021-31058 + REJECTED +CVE-2021-31057 + REJECTED +CVE-2021-31056 + REJECTED +CVE-2021-31055 + REJECTED +CVE-2021-31054 + REJECTED +CVE-2021-31053 + REJECTED +CVE-2021-31052 + REJECTED +CVE-2021-31051 + REJECTED +CVE-2021-31050 + REJECTED +CVE-2021-31049 + REJECTED +CVE-2021-31048 + REJECTED +CVE-2021-31047 + REJECTED +CVE-2021-31046 + REJECTED +CVE-2021-31045 + REJECTED +CVE-2021-31044 + REJECTED +CVE-2021-31043 + REJECTED +CVE-2021-31042 + REJECTED +CVE-2021-31041 + REJECTED +CVE-2021-31040 + REJECTED +CVE-2021-31039 + REJECTED +CVE-2021-31038 + REJECTED +CVE-2021-31037 + REJECTED +CVE-2021-31036 + REJECTED +CVE-2021-31035 + REJECTED +CVE-2021-31034 + REJECTED +CVE-2021-31033 + REJECTED +CVE-2021-31032 + REJECTED +CVE-2021-31031 + REJECTED +CVE-2021-31030 + REJECTED +CVE-2021-31029 + REJECTED +CVE-2021-31028 + REJECTED +CVE-2021-31027 + REJECTED +CVE-2021-31026 + REJECTED +CVE-2021-31025 + REJECTED +CVE-2021-31024 + REJECTED +CVE-2021-31023 + REJECTED +CVE-2021-31022 + REJECTED +CVE-2021-31021 + REJECTED +CVE-2021-31020 + REJECTED +CVE-2021-31019 + REJECTED +CVE-2021-31018 + REJECTED +CVE-2021-31017 + REJECTED +CVE-2021-31016 + REJECTED +CVE-2021-31015 + REJECTED +CVE-2021-31014 + REJECTED +CVE-2021-31013 + REJECTED +CVE-2021-31012 + REJECTED +CVE-2021-31011 + REJECTED +CVE-2021-31010 + REJECTED +CVE-2021-31009 + REJECTED +CVE-2021-31008 + REJECTED +CVE-2021-31007 + REJECTED +CVE-2021-31006 + REJECTED +CVE-2021-31005 + REJECTED +CVE-2021-31004 + REJECTED +CVE-2021-31003 + REJECTED +CVE-2021-31002 + REJECTED +CVE-2021-31001 + REJECTED +CVE-2021-31000 + REJECTED +CVE-2021-30999 + REJECTED +CVE-2021-30998 + REJECTED +CVE-2021-30997 + REJECTED +CVE-2021-30996 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2021-30995 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2021-30994 + REJECTED +CVE-2021-30993 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30992 (This issue was addressed with improved handling of file metadata. This ...) + NOT-FOR-US: Apple +CVE-2021-30991 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30990 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30989 + REJECTED +CVE-2021-30988 (Description: A permissions issue was addressed with improved validatio ...) + NOT-FOR-US: Apple +CVE-2021-30987 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2021-30986 (A device configuration issue was addressed with an updated configurati ...) + NOT-FOR-US: Apple +CVE-2021-30985 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30984 (A race condition was addressed with improved state handling. This issu ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30983 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30982 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30981 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2021-30980 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30979 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30978 + REJECTED +CVE-2021-30977 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2021-30976 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30975 (This issue was addressed by disabling execution of JavaScript when vie ...) + NOT-FOR-US: Apple +CVE-2021-30974 + REJECTED +CVE-2021-30973 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30972 + REJECTED +CVE-2021-30971 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30970 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30969 (A path handling issue was addressed with improved validation. This iss ...) + NOT-FOR-US: Apple +CVE-2021-30968 (A validation issue related to hard link behavior was addressed with im ...) + NOT-FOR-US: Apple +CVE-2021-30967 (Description: A permissions issue was addressed with improved validatio ...) + NOT-FOR-US: Apple +CVE-2021-30966 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30965 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30964 (An inherited permissions issue was addressed with additional restricti ...) + NOT-FOR-US: Apple +CVE-2021-30963 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30962 + REJECTED +CVE-2021-30961 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30960 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30959 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30958 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30957 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30956 + REJECTED +CVE-2021-30955 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2021-30954 (A type confusion issue was addressed with improved memory handling. Th ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30953 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30952 (An integer overflow was addressed with improved input validation. This ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30951 (A use after free issue was addressed with improved memory management. ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30950 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30949 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30948 (An inconsistent user interface issue was addressed with improved state ...) + NOT-FOR-US: Apple +CVE-2021-30947 (An access issue was addressed with additional sandbox restrictions. Th ...) + NOT-FOR-US: Apple +CVE-2021-30946 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30945 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30944 + REJECTED +CVE-2021-30943 + REJECTED +CVE-2021-30942 (Description: A memory corruption issue in the processing of ICC profil ...) + NOT-FOR-US: Apple +CVE-2021-30941 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30940 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30939 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30938 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30937 (A memory corruption vulnerability was addressed with improved locking. ...) + NOT-FOR-US: Apple +CVE-2021-30936 (A use after free issue was addressed with improved memory management. ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30935 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handling. T ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30933 + REJECTED +CVE-2021-30932 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30931 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30930 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30929 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30928 + REJECTED +CVE-2021-30927 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30926 (Description: A memory corruption issue in the processing of ICC profil ...) + NOT-FOR-US: Apple +CVE-2021-30925 + REJECTED +CVE-2021-30924 (A denial of service issue was addressed with improved state handling. ...) + NOT-FOR-US: Apple +CVE-2021-30923 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30922 + REJECTED +CVE-2021-30921 + REJECTED +CVE-2021-30920 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30919 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30918 (A Lock Screen issue was addressed with improved state management. This ...) + NOT-FOR-US: Apple +CVE-2021-30917 (A memory corruption issue existed in the processing of ICC profiles. T ...) + NOT-FOR-US: Apple +CVE-2021-30916 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30915 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30914 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2021-30913 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30912 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30911 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30910 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30909 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30908 (An authentication issue was addressed with improved state management. ...) + NOT-FOR-US: Apple +CVE-2021-30907 (An integer overflow was addressed through improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30906 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30905 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30904 (A sync issue was addressed with improved state validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30903 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30902 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30901 (Multiple out-of-bounds write issues were addressed with improved bound ...) + NOT-FOR-US: Apple +CVE-2021-30900 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30899 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2021-30898 + REJECTED +CVE-2021-30897 (An issue existed in the specification for the resource timing API. The ...) + NOT-FOR-US: Apple +CVE-2021-30896 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30895 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30894 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2021-30893 + REJECTED +CVE-2021-30892 (An inherited permissions issue was addressed with additional restricti ...) + NOT-FOR-US: Apple +CVE-2021-30891 + REJECTED +CVE-2021-30890 (A logic issue was addressed with improved state management. This issue ...) + {DSA-5031-1 DSA-5030-1} + - webkit2gtk 2.34.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30889 (A buffer overflow issue was addressed with improved memory handling. T ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30888 (An information leakage issue was addressed. This issue is fixed in iOS ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30887 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-5031-1 DSA-5030-1} + - webkit2gtk 2.34.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30886 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30885 + REJECTED +CVE-2021-30884 (The issue was resolved with additional restrictions on CSS compositing ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30883 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30882 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30881 (An input validation issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30880 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30879 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30878 + REJECTED +CVE-2021-30877 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30876 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30875 (A lock screen issue allowed access to contacts on a locked device. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30874 (An authorization issue was addressed with improved state management. T ...) + NOT-FOR-US: Apple +CVE-2021-30873 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30872 + REJECTED +CVE-2021-30871 (This issue was addressed with a new entitlement. This issue is fixed i ...) + NOT-FOR-US: Apple +CVE-2021-30870 (A logic issue existed in the handling of document loads. This issue wa ...) + NOT-FOR-US: Apple +CVE-2021-30869 (A type confusion issue was addressed with improved state handling. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30868 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30867 (The issue was addressed with improved authentication. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30866 (A user privacy issue was addressed by removing the broadcast MAC addre ...) + NOT-FOR-US: Apple +CVE-2021-30865 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30864 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30863 (This issue was addressed by improving Face ID anti-spoofing models. Th ...) + NOT-FOR-US: Apple +CVE-2021-30862 (A validation issue was addressed with improved input sanitization. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30861 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30860 (An integer overflow was addressed with improved input validation. This ...) + NOT-FOR-US: Apple +CVE-2021-30859 (A type confusion issue was addressed with improved state handling. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30858 (A use after free issue was addressed with improved memory management. ...) + {DSA-4976-1 DSA-4975-1} + - webkit2gtk 2.32.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.4-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0005.html +CVE-2021-30857 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30856 + REJECTED +CVE-2021-30855 (A validation issue existed in the handling of symlinks. This issue was ...) + NOT-FOR-US: Apple +CVE-2021-30854 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30853 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30852 (A type confusion issue was addressed with improved memory handling. Th ...) + NOT-FOR-US: Apple +CVE-2021-30851 (A memory corruption vulnerability was addressed with improved locking. ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.0-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0006.html + NOTE: https://bugs.webkit.org/show_bug.cgi?id=227988 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/27/4 +CVE-2021-30850 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2021-30849 (Multiple memory corruption issues were addressed with improved memory ...) + {DSA-4976-1 DSA-4975-1} + - webkit2gtk 2.32.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.4-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0006.html +CVE-2021-30848 (A memory corruption issue was addressed with improved memory handling. ...) + {DSA-4976-1 DSA-4975-1} + - webkit2gtk 2.32.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.4-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0006.html +CVE-2021-30847 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30846 (A memory corruption issue was addressed with improved memory handling. ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.0-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0006.html +CVE-2021-30845 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30844 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30843 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30842 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30841 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30840 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30839 + RESERVED +CVE-2021-30838 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30837 (A memory consumption issue was addressed with improved memory handling ...) + NOT-FOR-US: Apple +CVE-2021-30836 (An out-of-bounds read was addressed with improved input validation. Th ...) + {DSA-4976-1 DSA-4975-1} + - webkit2gtk 2.32.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.4-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30835 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30834 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30833 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30832 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30831 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30830 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30829 (A URI parsing issue was addressed with improved parsing. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30828 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30827 (A permissions issue existed. This issue was addressed with improved pe ...) + NOT-FOR-US: Apple +CVE-2021-30826 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30825 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30824 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30823 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30822 + RESERVED +CVE-2021-30821 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30820 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30819 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30818 (A type confusion issue was addressed with improved state handling. Thi ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30817 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30816 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30815 (A lock screen issue allowed access to contacts on a locked device. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30814 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2021-30813 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30812 + RESERVED +CVE-2021-30811 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30810 (An authorization issue was addressed with improved state management. T ...) + NOT-FOR-US: Apple +CVE-2021-30809 (A use after free issue was addressed with improved memory management. ...) + {DSA-4976-1 DSA-4975-1} + - webkit2gtk 2.32.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.4-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30808 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30807 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30806 + RESERVED +CVE-2021-30805 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2021-30804 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30803 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30802 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30801 + RESERVED +CVE-2021-30800 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30799 (Multiple memory corruption issues were addressed with improved memory ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30798 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30797 (This issue was addressed with improved checks. This issue is fixed in ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30796 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30795 (A use after free issue was addressed with improved memory management. ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30794 + RESERVED +CVE-2021-30793 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30792 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30791 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30790 (An information disclosure issue was addressed by removing the vulnerab ...) + NOT-FOR-US: Apple +CVE-2021-30789 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30788 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30787 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30786 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2021-30785 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2021-30784 (Multiple issues were addressed with improved logic. This issue is fixe ...) + NOT-FOR-US: Apple +CVE-2021-30783 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2021-30782 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30781 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30780 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30779 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30778 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2021-30777 (An injection issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30776 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30775 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30774 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30773 (An issue in code signature validation was addressed with improved chec ...) + NOT-FOR-US: Apple +CVE-2021-30772 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30771 + RESERVED +CVE-2021-30770 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30769 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30768 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30767 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30766 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30765 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30764 (Processing a maliciously crafted file may lead to arbitrary code execu ...) + NOT-FOR-US: Apple +CVE-2021-30763 (An input validation issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2021-30762 (A use after free issue was addressed with improved memory management. ...) + {DSA-4681-1} + - webkit2gtk 2.28.0-2 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.28.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30761 (A memory corruption issue was addressed with improved state management ...) + {DSA-4558-1} + - webkit2gtk 2.26.1-2 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.26.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30760 (An integer overflow was addressed through improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30759 (A stack overflow was addressed with improved input validation. This is ...) + NOT-FOR-US: Apple +CVE-2021-30758 (A type confusion issue was addressed with improved state handling. Thi ...) + {DSA-4945-1} + - webkit2gtk 2.32.2-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.2-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30757 (This issue was addressed by enabling hardened runtime. This issue is f ...) + NOT-FOR-US: Apple +CVE-2021-30756 (A local attacker may be able to view Now Playing information from the ...) + NOT-FOR-US: Apple +CVE-2021-30755 (Processing a maliciously crafted font may result in the disclosure of ...) + NOT-FOR-US: Apple +CVE-2021-30754 + RESERVED +CVE-2021-30753 (Processing a maliciously crafted font may result in the disclosure of ...) + NOT-FOR-US: Apple +CVE-2021-30752 (Processing a maliciously crafted image may lead to arbitrary code exec ...) + NOT-FOR-US: Apple +CVE-2021-30751 (This issue was addressed with improved data protection. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30750 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30749 (Multiple memory corruption issues were addressed with improved memory ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30748 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30747 + RESERVED +CVE-2021-30746 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30745 + RESERVED +CVE-2021-30744 (Description: A cross-origin issue with iframe elements was addressed w ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30743 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30742 (A memory consumption issue was addressed with improved memory handling ...) + NOT-FOR-US: Apple +CVE-2021-30741 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30740 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30739 (A local attacker may be able to elevate their privileges. This issue i ...) + NOT-FOR-US: Apple +CVE-2021-30738 (A malicious application may be able to overwrite arbitrary files. This ...) + NOT-FOR-US: Apple +CVE-2021-30737 (A memory corruption issue in the ASN.1 decoder was addressed by removi ...) + NOT-FOR-US: Apple +CVE-2021-30736 (A buffer overflow was addressed with improved size validation. This is ...) + NOT-FOR-US: Apple +CVE-2021-30735 (A malicious application may be able to execute arbitrary code with ker ...) + NOT-FOR-US: Apple +CVE-2021-30734 (Multiple memory corruption issues were addressed with improved memory ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30733 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30732 + RESERVED +CVE-2021-30731 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30730 + RESERVED +CVE-2021-30729 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30728 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30727 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30726 (A malicious application may be able to execute arbitrary code with ker ...) + NOT-FOR-US: Apple +CVE-2021-30725 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30724 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30723 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2021-30722 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2021-30721 (A path handling issue was addressed with improved validation. This iss ...) + NOT-FOR-US: Apple +CVE-2021-30720 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30719 (A local user may be able to cause unexpected system termination or rea ...) + NOT-FOR-US: Apple +CVE-2021-30718 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30717 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30716 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30715 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30714 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2021-30713 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30712 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30711 + RESERVED +CVE-2021-30710 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30709 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30708 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30707 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30706 (Processing a maliciously crafted image may lead to disclosure of user ...) + NOT-FOR-US: Apple +CVE-2021-30705 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30704 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30703 (A double free issue was addressed with improved memory management. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30702 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30701 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30700 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30699 (A window management issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30698 (A null pointer dereference was addressed with improved input validatio ...) + NOT-FOR-US: Apple +CVE-2021-30697 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30696 (An attacker in a privileged network position may be able to misreprese ...) + NOT-FOR-US: Apple +CVE-2021-30695 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30694 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2021-30693 (A validation issue was addressed with improved logic. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30692 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2021-30691 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2021-30690 (Multiple issues in apache were addressed by updating apache to version ...) + NOT-FOR-US: Apple +CVE-2021-30689 (A logic issue was addressed with improved state management. This issue ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30688 (A malicious application may be able to break out of its sandbox. This ...) + NOT-FOR-US: Apple +CVE-2021-30687 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30686 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30685 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30684 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30683 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30682 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-4923-1} + - webkit2gtk 2.32.0-2 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.0-2 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30681 (A validation issue existed in the handling of symlinks. This issue was ...) + NOT-FOR-US: Apple +CVE-2021-30680 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30679 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2021-30678 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30677 (This issue was addressed with improved environment sanitization. This ...) + NOT-FOR-US: Apple +CVE-2021-30676 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30675 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30674 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30673 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2021-30672 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30671 (A validation issue was addressed with improved logic. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30670 + RESERVED +CVE-2021-30669 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30668 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30667 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30666 (A buffer overflow issue was addressed with improved memory handling. T ...) + {DSA-4558-1} + - webkit2gtk 2.26.1-2 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.26.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30665 (A memory corruption issue was addressed with improved state management ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30664 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30663 (An integer overflow was addressed with improved input validation. This ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30662 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30661 (A use after free issue was addressed with improved memory management. ...) + {DSA-4797-1} + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30660 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30659 (A validation issue was addressed with improved logic. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30658 (This issue was addressed with improved handling of file metadata. This ...) + NOT-FOR-US: Apple +CVE-2021-30657 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30656 (An access issue was addressed with improved memory management. This is ...) + NOT-FOR-US: Apple +CVE-2021-30655 (An application may be able to execute arbitrary code with system privi ...) + NOT-FOR-US: Apple +CVE-2021-30654 (This issue was addressed by removing additional entitlements. This iss ...) + NOT-FOR-US: Apple +CVE-2021-30653 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30652 (A race condition was addressed with additional validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30651 + RESERVED +CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...) + NOT-FOR-US: Symantec +CVE-2021-30649 + RESERVED +CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management ...) + NOT-FOR-US: Symantec +CVE-2021-30647 + RESERVED +CVE-2021-30646 + RESERVED +CVE-2021-30645 + RESERVED +CVE-2021-30644 + RESERVED +CVE-2021-30643 + RESERVED +CVE-2021-30642 (An input validation flaw in the Symantec Security Analytics web UI 7.2 ...) + NOT-FOR-US: Symantec +CVE-2021-XXXX [out of bounds reads in ASF demuxer] + - gst-plugins-ugly1.0 1.18.4-2 + [buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u1 + [stretch] - gst-plugins-ugly1.0 1.10.4-1+deb9u1 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues/37 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/3aba7d1e625554b2407bc77b3d09b4928b937d5f (master) + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/9726aaf78e6643a5955864f444852423de58de29 (1.18.4) +CVE-2021-3522 (GStreamer before 1.18.4 may perform an out-of-bounds read when handlin ...) + {DSA-4903-1 DLA-2641-1} + - gst-plugins-base1.0 1.18.4-2 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee (master) + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 (1.18.4) + NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0001.html +CVE-2021-XXXX [Catch overflows in AVC/HEVC NAL unit length calculations] + - gst-plugins-bad1.0 1.18.4-2 + [buster] - gst-plugins-bad1.0 1.14.4-1+deb10u2 + [stretch] - gst-plugins-bad1.0 1.10.4-1+deb9u2 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/0cfbf7ad91c7f121192c8ce135769f8eb276c41d (1.18-branch) +CVE-2021-XXXX [stack corruption when handling files with more than 64 audio channels] + - gst-libav1.0 1.18.4-2 + [buster] - gst-libav1.0 1.15.0.1+git20180723+db823502-2+deb10u1 + [stretch] - gst-libav1.0 1.10.4-1+deb9u1 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/dcea8baa14a5fc3b796d876baaf2f238546ba2b1 (master) + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/a339f8f9641382b92b43e6d146bdc5d87a9704f8 (1.18.4) + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/issues/92 +CVE-2021-3498 (GStreamer before 1.18.4 might cause heap corruption when parsing certa ...) + {DSA-4900-1} + [experimental] - gst-plugins-good1.0 1.18.4-1 + - gst-plugins-good1.0 1.18.4-2 (bug #986911) + [stretch] - gst-plugins-good1.0 <not-affected> (Vulnerable code introduced later) + NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0003.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0 + NOTE: Introduced by: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/f279bc5336dda19741a5996a108da42dd3201366 +CVE-2021-3497 (GStreamer before 1.18.4 might access already-freed memory in error cod ...) + {DSA-4900-1 DLA-2640-1} + [experimental] - gst-plugins-good1.0 1.18.4-1 + - gst-plugins-good1.0 1.18.4-2 (bug #986910) + NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0002.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/9181191511f9c0be6a89c98b311f49d66bd46dc3 +CVE-2021-3496 (A heap-based buffer overflow was found in jhead in version 3.06 in Get ...) + - jhead 1:3.04-6 (bug #986923; unimportant) + NOTE: https://github.com/Matthias-Wandel/jhead/issues/33 + NOTE: Fixed by: https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0 + NOTE: Crash in CLI tool, no security impact +CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behav ...) + {DSA-4937-1 DLA-2706-1} + [experimental] - apache2 2.4.48-1 + - apache2 2.4.46-6 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1966743 + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65238 + NOTE: https://github.com/apache/httpd/commit/eb986059aa5aa0b6c1d52714ea83e3dd758afdd1 +CVE-2021-30640 (A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker ...) + {DSA-4952-1 DLA-2733-1} + - tomcat9 9.0.43-2 (bug #991046) + [bullseye] - tomcat9 9.0.43-2~deb11u1 + [buster] - tomcat9 9.0.31-1~deb10u6 + - tomcat8 <removed> + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65224 + NOTE: https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434 (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56 (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862 (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43 (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0 (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945 (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100 (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822 (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972 (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38 (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375 (8.5.66) + NOTE: Fix for CVE-2021-30640 introduced a regression: + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 +CVE-2021-30639 (A vulnerability in Apache Tomcat allows an attacker to remotely trigge ...) + - tomcat9 <not-affected> (Vulnerable code introduced later in 9.0.44) + - tomcat8 <removed> + [stretch] - tomcat8 <not-affected> (Vulnerable code was introduced later) + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65203 + NOTE: https://github.com/apache/tomcat/commit/8ece47c4a9fb9349e8862c84358a4dd23c643a24 (9.0.45) + NOTE: https://github.com/apache/tomcat/commit/411caf29ac1c16e6ac291b6e5543b2371dbd25e2 (8.5.65) +CVE-2021-30638 (Information Exposure vulnerability in context asset handling of Apache ...) + NOT-FOR-US: Apache Tapestry +CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...) + NOT-FOR-US: htmly +CVE-2021-30636 (In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corrup ...) + NOT-FOR-US: MediaTek LinkIt SDK +CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...) + NOT-FOR-US: Sonatype Nexus Repository Manager +CVE-2021-30634 + RESERVED +CVE-2021-30633 (Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.8 ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30632 (Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allow ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30631 + REJECTED +CVE-2021-30630 (Inappropriate implementation in Blink in Google Chrome prior to 93.0.4 ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30629 (Use after free in Permissions in Google Chrome prior to 93.0.4577.82 a ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30628 (Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30627 (Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30626 (Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.45 ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30625 (Use after free in Selection API in Google Chrome prior to 93.0.4577.82 ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30624 (Chromium: CVE-2021-30624 Use after free in Autofill ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30623 (Chromium: CVE-2021-30623 Use after free in Bookmarks ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30622 (Chromium: CVE-2021-30622 Use after free in WebApp Installs ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30621 (Chromium: CVE-2021-30621 UI Spoofing in Autofill ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30620 (Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30619 (Chromium: CVE-2021-30619 UI Spoofing in Autofill ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30618 (Chromium: CVE-2021-30618 Inappropriate implementation in DevTools ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30617 (Chromium: CVE-2021-30617 Policy bypass in Blink ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30616 (Chromium: CVE-2021-30616 Use after free in Media ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30615 (Chromium: CVE-2021-30615 Cross-origin data leak in Navigation ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30614 (Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30613 (Chromium: CVE-2021-30613 Use after free in Base internals ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30612 (Chromium: CVE-2021-30612 Use after free in WebRTC ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30611 (Chromium: CVE-2021-30611 Use after free in WebRTC ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30610 (Chromium: CVE-2021-30610 Use after free in Extensions API ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30609 (Chromium: CVE-2021-30609 Use after free in Sign-In ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30608 (Chromium: CVE-2021-30608 Use after free in Web Share ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30607 (Chromium: CVE-2021-30607 Use after free in Permissions ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30606 (Chromium: CVE-2021-30606 Use after free in Blink ...) + - chromium 93.0.4577.82-1 + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30605 (Inappropriate implementation in the ChromeOS Readiness Tool installer ...) + NOT-FOR-US: ChromeOS Readiness Tool installer on Windows +CVE-2021-30604 (Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowe ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30603 (Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30602 (Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allow ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30601 (Use after free in Extensions API in Google Chrome prior to 92.0.4515.1 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30600 (Use after free in Printing in Google Chrome prior to 92.0.4515.159 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30599 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30598 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30597 (Use after free in Browser UI in Google Chrome on Chrome prior to 92.0. ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30596 (Incorrect security UI in Navigation in Google Chrome on Android prior ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30595 + RESERVED +CVE-2021-30594 (Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30593 (Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.13 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30592 (Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515. ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30591 (Use after free in File System API in Google Chrome prior to 92.0.4515. ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30590 (Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515. ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30589 (Insufficient validation of untrusted input in Sharing in Google Chrome ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30588 (Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30587 (Inappropriate implementation in Compositing in Google Chrome prior to ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30586 (Use after free in dialog box handling in Windows in Google Chrome prio ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30585 (Use after free in sensor handling in Google Chrome on Windows prior to ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30584 (Incorrect security UI in Downloads in Google Chrome on Android prior t ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30583 (Insufficient policy enforcement in image handling in iOS in Google Chr ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30582 (Inappropriate implementation in Animation in Google Chrome prior to 92 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30581 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30580 (Insufficient policy enforcement in Android intents in Google Chrome pr ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30579 (Use after free in UI framework in Google Chrome prior to 92.0.4515.107 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30578 (Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30577 (Insufficient policy enforcement in Installer in Google Chrome prior to ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30576 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30575 (Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.10 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30574 (Use after free in protocol handling in Google Chrome prior to 92.0.451 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30573 (Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30572 (Use after free in Autofill in Google Chrome prior to 92.0.4515.107 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30571 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30570 + RESERVED +CVE-2021-30569 (Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allow ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30568 (Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30567 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30566 (Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515. ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30565 (Out of bounds write in Tab Groups in Google Chrome on Linux and Chrome ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30564 (Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30563 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30562 (Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 al ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30561 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30560 (Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30559 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30558 + RESERVED +CVE-2021-30557 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 al ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30556 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30555 (Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allo ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30554 (Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowe ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30553 (Use after free in Network service in Google Chrome prior to 91.0.4472. ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30552 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30551 (Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30550 (Use after free in Accessibility in Google Chrome prior to 91.0.4472.10 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30549 (Use after free in Spell check in Google Chrome prior to 91.0.4472.101 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30548 (Use after free in Loader in Google Chrome prior to 91.0.4472.101 allow ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ...) + {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1} + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) + - firefox 90.0-1 + - firefox-esr 78.12.0esr-1 + - thunderbird 1:78.12.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-30547 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-30547 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-30547 +CVE-2021-30546 (Use after free in Autofill in Google Chrome prior to 91.0.4472.101 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30545 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30544 (Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allo ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30543 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30542 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30541 (Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30540 (Incorrect security UI in payments in Google Chrome on Android prior to ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30539 (Insufficient policy enforcement in content security policy in Google C ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30538 (Insufficient policy enforcement in content security policy in Google C ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30537 (Insufficient policy enforcement in cookies in Google Chrome prior to 9 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30536 (Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowe ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30535 (Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a re ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) + - icu 67.1-7 + [buster] - icu <not-affected> (Vulnerable code introduced later) + [stretch] - icu <not-affected> (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1194899 (restricted) + NOTE: Bugfix: https://github.com/unicode-org/icu/pull/1698/commits/e450fa50fc242282551f56b941dc93b9a8a0bcbb + NOTE: Backports: https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2842864 + NOTE: Introduced by: https://github.com/unicode-org/icu/commit/596647c0c34bf19d90d7c90d4f3827876fef688f (release-66-preview) + NOTE: Fixed by: https://github.com/unicode-org/icu/commit/2dc5bea9061b4fb05cd03e21b775dd944a0eb81d +CVE-2021-30534 (Insufficient policy enforcement in iFrameSandbox in Google Chrome prio ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30533 (Insufficient policy enforcement in PopupBlocker in Google Chrome prior ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30532 (Insufficient policy enforcement in Content Security Policy in Google C ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30531 (Insufficient policy enforcement in Content Security Policy in Google C ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30530 (Out of bounds memory access in WebAudio in Google Chrome prior to 91.0 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30529 (Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30528 (Use after free in WebAuthentication in Google Chrome on Android prior ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30527 (Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30526 (Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30525 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30524 (Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allo ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30523 (Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowe ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30522 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allo ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30521 (Heap buffer overflow in Autofill in Google Chrome on Android prior to ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium <end-of-life> (see DSA 5046) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30520 (Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 al ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30519 (Use after free in Payments in Google Chrome prior to 90.0.4430.212 all ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30518 (Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.443 ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30517 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30516 (Heap buffer overflow in History in Google Chrome prior to 90.0.4430.21 ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30515 (Use after free in File API in Google Chrome prior to 90.0.4430.212 all ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30514 (Use after free in Autofill in Google Chrome prior to 90.0.4430.212 all ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30513 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30512 (Use after free in Notifications in Google Chrome prior to 90.0.4430.21 ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30511 (Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.2 ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30510 (Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30509 (Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.2 ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30508 (Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.443 ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30507 (Inappropriate implementation in Offline in Google Chrome on Android pr ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30506 (Incorrect security UI in Web App Installs in Google Chrome on Android ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-30505 + RESERVED +CVE-2021-30504 (In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of ...) + NOT-FOR-US: JetBrains +CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual Studio C ...) + NOT-FOR-US: GLSL Linting extension for Visual Studio Code +CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) ...) + NOT-FOR-US: vscode-ghc-simple extension for Visual Studio Code +CVE-2021-3495 (An incorrect access control flaw was found in the kiali-operator in ve ...) + NOT-FOR-US: kiali-operator +CVE-2021-3494 (A smart proxy that provides a restful API to various sub-systems of th ...) + - foreman <itp> (bug #663101) +CVE-2021-3493 (The overlayfs implementation in the linux kernel did not properly vali ...) + - linux 5.10.38-1 + [stretch] - linux <not-affected> (Unprivileged users cannot mount overlayfs) + NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1 +CVE-2021-30501 (An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in ...) + - upx-ucl <unfixed> (unimportant) + NOTE: https://github.com/upx/upx/issues/486 + NOTE: https://github.com/upx/upx/pull/487 + NOTE: https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46 +CVE-2021-30500 (Null pointer dereference was found in upx PackLinuxElf::canUnpack() in ...) + - upx-ucl <unfixed> (unimportant) + NOTE: https://github.com/upx/upx/issues/485 + NOTE: https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc +CVE-2021-30499 (A flaw was found in libcaca. A buffer overflow of export.c in function ...) + - libcaca <unfixed> (bug #987278) + [bullseye] - libcaca <no-dsa> (Minor issue) + [buster] - libcaca <no-dsa> (Minor issue) + [stretch] - libcaca <postponed> (Minor issue; can be fixed in next update) + NOTE: https://github.com/cacalabs/libcaca/issues/54 +CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c in fun ...) + - libcaca <unfixed> (bug #987278) + [bullseye] - libcaca <no-dsa> (Minor issue) + [buster] - libcaca <no-dsa> (Minor issue) + [stretch] - libcaca <postponed> (Minor issue; can be fixed in next update) + NOTE: https://github.com/cacalabs/libcaca/issues/53 +CVE-2021-30497 + RESERVED +CVE-2021-30496 (The Telegram app 7.6.2 for iOS allows remote authenticated users to ca ...) + NOT-FOR-US: Telegram for iOS +CVE-2021-30495 + RESERVED +CVE-2021-30494 (Multiple system services installed alongside the Razer Synapse 3 softw ...) + NOT-FOR-US: Razer Synapse 3 software suite +CVE-2021-30493 (Multiple system services installed alongside the Razer Synapse 3 softw ...) + NOT-FOR-US: Razer Synapse 3 software suite +CVE-2021-30492 + RESERVED +CVE-2021-30491 + RESERVED +CVE-2021-30490 + RESERVED +CVE-2021-30489 + RESERVED +CVE-2021-30488 + RESERVED +CVE-2021-30487 (In the topic moving API in Zulip Server 3.x before 3.4, organization a ...) + - zulip-server <itp> (bug #800052) +CVE-2021-30486 (SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via ...) + NOT-FOR-US: SysAid +CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} + - mapcache <unfixed> (bug #989363) + [bullseye] - mapcache <no-dsa> (Minor issue) + [buster] - mapcache <no-dsa> (Minor issue) + [stretch] - mapcache <no-dsa> (Minor issue) + - scilab <unfixed> (bug #989364) + [bullseye] - scilab <no-dsa> (Minor issue) + [buster] - scilab <no-dsa> (Minor issue) + - netcdf <unfixed> (bug #989360) + [bullseye] - netcdf <no-dsa> (Minor issue) + [buster] - netcdf <no-dsa> (Minor issue) + [stretch] - netcdf <not-affected> (vulnerable code not present) + - netcdf-parallel <unfixed> (bug #989361) + [bullseye] - netcdf-parallel <no-dsa> (Minor issue) + [buster] - netcdf-parallel <no-dsa> (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/25 +CVE-2021-30484 + RESERVED +CVE-2021-30483 (isomorphic-git before 1.8.2 allows Directory Traversal via a crafted r ...) + NOT-FOR-US: isomorphic-git +CVE-2021-30482 (In JetBrains UpSource before 2020.1.1883, application passwords were n ...) + NOT-FOR-US: JetBrains +CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is installed ...) + NOT-FOR-US: Valve Steam + NOTE: Debian ships an installer as src:steam, but it auto-updates whenever Steam + NOTE: is started, so nothing really to be updated there +CVE-2021-3492 (Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux ...) + - linux <not-affected> (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1 + NOTE: Debian does not include the (not yet upstream accepted) shiftfs +CVE-2021-3491 (The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT li ...) + - linux 5.10.38-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/13 + NOTE: https://git.kernel.org/linus/d1f82808877bb10d3deee7cf3374a4eb3fb582db +CVE-2021-3490 (The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in th ...) + - linux 5.10.38-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/11 +CVE-2021-3489 (The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel di ...) + - linux 5.10.38-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/10 +CVE-2021-30480 (Zoom Chat through 2021-04-09 on Windows and macOS allows certain remot ...) + NOT-FOR-US: Zoom Chat +CVE-2021-3488 + RESERVED +CVE-2021-30479 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...) + - zulip-server <itp> (bug #800052) +CVE-2021-30478 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...) + - zulip-server <itp> (bug #800052) +CVE-2021-30477 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...) + - zulip-server <itp> (bug #800052) +CVE-2021-30476 (HashiCorp Terraform’s Vault Provider (terraform-provider-vault) ...) + NOT-FOR-US: HashiCorp Terraform Vault Provider +CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions before 2.36. ...) + - binutils 2.37-3 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24 + NOTE: binutils not covered by security support +CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its possible to in ...) + - glpi <removed> + NOTE: https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS +CVE-2021-30475 (aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buf ...) + [experimental] - aom 3.2.0-1~exp1 + - aom 3.2.0-1 + NOTE: https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0 + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2999 +CVE-2021-30474 (aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use ...) + [experimental] - aom 3.2.0-1~exp1 + - aom 3.2.0-1 + NOTE: https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3000 +CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...) + [experimental] - aom 3.2.0-1~exp1 + - aom 3.2.0-1 (bug #988211) + NOTE: https://aomedia.googlesource.com/aom/+/d0cac70b542c38accd916f8afd13592d34c48963%5E%21/ + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998 +CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in Pdf ...) + - libpodofo <unfixed> (bug #986794) + [bullseye] - libpodofo <no-dsa> (Minor issue) + [buster] - libpodofo <no-dsa> (Minor issue) + [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update) + NOTE: https://sourceforge.net/p/podofo/tickets/132/ +CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in Pd ...) + - libpodofo <unfixed> (bug #986793) + [bullseye] - libpodofo <no-dsa> (Minor issue) + [buster] - libpodofo <no-dsa> (Minor issue) + [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update) + NOTE: https://sourceforge.net/p/podofo/tickets/131/ +CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among ...) + - libpodofo <unfixed> (bug #986792) + [bullseye] - libpodofo <no-dsa> (Minor issue) + [buster] - libpodofo <no-dsa> (Minor issue) + [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update) + NOTE: https://sourceforge.net/p/podofo/tickets/130/ +CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecO ...) + - libpodofo <unfixed> (bug #986791) + [bullseye] - libpodofo <no-dsa> (Minor issue) + [buster] - libpodofo <no-dsa> (Minor issue) + [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update) + NOTE: https://sourceforge.net/p/podofo/tickets/129/ +CVE-2021-30468 (A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows ...) + NOT-FOR-US: Apache CXF +CVE-2021-30467 + RESERVED +CVE-2021-30466 + RESERVED +CVE-2021-30465 (runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Dire ...) + - runc 1.0.0~rc93+ds1-5 (bug #988768) + [stretch] - runc <no-dsa> (Intrusive to backport fix) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/2 + NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r + NOTE: Initial patch in -4, but revised patch was applied only in -5 +CVE-2021-30464 (OMICRON StationGuard before 1.10 allows remote attackers to cause a de ...) + NOT-FOR-US: OMICRON StationGuard +CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers to gain privileges by creati ...) + NOT-FOR-US: VestaCP +CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate privileges ...) + NOT-FOR-US: VestaCP +CVE-2021-30461 (A remote code execution issue was discovered in the web UI of VoIPmoni ...) + NOT-FOR-US: VoIPmonitor +CVE-2021-30460 + RESERVED +CVE-2021-30459 (A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolba ...) + NOT-FOR-US: Jazzband Django Debug Toolbar +CVE-2021-30458 (An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x ...) + - mediawiki 1:1.35.2-1 + [buster] - mediawiki <not-affected> (Only applies to 1.35 and later) + [stretch] - mediawiki <not-affected> (Only applies to 1.35 and later) + NOTE: https://phabricator.wikimedia.org/T279451 +CVE-2021-30457 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...) + NOT-FOR-US: Rust crate id-map +CVE-2021-30456 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...) + NOT-FOR-US: Rust crate id-map +CVE-2021-30455 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...) + NOT-FOR-US: Rust crate id-map +CVE-2021-30454 (An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. ...) + NOT-FOR-US: Rust crate outer_cgi +CVE-2021-30453 + RESERVED +CVE-2021-30452 + RESERVED +CVE-2021-30451 + RESERVED +CVE-2021-30450 + RESERVED +CVE-2021-30449 + RESERVED +CVE-2021-30448 + RESERVED +CVE-2021-30447 + RESERVED +CVE-2021-30446 + RESERVED +CVE-2021-30445 + RESERVED +CVE-2021-30444 + RESERVED +CVE-2021-30443 + RESERVED +CVE-2021-30442 + RESERVED +CVE-2021-30441 + RESERVED +CVE-2021-30440 + RESERVED +CVE-2021-30439 + RESERVED +CVE-2021-30438 + RESERVED +CVE-2021-30437 + RESERVED +CVE-2021-30436 + RESERVED +CVE-2021-30435 + RESERVED +CVE-2021-30434 + RESERVED +CVE-2021-30433 + RESERVED +CVE-2021-30432 + RESERVED +CVE-2021-30431 + RESERVED +CVE-2021-30430 + RESERVED +CVE-2021-30429 + RESERVED +CVE-2021-30428 + RESERVED +CVE-2021-30427 + RESERVED +CVE-2021-30426 + RESERVED +CVE-2021-30425 + RESERVED +CVE-2021-30424 + RESERVED +CVE-2021-30423 + RESERVED +CVE-2021-30422 + RESERVED +CVE-2021-30421 + RESERVED +CVE-2021-30420 + RESERVED +CVE-2021-30419 + RESERVED +CVE-2021-30418 + RESERVED +CVE-2021-30417 + RESERVED +CVE-2021-30416 + RESERVED +CVE-2021-30415 + RESERVED +CVE-2021-30414 + RESERVED +CVE-2021-30413 + RESERVED +CVE-2021-30412 + RESERVED +CVE-2021-30411 + RESERVED +CVE-2021-30410 + RESERVED +CVE-2021-30409 + RESERVED +CVE-2021-30408 + RESERVED +CVE-2021-30407 + RESERVED +CVE-2021-30406 + RESERVED +CVE-2021-30405 + RESERVED +CVE-2021-30404 + RESERVED +CVE-2021-30403 + RESERVED +CVE-2021-30402 + RESERVED +CVE-2021-30401 + RESERVED +CVE-2021-30400 + RESERVED +CVE-2021-30399 + RESERVED +CVE-2021-30398 + RESERVED +CVE-2021-30397 + RESERVED +CVE-2021-30396 + RESERVED +CVE-2021-30395 + RESERVED +CVE-2021-30394 + RESERVED +CVE-2021-30393 + RESERVED +CVE-2021-30392 + RESERVED +CVE-2021-30391 + RESERVED +CVE-2021-30390 + RESERVED +CVE-2021-30389 + RESERVED +CVE-2021-30388 + RESERVED +CVE-2021-30387 + RESERVED +CVE-2021-30386 + RESERVED +CVE-2021-30385 + RESERVED +CVE-2021-30384 + RESERVED +CVE-2021-30383 + RESERVED +CVE-2021-30382 + RESERVED +CVE-2021-30381 + RESERVED +CVE-2021-30380 + RESERVED +CVE-2021-30379 + RESERVED +CVE-2021-30378 + RESERVED +CVE-2021-30377 + RESERVED +CVE-2021-30376 + RESERVED +CVE-2021-30375 + RESERVED +CVE-2021-30374 + RESERVED +CVE-2021-30373 + RESERVED +CVE-2021-30372 + RESERVED +CVE-2021-30371 + RESERVED +CVE-2021-30370 + RESERVED +CVE-2021-30369 + RESERVED +CVE-2021-30368 + RESERVED +CVE-2021-30367 + RESERVED +CVE-2021-30366 + RESERVED +CVE-2021-30365 + RESERVED +CVE-2021-30364 + RESERVED +CVE-2021-30363 + RESERVED +CVE-2021-30362 + RESERVED +CVE-2021-30361 + RESERVED +CVE-2021-30360 (Users have access to the directory where the installation repair occur ...) + NOT-FOR-US: Check Point +CVE-2021-30359 (The Harmony Browse and the SandBlast Agent for Browsers installers mus ...) + NOT-FOR-US: Harmony Browse and the SandBlast Agent for Browsers installers +CVE-2021-30358 (Mobile Access Portal Native Applications who's path is defined by the ...) + NOT-FOR-US: Mobile Access Portal Native Applications +CVE-2021-30357 (SSL Network Extender Client for Linux before build 800008302 reveals p ...) + NOT-FOR-US: SSL Network Extender Client +CVE-2021-30356 (A denial of service vulnerability was reported in Check Point Identity ...) + NOT-FOR-US: Check Point Identity Agent +CVE-2021-30355 (Amazon Kindle e-reader prior to and including version 5.13.4 improperl ...) + NOT-FOR-US: Amazon Kindle e-reader +CVE-2021-30354 (Amazon Kindle e-reader prior to and including version 5.13.4 contains ...) + NOT-FOR-US: Amazon Kindle e-reader +CVE-2021-30353 (Improper validation of function pointer type with actual function sign ...) + NOT-FOR-US: Qualcomm +CVE-2021-30352 + RESERVED +CVE-2021-30351 (An out of bound memory access can occur due to improper validation of ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30350 + RESERVED +CVE-2021-30349 + RESERVED +CVE-2021-30348 (Improper validation of LLM utility timers availability can lead to den ...) + NOT-FOR-US: Qualcomm +CVE-2021-30347 + RESERVED +CVE-2021-30346 + RESERVED +CVE-2021-30345 + RESERVED +CVE-2021-30344 + RESERVED +CVE-2021-30343 + RESERVED +CVE-2021-30342 + RESERVED +CVE-2021-30341 + RESERVED +CVE-2021-30340 + RESERVED +CVE-2021-30339 + RESERVED +CVE-2021-30338 + RESERVED +CVE-2021-30337 (Possible use after free when process shell memory is freed using IOCTL ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30336 (Possible out of bound read due to lack of domain input validation whil ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30335 (Possible assertion in QOS request due to improper validation when mult ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30334 + RESERVED +CVE-2021-30333 + RESERVED +CVE-2021-30332 + RESERVED +CVE-2021-30331 + RESERVED +CVE-2021-30330 (Possible null pointer dereference due to improper validation of APE cl ...) + NOT-FOR-US: Qualcomm +CVE-2021-30329 + RESERVED +CVE-2021-30328 + RESERVED +CVE-2021-30327 + RESERVED +CVE-2021-30326 (Possible assertion due to improper size validation while processing th ...) + NOT-FOR-US: Qualcomm +CVE-2021-30325 (Possible out of bound access of DCI resources due to lack of validatio ...) + NOT-FOR-US: Qualcomm +CVE-2021-30324 (Possible out of bound write due to lack of boundary check for the maxi ...) + NOT-FOR-US: Qualcomm +CVE-2021-30323 (Improper validation of maximum size of data write to EFS file can lead ...) + NOT-FOR-US: Qualcomm +CVE-2021-30322 (Possible out of bounds write due to improper validation of number of G ...) + NOT-FOR-US: Qualcomm +CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check during ...) + NOT-FOR-US: Snapdragon +CVE-2021-30320 + RESERVED +CVE-2021-30319 (Possible integer overflow due to improper validation of command length ...) + NOT-FOR-US: Qualcomm +CVE-2021-30318 (Improper validation of input when provisioning the HDCP key can lead t ...) + NOT-FOR-US: Qualcomm +CVE-2021-30317 (Improper validation of program headers containing ELF metadata can lea ...) + NOT-FOR-US: Qualcomm +CVE-2021-30316 (Possible out of bound memory access due to improper boundary check whi ...) + NOT-FOR-US: Snapdragon +CVE-2021-30315 (Improper handling of sensor HAL structure in absence of sensor can lea ...) + NOT-FOR-US: Snapdragon +CVE-2021-30314 (Lack of validation for third party application accessing the service c ...) + NOT-FOR-US: Qualcomm +CVE-2021-30313 (Use after free condition can occur in wired connectivity due to a race ...) + NOT-FOR-US: Qualcomm +CVE-2021-30312 (Improper authentication of sub-frames of a multicast AMSDU frame can l ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30311 (Possible heap overflow due to lack of index validation before allocati ...) + NOT-FOR-US: Qualcomm +CVE-2021-30310 (Possible buffer overflow due to Improper validation of received CF-ACK ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30309 (Improper size validation of QXDM commands can lead to memory corruptio ...) + NOT-FOR-US: Qualcomm +CVE-2021-30308 (Possible buffer overflow while printing the HARQ memory partition deta ...) + NOT-FOR-US: Qualcomm +CVE-2021-30307 (Possible denial of service due to improper validation of DNS response ...) + NOT-FOR-US: Qualcomm +CVE-2021-30306 (Possible buffer over read due to improper buffer allocation for file l ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30305 (Possible out of bound access due to lack of validation of page offset ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30304 (Possible buffer out of bound read can occur due to improper validation ...) + NOT-FOR-US: Snapdragon +CVE-2021-30303 (Possible buffer overflow due to lack of buffer length check when segme ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30302 (Improper authentication of EAP WAPI EAPOL frames from unauthenticated ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30301 (Possible denial of service due to out of memory while processing RRC a ...) + NOT-FOR-US: Qualcomm +CVE-2021-30300 (Possible denial of service due to incorrectly decoding hex data for th ...) + NOT-FOR-US: Qualcomm +CVE-2021-30299 + RESERVED +CVE-2021-30298 (Possible out of bound access due to improper validation of item size a ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30297 (Possible out of bound read due to improper validation of packet length ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30296 + RESERVED +CVE-2021-30295 (Possible heap overflow due to improper validation of local variable wh ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30294 (Potential null pointer dereference in KGSL GPU auxiliary command due t ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30293 (Possible assertion due to lack of input validation in PUSCH configurat ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30292 (Possible memory corruption due to lack of validation of client data us ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30291 (Possible memory corruption due to lack of validation of client data us ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30290 (Possible null pointer dereference due to race condition between timeli ...) + NOT-FOR-US: Snapdragon +CVE-2021-30289 (Possible buffer overflow due to lack of range check while processing a ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30288 (Possible stack overflow due to improper length check of TLV while copy ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30287 (Possible assertion due to improper validation of symbols configured fo ...) + NOT-FOR-US: Qualcomm +CVE-2021-30286 + RESERVED +CVE-2021-30285 (Improper validation of memory region in Hypervisor can lead to incorre ...) + NOT-FOR-US: Qualcomm +CVE-2021-30284 (Possible information exposure and denial of service due to NAS not dro ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30283 (Possible denial of service due to improper handling of debug register ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30282 (Possible out of bound write in RAM partition table due to improper val ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30281 + RESERVED +CVE-2021-30280 + RESERVED +CVE-2021-30279 (Possible access control violation while setting current permission for ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30278 (Improper input validation in TrustZone memory transfer interface can l ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30277 + RESERVED +CVE-2021-30276 (Improper access control while doing XPU re-configuration dynamically c ...) + NOT-FOR-US: Android +CVE-2021-30275 (Possible integer overflow in page alignment interface due to lack of a ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30274 (Possible integer overflow in access control initialization interface d ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30273 (Possible assertion due to improper handling of IPV6 packet with invali ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30272 (Possible null pointer dereference in thread cache operation handler du ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30271 (Possible null pointer dereference in trap handler due to lack of threa ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30270 (Possible null pointer dereference in thread profile trap handler due t ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30269 (Possible null pointer dereference due to lack of TLB validation for us ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30268 (Possible heap Memory Corruption Issue due to lack of input validation ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30267 (Possible integer overflow to buffer overflow due to improper input val ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30266 (Possible use after free due to improper memory validation when initial ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30265 (Possible memory corruption due to improper validation of memory addres ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30264 (Possible use after free due improper validation of reference from call ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30263 (Possible race condition can occur due to lack of synchronization mecha ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30262 (Improper validation of a socket state when socket events are being sen ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30261 (Possible integer and heap overflow due to lack of input command size v ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30260 (Possible Integer overflow to buffer overflow issue can occur due to im ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30259 (Possible out of bound access due to improper validation of function ta ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30258 (Possible buffer overflow due to improper size calculation of payload r ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30257 (Possible out of bound read or write in VR service due to lack of valid ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30256 (Possible stack overflow due to improper validation of camera name leng ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30255 (Possible buffer overflow due to improper input validation in PDM DIAG ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30254 (Possible buffer overflow due to improper input validation in factory c ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30253 + RESERVED +CVE-2021-30252 + RESERVED +CVE-2021-30251 + RESERVED +CVE-2021-30250 + RESERVED +CVE-2021-30249 + RESERVED +CVE-2021-30248 + RESERVED +CVE-2021-30247 + RESERVED +CVE-2021-30246 (In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA ...) + NOT-FOR-US: Node jsrasign +CVE-2021-30245 (The project received a report that all versions of Apache OpenOffice t ...) + NOT-FOR-US: Apache OpenOffice, equivalent to CVE-2021-25631 +CVE-2021-3485 (An Improper Input Validation vulnerability in the Product Update featu ...) + NOT-FOR-US: Bitdefender +CVE-2021-30244 + RESERVED +CVE-2021-30243 + RESERVED +CVE-2021-30242 + RESERVED +CVE-2021-30241 + RESERVED +CVE-2021-30240 + RESERVED +CVE-2021-30239 + RESERVED +CVE-2021-30238 + RESERVED +CVE-2021-30237 + RESERVED +CVE-2021-30236 + RESERVED +CVE-2021-30235 + RESERVED +CVE-2021-30234 (The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30233 (The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 r ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30232 (The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF- ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30231 (The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 rou ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30230 (The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30229 (The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30228 (The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao W ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30227 (Cross Site Scripting (XSS) vulnerability in the article comments featu ...) + NOT-FOR-US: emlog +CVE-2021-30226 + RESERVED +CVE-2021-30225 + RESERVED +CVE-2021-30224 (Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attacke ...) + NOT-FOR-US: Rukovoditel +CVE-2021-30223 + RESERVED +CVE-2021-30222 + RESERVED +CVE-2021-30221 + RESERVED +CVE-2021-30220 + RESERVED +CVE-2021-30219 (samurai 1.2 has a NULL pointer dereference in printstatus() function i ...) + NOT-FOR-US: samurai +CVE-2021-30218 (samurai 1.2 has a NULL pointer dereference in writefile() in util.c vi ...) + NOT-FOR-US: samurai +CVE-2021-30217 + RESERVED +CVE-2021-30216 + REJECTED +CVE-2021-30215 + RESERVED +CVE-2021-30214 (Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injecti ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30213 (Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-sit ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30212 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30211 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30210 + RESERVED +CVE-2021-30209 (Textpattern V4.8.4 contains an arbitrary file upload vulnerability whe ...) + NOT-FOR-US: Textpattern CMS +CVE-2021-30208 + RESERVED +CVE-2021-30207 + RESERVED +CVE-2021-30206 + RESERVED +CVE-2021-30205 + RESERVED +CVE-2021-30204 + RESERVED +CVE-2021-30203 + RESERVED +CVE-2021-30202 + RESERVED +CVE-2021-30201 (An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6. ...) + NOT-FOR-US: Kaseya +CVE-2021-30200 + RESERVED +CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Derefe ...) + - gpac 1.0.1+dfsg1-4 (bug #987323) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/b2db2f99b4c30f96e17b9a14537c776da6cb5dca + NOTE: https://github.com/gpac/gpac/issues/1728 +CVE-2021-30198 + RESERVED +CVE-2021-30197 + RESERVED +CVE-2021-30196 + RESERVED +CVE-2021-30195 (CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validatio ...) + NOT-FOR-US: CODESYS +CVE-2021-30194 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. ...) + NOT-FOR-US: CODESYS +CVE-2021-30193 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. ...) + NOT-FOR-US: CODESYS +CVE-2021-30192 (CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Se ...) + NOT-FOR-US: CODESYS +CVE-2021-30191 (CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Chec ...) + NOT-FOR-US: CODESYS +CVE-2021-30190 (CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. ...) + NOT-FOR-US: CODESYS +CVE-2021-30189 (CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflo ...) + NOT-FOR-US: CODESYS +CVE-2021-30188 (CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer ...) + NOT-FOR-US: CODESYS +CVE-2021-30187 (CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralizati ...) + NOT-FOR-US: CODESYS +CVE-2021-30186 (CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer O ...) + NOT-FOR-US: CODESYS +CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host header in a ...) + NOT-FOR-US: CERN Indico +CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted ...) + - gnuchess <unfixed> (bug #986801) + [bullseye] - gnuchess <no-dsa> (Minor issue) + [buster] - gnuchess <no-dsa> (Minor issue) + [stretch] - gnuchess <postponed> (Minor issue in a game; can be fixed in next update) + NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html + NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html +CVE-2021-30183 (Cleartext storage of sensitive information in multiple versions of Oct ...) + NOT-FOR-US: Octopus Server +CVE-2021-30182 + RESERVED +CVE-2021-30181 (Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which wi ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-30180 (Apache Dubbo prior to 2.7.9 support Tag routing which will enable a cu ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-30179 (Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic call ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-3484 + RESERVED +CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This issue al ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.28-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915faf +CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. synic_get ...) + - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/919f4ebc598701670e80e31573a58f1f2d2bf918 +CVE-2021-30177 (There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User R ...) + NOT-FOR-US: PHP-Nuke +CVE-2021-30176 (The ZEROF Expert pro/2.0 application for mobile devices allows SQL Inj ...) + NOT-FOR-US: ZEROF Expert +CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /Handle ...) + NOT-FOR-US: ZEROF Web Server +CVE-2021-30174 (RiyaLab CloudISO event item is added, special characters in specific f ...) + NOT-FOR-US: RiyaLab CloudISO +CVE-2021-30173 (Local File Inclusion vulnerability of the omni-directional communicati ...) + NOT-FOR-US: omni-directional communication system +CVE-2021-30172 (Special characters of picture preview page in the Quan-Fang-Wei-Tong-X ...) + NOT-FOR-US: Quan-Fang-Wei-Tong-Xun system +CVE-2021-30171 (Special characters of ERP POS news page are not filtered in users̵ ...) + NOT-FOR-US: ERP POS +CVE-2021-30170 (Special characters of ERP POS customer profile page are not filtered i ...) + NOT-FOR-US: ERP POS +CVE-2021-30169 (The sensitive information of webcam device is not properly protected. ...) + NOT-FOR-US: LILIN +CVE-2021-30168 (The sensitive information of webcam device is not properly protected. ...) + NOT-FOR-US: LILIN +CVE-2021-30167 (The manage users profile services of the network camera device allows ...) + NOT-FOR-US: LILIN +CVE-2021-30166 (The NTP Server configuration function of the IP camera device is not v ...) + NOT-FOR-US: LILIN +CVE-2021-30165 (The default administrator account & password of the EDIMAX wireles ...) + NOT-FOR-US: EDIMAX +CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...) + {DLA-2658-1} + - redmine <unfixed> (bug #986800) + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/19975 +CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...) + {DLA-2658-1} + - redmine <unfixed> (bug #986800) + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20819 +CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...) + NOT-FOR-US: LG mobile devices +CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) + NOT-FOR-US: LG mobile devices +CVE-2021-26948 + RESERVED + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/410 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2 + NOTE: Crash in CLI tool, no security impact +CVE-2021-26259 + RESERVED + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/417 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5 + NOTE: Crash in CLI tool, no security impact +CVE-2021-26252 + RESERVED + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/412 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc + NOTE: Crash in CLI tool, no security impact +CVE-2021-23206 + RESERVED + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/416 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8 + NOTE: Crash in CLI tool, no security impact +CVE-2021-23191 + RESERVED + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/415 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc + NOTE: Crash in CLI tool, no security impact +CVE-2021-23180 + RESERVED + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/418 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a + NOTE: Crash in CLI tool, no security impact +CVE-2021-23165 + RESERVED + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/413 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f +CVE-2021-23158 + RESERVED + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/414 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc + NOTE: Crash in CLI tool, no security impact +CVE-2021-30160 + RESERVED +CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + {DSA-4889-1 DLA-2648-1} + - mediawiki 1:1.35.2-1 + NOTE: https://phabricator.wikimedia.org/T272386 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html +CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + {DSA-4889-1 DLA-2648-1} + - mediawiki 1:1.35.2-1 + NOTE: https://phabricator.wikimedia.org/T277009 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/670546 +CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + {DSA-4889-1} + - mediawiki 1:1.35.2-1 + [stretch] - mediawiki <not-affected> (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T278058 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674085 +CVE-2021-30156 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + - mediawiki <not-affected> (Not a security issue on release branches, only affected master) + NOTE: https://phabricator.wikimedia.org/T276306 + NOTE: CVE description is wrong +CVE-2021-30155 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + {DSA-4889-1 DLA-2648-1} + - mediawiki 1:1.35.2-1 + NOTE: https://phabricator.wikimedia.org/T270988 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html +CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + {DSA-4889-1} + - mediawiki 1:1.35.2-1 + [stretch] - mediawiki <not-affected> (Vulnerable code introduced later) + NOTE: https://phabricator.wikimedia.org/T278014 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674083/ +CVE-2021-30153 + RESERVED + - mediawiki 1:1.35.2-1 + [buster] - mediawiki <not-affected> (Vulnerable code not present) + [stretch] - mediawiki <not-affected> (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T270453 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html +CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through ...) + {DSA-4889-1 DLA-2648-1} + - mediawiki 1:1.35.2-1 + NOTE: https://phabricator.wikimedia.org/T270713 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html +CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...) + - ruby-sidekiq <unfixed> (bug #987354) + [bullseye] - ruby-sidekiq <no-dsa> (Minor issue) + [buster] - ruby-sidekiq <no-dsa> (Minor issue) + [stretch] - ruby-sidekiq <no-dsa> (Minor issue) + NOTE: https://github.com/mperham/sidekiq/issues/4852 + NOTE: https://github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8 +CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...) + NOT-FOR-US: Composr +CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...) + NOT-FOR-US: Composr +CVE-2021-30148 + RESERVED +CVE-2021-30147 (DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as addi ...) + NOT-FOR-US: DMA Softlab Radius Manager +CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library f ...) + - seafile-client <unfixed> (bug #987282) + [bullseye] - seafile-client <no-dsa> (Minor issue) + [buster] - seafile-client <no-dsa> (Minor issue) + NOTE: https://github.com/Security-AVS/CVE-2021-30146 +CVE-2021-30145 (A format string vulnerability in mpv through 0.33.0 allows user-assist ...) + - mpv 0.32.0-3 (bug #986839) + [buster] - mpv <no-dsa> (Minor issue) + [stretch] - mpv <postponed> (Minor issue; can be fixed in next update) + NOTE: https://github.com/mpv-player/mpv/commit/cb3fa04bcb2ba9e0d25788480359157208c13e0b +CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...) + NOT-FOR-US: GLPI plugin +CVE-2021-30143 + RESERVED +CVE-2021-30142 + RESERVED +CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...) + NOT-FOR-US: Friendica +CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" functionali ...) + NOT-FOR-US: LiquidFiles +CVE-2021-30139 (In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a b ...) + NOT-FOR-US: Alpine Linux apk-tools +CVE-2021-30138 + REJECTED +CVE-2021-30137 (Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarsha ...) + NOT-FOR-US: Axios Assyst +CVE-2021-30136 + RESERVED +CVE-2021-30135 + RESERVED +CVE-2021-30134 + RESERVED +CVE-2021-30133 (A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, C ...) + NOT-FOR-US: CloverDX +CVE-2021-30132 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...) + NOT-FOR-US: Cloudera Manager +CVE-2021-30131 + RESERVED +CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...) + - phpseclib 1.0.19-3 + [stretch] - phpseclib <not-affected> (Only affects 3.x branch) + - php-phpseclib 2.0.30-2 + [stretch] - php-phpseclib <not-affected> (Only affects 3.x branch) + - php-phpseclib3 3.0.7-1 + NOTE: https://github.com/phpseclib/phpseclib/pull/1635#issuecomment-826994890 + NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/cc32cd2e95b18a0c0118bbf1928327675c9e64a9 (v3.0 / RSA::SIGNATURE_RELAXED_PKCS1) + NOTE: According to upstream, 1.x and 2.x are not vulnerable, the fix on these branches only backports more exhaustive PKCS#1 v1.5 support (functional change) + NOTE: According to upstream, 1.x and 2.x have the problem described as "incompatibility issue in phpseclib v1, v2, v3 (strict mode)'s RSA PKCS#1 v1.5 + NOTE: signature verification suffering from rejecting valid signatures whose encoded message uses implicit hash algorithm's NULL parameter." but + NOTE: this is not considered as a security problem. +CVE-2021-30129 (A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to ...) + NOT-FOR-US: Apache Mina SSHD +CVE-2021-30128 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version ...) + NOT-FOR-US: Apache OFBiz +CVE-2021-30127 (TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the adm ...) + NOT-FOR-US: Terramaster +CVE-2021-30126 (Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyon ...) + NOT-FOR-US: Lightmeter ControlCenter +CVE-2021-30125 (Jamf Pro before 10.28.0 allows XSS related to inventory history, aka P ...) + NOT-FOR-US: Jamf Pro +CVE-2021-30124 (The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1 ...) + NOT-FOR-US: vscode-phpmd (aka PHP Mess Detector) extension for Visual Studio Code +CVE-2021-30123 (FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec ...) + - ffmpeg <not-affected> (Only affects 4.4 development branches) + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f + NOTE: https://trac.ffmpeg.org/ticket/8845 + NOTE: https://trac.ffmpeg.org/ticket/8863 + NOTE: CVE description is wrong, this landed in 4.4 only + NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 +CVE-2021-30122 + RESERVED +CVE-2021-30121 (Authenticated local file inclusion in Kaseya VSA < v9.5.6 ...) + NOT-FOR-US: Kaseya +CVE-2021-30120 (Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requiremen ...) + NOT-FOR-US: Kaseya +CVE-2021-30119 (Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7. ...) + NOT-FOR-US: Kaseya +CVE-2021-30118 (Kaseya VSA before 9.5.5 allows remote code execution. ...) + NOT-FOR-US: Kaseya +CVE-2021-30117 (SQL injection exists in Kaseya VSA before 9.5.6. ...) + NOT-FOR-US: Kaseya +CVE-2021-30116 (Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in ...) + NOT-FOR-US: Kaseya +CVE-2021-30115 + RESERVED +CVE-2021-30114 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...) + NOT-FOR-US: Web-School ERP +CVE-2021-30113 (A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Even ...) + NOT-FOR-US: Web-School ERP +CVE-2021-30112 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...) + NOT-FOR-US: Web-School ERP +CVE-2021-30111 (A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Eve ...) + NOT-FOR-US: Web-School ERP +CVE-2021-30110 (dttray.exe in Greyware Automation Products Inc Domain Time II before 5 ...) + NOT-FOR-US: Greyware +CVE-2021-30109 (Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under c ...) + NOT-FOR-US: Froala Editor +CVE-2021-30108 (Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vu ...) + NOT-FOR-US: Feehi CMS +CVE-2021-30107 + RESERVED +CVE-2021-30106 + RESERVED +CVE-2021-30105 + RESERVED +CVE-2021-30104 + RESERVED +CVE-2021-30103 + RESERVED +CVE-2021-30102 + RESERVED +CVE-2021-30101 + RESERVED +CVE-2021-30100 + RESERVED +CVE-2021-30099 + RESERVED +CVE-2021-30098 + RESERVED +CVE-2021-30097 + RESERVED +CVE-2021-30096 + RESERVED +CVE-2021-30095 + RESERVED +CVE-2021-30094 + RESERVED +CVE-2021-30093 + RESERVED +CVE-2021-30092 + RESERVED +CVE-2021-30091 + RESERVED +CVE-2021-30090 + RESERVED +CVE-2021-30089 + RESERVED +CVE-2021-30088 + RESERVED +CVE-2021-30087 + RESERVED +CVE-2021-30086 (Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese ...) + NOT-FOR-US: KindEditor +CVE-2021-30085 + RESERVED +CVE-2021-30084 + RESERVED +CVE-2021-30083 (An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vuln ...) + NOT-FOR-US: Mediat +CVE-2021-30082 (An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vu ...) + NOT-FOR-US: Gris CMS +CVE-2021-30081 (An issue was discovered in emlog 6.0.0stable. There is a SQL Injection ...) + NOT-FOR-US: emlog +CVE-2021-30080 + RESERVED +CVE-2021-30079 + RESERVED +CVE-2021-30078 + RESERVED +CVE-2021-30077 + RESERVED +CVE-2021-30076 + RESERVED +CVE-2021-30075 + RESERVED +CVE-2021-30074 (docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the s ...) + NOT-FOR-US: docsify +CVE-2021-30073 + RESERVED +CVE-2021-30072 (An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. ...) + NOT-FOR-US: D-Link +CVE-2021-30071 + RESERVED +CVE-2021-30070 + RESERVED +CVE-2021-30069 + RESERVED +CVE-2021-30068 + RESERVED +CVE-2021-30067 + RESERVED +CVE-2021-30066 + RESERVED +CVE-2021-30065 + RESERVED +CVE-2021-30064 + RESERVED +CVE-2021-30063 + RESERVED +CVE-2021-30062 + RESERVED +CVE-2021-30061 + RESERVED +CVE-2021-30060 + RESERVED +CVE-2021-30059 + RESERVED +CVE-2021-30058 (Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30057 (A stored HTML injection vulnerability exists in Knowage Suite version ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30056 (Knowage Suite before 7.4 is vulnerable to reflected cross-site scripti ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30055 (A SQL injection vulnerability in Knowage Suite version 7.1 exists in t ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30054 + RESERVED +CVE-2021-30053 + RESERVED +CVE-2021-30052 + RESERVED +CVE-2021-30051 + RESERVED +CVE-2021-30050 + RESERVED +CVE-2021-30049 (SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /Ke ...) + NOT-FOR-US: SysAid +CVE-2021-30048 (Directory Traversal in the fileDownload function in com/java2nb/common ...) + NOT-FOR-US: Novel-plus +CVE-2021-30047 + RESERVED +CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...) + NOT-FOR-US: VIGRA Computer Vision Library +CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...) + NOT-FOR-US: SerenityOS +CVE-2021-30044 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or ...) + NOT-FOR-US: Remote Clinic +CVE-2021-30043 + RESERVED +CVE-2021-30042 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name" ...) + NOT-FOR-US: Remote Clinic +CVE-2021-30041 + RESERVED +CVE-2021-30040 + RESERVED +CVE-2021-30039 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "B ...) + NOT-FOR-US: Remote Clinic +CVE-2021-30038 + RESERVED +CVE-2021-30037 + RESERVED +CVE-2021-30036 + RESERVED +CVE-2021-30035 + RESERVED +CVE-2021-30034 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons fiel ...) + NOT-FOR-US: Remote Clinic +CVE-2021-30033 + RESERVED +CVE-2021-30032 + RESERVED +CVE-2021-30031 + REJECTED +CVE-2021-30030 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name fie ...) + NOT-FOR-US: Remote Clinic +CVE-2021-30029 + RESERVED +CVE-2021-30028 + RESERVED +CVE-2021-30027 (md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger us ...) + - md4c 0.4.7-2 (bug #987799) + NOTE: https://github.com/mity/md4c/issues/155 + NOTE: https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19 +CVE-2021-30026 + RESERVED +CVE-2021-30025 + RESERVED +CVE-2021-30024 + RESERVED +CVE-2021-30023 + RESERVED +CVE-2021-30022 (There is a integer overflow in media_tools/av_parsers.c in the gf_avc_ ...) + - gpac 1.0.1+dfsg1-4 (bug #987323) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 + NOTE: https://github.com/gpac/gpac/issues/1720 +CVE-2021-30021 + RESERVED +CVE-2021-30020 (In the function gf_hevc_read_pps_bs_internal function in media_tools/a ...) + - gpac 1.0.1+dfsg1-4 (bug #987323) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 + NOTE: https://github.com/gpac/gpac/issues/1722 +CVE-2021-30019 (In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0 ...) + - gpac 1.0.1+dfsg1-4 (bug #987323) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/22774aa9e62f586319c8f107f5bae950fed900bc + NOTE: https://github.com/gpac/gpac/issues/1723 +CVE-2021-30018 + RESERVED +CVE-2021-30017 + RESERVED +CVE-2021-30016 + RESERVED +CVE-2021-30015 (There is a Null Pointer Dereference in function filter_core/filter_pck ...) + - gpac 1.0.1+dfsg1-4 (bug #987323) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/13dad7d5ef74ca2e6fe4010f5b03eb12e9bbe0ec + NOTE: https://github.com/gpac/gpac/issues/1719 +CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the hevc_pa ...) + - gpac 1.0.1+dfsg1-4 (bug #987323) + [buster] - gpac <no-dsa> (Minor issue) + [stretch] - gpac <no-dsa> (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor <no-dsa> (Minor issue) + [buster] - ccextractor <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 + NOTE: https://github.com/gpac/gpac/issues/1721 +CVE-2021-30013 + RESERVED +CVE-2021-30012 + RESERVED +CVE-2021-30011 + RESERVED +CVE-2021-30010 + RESERVED +CVE-2021-30009 + RESERVED +CVE-2021-30008 + RESERVED +CVE-2021-30007 + RESERVED +CVE-2021-30006 (In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to informa ...) + - intellij-idea <itp> (bug #747616) +CVE-2021-30005 (In JetBrains PyCharm before 2020.3.4, local code execution was possibl ...) + NOT-FOR-US: JetBrains +CVE-2021-30004 (In wpa_supplicant and hostapd 2.9, forging attacks may occur because A ...) + - wpa <unfixed> (unimportant) + NOTE: https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15 + NOTE: Issue only affects the "internal" TLS implementation (CONFIG_TLS=internal) + NOTE: but Debian builds with CONFIG_TLS=openssl +CVE-2021-30003 (An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. Ther ...) + NOT-FOR-US: Nokia G-120W-F 3FE46606AGAB91 devices +CVE-2021-30001 + RESERVED +CVE-2021-30000 (An issue was discovered in LATRIX 0.6.0. SQL injection in the txtacces ...) + NOT-FOR-US: LATRIX +CVE-2021-29999 (An issue was discovered in Wind River VxWorks through 6.8. There is a ...) + NOT-FOR-US: Wind River VxWorks +CVE-2021-29998 (An issue was discovered in Wind River VxWorks before 6.5. There is a p ...) + NOT-FOR-US: Wind River VxWorks +CVE-2021-29997 (An issue was discovered in Wind River VxWorks 7 before 21.03. A specia ...) + NOT-FOR-US: Helix ALM +CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command execution. ...) + NOT-FOR-US: marktext +CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in CloverD ...) + NOT-FOR-US: CloverDX +CVE-2021-29994 (Cloudera Hue 4.6.0 allows XSS. ...) + NOT-FOR-US: Cloudera Hue +CVE-2021-29993 (Firefox for Android allowed navigations through the `intent://` protoc ...) + - firefox <not-affected> (Specific to Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-29993 +CVE-2021-29992 + RESERVED +CVE-2021-29991 (Firefox incorrectly accepted a newline in a HTTP/3 header, interpretti ...) + - firefox 91.0.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/#CVE-2021-29991 +CVE-2021-29990 (Mozilla developers and community members reported memory safety bugs p ...) + - firefox 91.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29990 +CVE-2021-29989 (Mozilla developers reported memory safety bugs present in Firefox 90 a ...) + {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} + - firefox 91.0-1 + - firefox-esr 78.13.0esr-1 + - thunderbird 1:78.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29989 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29989 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29989 +CVE-2021-29988 (Firefox incorrectly treated an inline list-item element as a block ele ...) + {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} + - firefox 91.0-1 + - firefox-esr 78.13.0esr-1 + - thunderbird 1:78.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29988 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29988 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29988 +CVE-2021-29987 (After requesting multiple permissions, and closing the first permissio ...) + - firefox 91.0-1 + - thunderbird <not-affected> (Thunderbird 78.x not affected, only TB91) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29987 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29987 +CVE-2021-29986 (A suspected race condition when calling getaddrinfo led to memory corr ...) + {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} + - firefox 91.0-1 + - firefox-esr 78.13.0esr-1 + - thunderbird 1:78.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29986 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29986 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29986 +CVE-2021-29985 (A use-after-free vulnerability in media channels could have led to mem ...) + {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} + - firefox 91.0-1 + - firefox-esr 78.13.0esr-1 + - thunderbird 1:78.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29985 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29985 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29985 +CVE-2021-29984 (Instruction reordering resulted in a sequence of instructions that wou ...) + {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} + - firefox 91.0-1 + - firefox-esr 78.13.0esr-1 + - thunderbird 1:78.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29984 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29984 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29984 +CVE-2021-29983 (Firefox for Android could get stuck in fullscreen mode and not exit it ...) + - firefox <not-affected> (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29983 +CVE-2021-29982 (Due to incorrect JIT optimization, we incorrectly interpreted data fro ...) + - firefox 91.0-1 + - thunderbird <not-affected> (Thunderbird 78.x not affected, only TB91) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29982 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29982 +CVE-2021-29981 (An issue present in lowering/register allocation could have led to obs ...) + - firefox 91.0-1 + - thunderbird <not-affected> (Thunderbird 78.x not affected, only TB91) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29981 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29981 +CVE-2021-29980 (Uninitialized memory in a canvas object could have caused an incorrect ...) + {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} + - firefox 91.0-1 + - firefox-esr 78.13.0esr-1 + - thunderbird 1:78.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29980 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29980 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29980 +CVE-2021-29979 (Hubs Cloud allows users to download shared content, specifically HTML ...) + NOT-FOR-US: Hubs Cloud +CVE-2021-29978 (Multiple low security issues were discovered and fixed in a security a ...) + NOT-FOR-US: Mozilla VPN +CVE-2021-29977 (Mozilla developers reported memory safety bugs present in Firefox 89. ...) + - firefox 90.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29977 +CVE-2021-29976 (Mozilla developers reported memory safety bugs present in code shared ...) + {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1} + - firefox 90.0-1 + - firefox-esr 78.12.0esr-1 + - thunderbird 1:78.12.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29976 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29976 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29976 +CVE-2021-29975 (Through a series of DOM manipulations, a message, over which the attac ...) + - firefox 90.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29975 +CVE-2021-29974 (When network partitioning was enabled, e.g. as a result of Enhanced Tr ...) + - firefox 90.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29974 +CVE-2021-29973 (Password autofill was enabled without user interaction on insecure web ...) + - firefox <not-affected> (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29973 +CVE-2021-29972 (A use-after-free vulnerability was found via testing, and traced to an ...) + - firefox 90.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29972 +CVE-2021-29971 (If a user had granted a permission to a webpage and saved that grant, ...) + - firefox <not-affected> (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29971 +CVE-2021-29970 (A malicious webpage could have triggered a use-after-free, memory corr ...) + {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1} + - firefox 90.0-1 + - firefox-esr 78.12.0esr-1 + - thunderbird 1:78.12.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29970 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29970 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29970 +CVE-2021-29969 (If Thunderbird was configured to use STARTTLS for an IMAP connection, ...) + {DSA-4940-1 DLA-2711-1} + - thunderbird 1:78.12.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29969 +CVE-2021-29968 (When drawing text onto a canvas with WebRender disabled, an out of bou ...) + - firefox <not-affected> (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-27/#CVE-2021-29968 +CVE-2021-29967 (Mozilla developers reported memory safety bugs present in Firefox 88 a ...) + {DSA-4927-1 DSA-4925-1 DLA-2679-1 DLA-2673-1} + - firefox-esr 78.11.0esr-1 + - firefox 89.0-1 + - thunderbird 1:78.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29967 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29967 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29967 +CVE-2021-29966 (Mozilla developers reported memory safety bugs present in Firefox 88. ...) + - firefox 89.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29966 +CVE-2021-29965 (A malicious website that causes an HTTP Authentication dialog to be sp ...) + - firefox <not-affected> (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29965 +CVE-2021-29964 (A locally-installed hostile program could send `WM_COPYDATA` messages ...) + - firefox-esr <not-affected> (Only affects Windows) + - firefox <not-affected> (Only affects Windows) + - thunderbird <not-affected> (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29964 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29964 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29964 +CVE-2021-29963 (Address bar search suggestions in private browsing mode were re-using ...) + - firefox <not-affected> (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29963 +CVE-2021-29962 (Firefox for Android would become unstable and hard-to-recover when a w ...) + - firefox <not-affected> (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29962 +CVE-2021-29961 (When styling and rendering an oversized `<select>` element, Fire ...) + - firefox 89.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29961 +CVE-2021-29960 (Firefox used to cache the last filename used for printing a file. When ...) + - firefox 89.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29960 +CVE-2021-29959 (When a user has already allowed a website to access microphone and cam ...) + - firefox 89.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29959 +CVE-2021-29958 (When a download was initiated, the client did not check whether it was ...) + - firefox <not-affected> (Only affects Firefox for iOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29958 +CVE-2021-29957 (If a MIME encoded email contains an OpenPGP inline signed or encrypted ...) + {DSA-4927-1 DLA-2679-1} + - thunderbird 1:78.10.2-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29957 +CVE-2021-29956 (OpenPGP secret keys that were imported using Thunderbird version 78.8. ...) + {DSA-4927-1 DLA-2679-1} + - thunderbird 1:78.10.2-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29956 +CVE-2021-29955 (A transient execution vulnerability, named Floating Point Value Inject ...) + {DSA-4874-1 DLA-2607-1} + - firefox 87.0-1 + - firefox-esr 78.9.0esr-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-29955 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-29955 +CVE-2021-29954 (Proxy functionality built into Hubs Cloud’s Reticulum software a ...) + NOT-FOR-US: Hubs Cloud +CVE-2021-29953 (A malicious webpage could have forced a Firefox for Android user into ...) + - firefox <not-affected> (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/#CVE-2021-29953 +CVE-2021-29952 (When Web Render components were destructed, a race condition could hav ...) + - firefox 88.0.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/#CVE-2021-29952 +CVE-2021-29951 (The Mozilla Maintenance Service granted SERVICE_START access to BUILTI ...) + - firefox-esr <not-affected> (Only affects Windows) + - thunderbird <not-affected> (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-18/#CVE-2021-29951 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-19/#CVE-2021-29951 +CVE-2021-29950 (Thunderbird unprotects a secret OpenPGP key prior to using it for a de ...) + {DSA-4876-1 DLA-2609-1} + - thunderbird 1:78.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/#CVE-2021-29950 +CVE-2021-29949 (When loading the shared library that provides the OTR protocol impleme ...) + {DSA-4897-1 DLA-2632-1} + - thunderbird 1:78.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-29949 +CVE-2021-29948 (Signatures are written to disk before and read during verification, wh ...) + {DSA-4897-1 DLA-2632-1} + - thunderbird 1:78.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29948 +CVE-2021-29947 (Mozilla developers and community members reported memory safety bugs p ...) + - firefox 88.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29947 +CVE-2021-29946 (Ports that were written as an integer overflow above the bounds of a 1 ...) + {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} + - firefox 88.0-1 + - firefox-esr 78.10.0esr-1 + - thunderbird 1:78.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29946 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29946 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29946 +CVE-2021-29945 (The WebAssembly JIT could miscalculate the size of a return type, whic ...) + {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} + - firefox 88.0-1 + - firefox-esr 78.10.0esr-1 + - thunderbird 1:78.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29945 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29945 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29945 +CVE-2021-29944 (Lack of escaping allowed HTML injection when a webpage was viewed in R ...) + - firefox <not-affected> (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29944 +CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a webca ...) + {DLA-2689-1} + - linux 5.10.24-1 + [buster] - linux 4.19.181-1 + NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899 +CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. ...) + {DSA-4958-1 DLA-2750-1} + - exiv2 0.27.5-1 (bug #986888) + [bullseye] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/1522 + NOTE: https://github.com/Exiv2/exiv2/commit/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da + NOTE: https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a +CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file] + RESERVED + {DLA-2895-1 DLA-2885-1} + - qtsvg-opensource-src 5.15.2-3 (bug #986798) + [buster] - qtsvg-opensource-src <no-dsa> (Minor issue) + - qt4-x11 <removed> + [buster] - qt4-x11 <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1931444 + NOTE: https://bugreports.qt.io/browse/QTBUG-91507 + NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=bfd6ee0d8cf34b63d32adf10ed93daa0086b359f (qt/qtsvg/dev) + NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=0fa522904d65b73d48d5fadf690131e9ebb58d2a (qt/qtsvg/6.0) + NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=9f7ccbfc68d20d0dc2ddc1e7dee5572dcf7dcd48 (qt/qtsvg/6.1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668 + NOTE: https://codereview.qt-project.org/c/qt/qtsvg/+/337587 +CVE-2021-29943 (When using ConfigurableInternodeAuthHadoopPlugin for authentication, A ...) + - lucene-solr <not-affected> (Vulnerable functionality not yet present) +CVE-2021-29942 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...) + NOT-FOR-US: reorder crate +CVE-2021-29941 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...) + NOT-FOR-US: reorder crate +CVE-2021-29940 (An issue was discovered in the through crate through 2021-02-18 for Ru ...) + NOT-FOR-US: Rust crate through +CVE-2021-29939 (An issue was discovered in the stackvector crate through 2021-02-19 fo ...) + - rust-stackvector 1.0.6-3 (bug #986808) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0048.html +CVE-2021-29938 (An issue was discovered in the slice-deque crate through 2021-02-19 fo ...) + NOT-FOR-US: Rust crate slice-deque +CVE-2021-29937 (An issue was discovered in the telemetry crate through 2021-02-17 for ...) + NOT-FOR-US: Rust crate telemetry +CVE-2021-29936 (An issue was discovered in the adtensor crate through 2021-01-11 for R ...) + NOT-FOR-US: Rust crate adtensor +CVE-2021-29935 (An issue was discovered in the rocket crate before 0.4.7 for Rust. uri ...) + NOT-FOR-US: Rust crate rocket +CVE-2021-29934 (An issue was discovered in PartialReader in the uu_od crate before 0.0 ...) + NOT-FOR-US: Rust crate uu_od +CVE-2021-29933 (An issue was discovered in the insert_many crate through 2021-01-26 fo ...) + NOT-FOR-US: Rust crate insert_many +CVE-2021-29932 (An issue was discovered in the parse_duration crate through 2021-03-18 ...) + NOT-FOR-US: Rust crate parse_duration +CVE-2021-29931 (An issue was discovered in the arenavec crate through 2021-01-12 for R ...) + NOT-FOR-US: Rust crate arenavec +CVE-2021-29930 (An issue was discovered in the arenavec crate through 2021-01-12 for R ...) + NOT-FOR-US: Rust crate arenavec +CVE-2021-29929 (An issue was discovered in the endian_trait crate through 2021-01-04 f ...) + NOT-FOR-US: Rust crate endian_trait +CVE-2021-29928 + RESERVED +CVE-2021-29927 + RESERVED +CVE-2021-29926 + RESERVED +CVE-2021-29925 + RESERVED +CVE-2021-29924 + RESERVED +CVE-2021-29923 (Go before 1.17 does not properly consider extraneous zero characters a ...) + - golang-1.16 <unfixed> + - golang-1.15 <unfixed> + - golang-1.11 <removed> + - golang-1.8 <removed> + [stretch] - golang-1.8 <ignored> (Minor issue, IP-based access control failure in specific cases, upstream won't fix supported releases for backward compatibility) + - golang-1.7 <removed> + [stretch] - golang-1.7 <ignored> (Minor issue, IP-based access control failure in specific cases, upstream won't fix supported releases for backward compatibility) + NOTE: https://github.com/golang/go/issues/30999 + NOTE: https://github.com/golang/go/issues/43389 + NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-016.md + NOTE: https://go-review.googlesource.com/c/go/+/325829/ +CVE-2021-29922 (library/std/src/net/parser.rs in Rust before 1.53.0 does not properly ...) + - rustc 1.53.0+dfsg1-1 + [bullseye] - rustc <no-dsa> (Minor issue) + [buster] - rustc <no-dsa> (Minor issue) + [stretch] - rustc <ignored> (Minor issue. Patch can be backported, but risky.) + NOTE: https://github.com/rust-lang/rust/issues/83648 + NOTE: https://github.com/rust-lang/rust/pull/83652 + NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md + NOTE: https://github.com/rust-lang/rust/commit/974192cd98b3efca8e5cd293f641f561e7487b30 +CVE-2021-29921 (In Python before 3,9,5, the ipaddress library mishandles leading zero ...) + [experimental] - python3.9 3.9.5-1 + - python3.9 3.9.7-1 (bug #989195) + [bullseye] - python3.9 <no-dsa> (Minor issue) + NOTE: https://bugs.python.org/issue36384#msg392423 + NOTE: https://github.com/python/cpython/commit/60ce8f0be6354ad565393ab449d8de5d713f35bc (v3.10.0b1) + NOTE: https://github.com/python/cpython/commit/5374fbc31446364bf5f12e5ab88c5493c35eaf04 (v3.9.5) + NOTE: Introduced by: https://github.com/python/cpython/commit/e653d4d8e820a7a004ad399530af0135b45db27a (v3.8.0a4) +CVE-2021-29920 + RESERVED +CVE-2021-29919 + RESERVED +CVE-2021-29918 + RESERVED +CVE-2021-29917 + RESERVED +CVE-2021-29916 + RESERVED +CVE-2021-29915 + RESERVED +CVE-2021-29914 + RESERVED +CVE-2021-29913 + RESERVED +CVE-2021-29912 (IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site ...) + NOT-FOR-US: IBM +CVE-2021-29911 + RESERVED +CVE-2021-29910 + RESERVED +CVE-2021-29909 + RESERVED +CVE-2021-29908 (The IBM TS7700 Management Interface is vulnerable to unauthenticated a ...) + NOT-FOR-US: IBM +CVE-2021-29907 (IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated use ...) + NOT-FOR-US: IBM +CVE-2021-29906 (IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 ...) + NOT-FOR-US: IBM +CVE-2021-29905 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + NOT-FOR-US: IBM +CVE-2021-29904 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + NOT-FOR-US: IBM +CVE-2021-29903 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 i ...) + NOT-FOR-US: IBM +CVE-2021-29902 + RESERVED +CVE-2021-29901 + RESERVED +CVE-2021-29900 + RESERVED +CVE-2021-29899 + RESERVED +CVE-2021-29898 + RESERVED +CVE-2021-29897 + RESERVED +CVE-2021-29896 + RESERVED +CVE-2021-29895 + RESERVED +CVE-2021-29894 (IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0 ...) + NOT-FOR-US: IBM +CVE-2021-29893 + RESERVED +CVE-2021-29892 + RESERVED +CVE-2021-29891 + RESERVED +CVE-2021-29890 + RESERVED +CVE-2021-29889 + RESERVED +CVE-2021-29888 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...) + NOT-FOR-US: IBM +CVE-2021-29887 + RESERVED +CVE-2021-29886 + RESERVED +CVE-2021-29885 + RESERVED +CVE-2021-29884 + RESERVED +CVE-2021-29883 (IBM Standards Processing Engine (IBM Transformation Extender Advanced ...) + NOT-FOR-US: IBM +CVE-2021-29882 + RESERVED +CVE-2021-29881 + RESERVED +CVE-2021-29880 (IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or mult ...) + NOT-FOR-US: IBM +CVE-2021-29879 + RESERVED +CVE-2021-29878 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnera ...) + NOT-FOR-US: IBM +CVE-2021-29877 + RESERVED +CVE-2021-29876 + RESERVED +CVE-2021-29875 (IBM InfoSphere Information Server 11.7 could allow an attacker to obta ...) + NOT-FOR-US: IBM +CVE-2021-29874 + RESERVED +CVE-2021-29873 (IBM Flash System 900 could allow an authenticated attacker to obtain s ...) + NOT-FOR-US: IBM +CVE-2021-29872 (IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation S ...) + NOT-FOR-US: IBM +CVE-2021-29871 + RESERVED +CVE-2021-29870 + RESERVED +CVE-2021-29869 + RESERVED +CVE-2021-29868 (IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain s ...) + NOT-FOR-US: IBM +CVE-2021-29867 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to ...) + NOT-FOR-US: IBM +CVE-2021-29866 + RESERVED +CVE-2021-29865 + RESERVED +CVE-2021-29864 + RESERVED +CVE-2021-29863 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forge ...) + NOT-FOR-US: IBM +CVE-2021-29862 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) + NOT-FOR-US: IBM +CVE-2021-29861 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) + NOT-FOR-US: IBM +CVE-2021-29860 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) + NOT-FOR-US: IBM +CVE-2021-29859 + RESERVED +CVE-2021-29858 + RESERVED +CVE-2021-29857 + RESERVED +CVE-2021-29856 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre ...) + NOT-FOR-US: IBM +CVE-2021-29855 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...) + NOT-FOR-US: IBM +CVE-2021-29854 + RESERVED +CVE-2021-29853 (IBM Planning Analytics 2.0 could expose information that could be used ...) + NOT-FOR-US: IBM +CVE-2021-29852 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2021-29851 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...) + NOT-FOR-US: IBM +CVE-2021-29850 + RESERVED +CVE-2021-29849 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...) + NOT-FOR-US: IBM +CVE-2021-29848 + RESERVED +CVE-2021-29847 (BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) conf ...) + NOT-FOR-US: IBM +CVE-2021-29846 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...) + NOT-FOR-US: IBM +CVE-2021-29845 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...) + NOT-FOR-US: IBM +CVE-2021-29844 (IBM Jazz Team Server products is vulnerable to server-side request for ...) + NOT-FOR-US: IBM +CVE-2021-29843 (IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial o ...) + NOT-FOR-US: IBM +CVE-2021-29842 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...) + NOT-FOR-US: IBM +CVE-2021-29841 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...) + NOT-FOR-US: IBM +CVE-2021-29840 + RESERVED +CVE-2021-29839 + RESERVED +CVE-2021-29838 (IBM Security Guardium Insights 3.0 could allow a remote attacker to ob ...) + NOT-FOR-US: IBM +CVE-2021-29837 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...) + NOT-FOR-US: IBM +CVE-2021-29836 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 ...) + NOT-FOR-US: IBM +CVE-2021-29835 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnera ...) + NOT-FOR-US: IBM +CVE-2021-29834 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...) + NOT-FOR-US: IBM +CVE-2021-29833 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + NOT-FOR-US: IBM +CVE-2021-29832 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + NOT-FOR-US: IBM +CVE-2021-29831 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + NOT-FOR-US: IBM +CVE-2021-29830 + RESERVED +CVE-2021-29829 + RESERVED +CVE-2021-29828 + RESERVED +CVE-2021-29827 + RESERVED +CVE-2021-29826 + RESERVED +CVE-2021-29825 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) coul ...) + NOT-FOR-US: IBM +CVE-2021-29824 + RESERVED +CVE-2021-29823 + RESERVED +CVE-2021-29822 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...) + NOT-FOR-US: IBM +CVE-2021-29821 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) + NOT-FOR-US: IBM +CVE-2021-29820 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) + NOT-FOR-US: IBM +CVE-2021-29819 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) + NOT-FOR-US: IBM +CVE-2021-29818 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) + NOT-FOR-US: IBM +CVE-2021-29817 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) + NOT-FOR-US: IBM +CVE-2021-29816 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + NOT-FOR-US: IBM +CVE-2021-29815 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + NOT-FOR-US: IBM +CVE-2021-29814 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + NOT-FOR-US: IBM +CVE-2021-29813 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + NOT-FOR-US: IBM +CVE-2021-29812 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + NOT-FOR-US: IBM +CVE-2021-29811 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) + NOT-FOR-US: IBM +CVE-2021-29810 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...) + NOT-FOR-US: IBM +CVE-2021-29809 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) + NOT-FOR-US: IBM +CVE-2021-29808 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) + NOT-FOR-US: IBM +CVE-2021-29807 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) + NOT-FOR-US: IBM +CVE-2021-29806 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...) + NOT-FOR-US: IBM +CVE-2021-29805 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...) + NOT-FOR-US: IBM +CVE-2021-29804 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...) + NOT-FOR-US: IBM +CVE-2021-29803 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...) + NOT-FOR-US: IBM +CVE-2021-29802 (IBM Security SOAR performs an operation at a privilege level that is h ...) + NOT-FOR-US: IBM +CVE-2021-29801 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) + NOT-FOR-US: IBM +CVE-2021-29800 (IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1 ...) + NOT-FOR-US: IBM +CVE-2021-29799 + RESERVED +CVE-2021-29798 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 i ...) + NOT-FOR-US: IBM +CVE-2021-29797 + RESERVED +CVE-2021-29796 + RESERVED +CVE-2021-29795 (IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a lo ...) + NOT-FOR-US: IBM +CVE-2021-29794 (IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH s ...) + NOT-FOR-US: IBM +CVE-2021-29793 + RESERVED +CVE-2021-29792 (IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA ...) + NOT-FOR-US: IBM +CVE-2021-29791 + RESERVED +CVE-2021-29790 + RESERVED +CVE-2021-29789 + RESERVED +CVE-2021-29788 + RESERVED +CVE-2021-29787 + RESERVED +CVE-2021-29786 (IBM Jazz Team Server products stores user credentials in clear text wh ...) + NOT-FOR-US: IBM +CVE-2021-29785 (IBM Security SOAR V42 and V43could allow a remote attacker to obtain s ...) + NOT-FOR-US: IBM +CVE-2021-29784 (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker t ...) + NOT-FOR-US: IBM +CVE-2021-29783 + RESERVED +CVE-2021-29782 + RESERVED +CVE-2021-29781 (IBM Partner Engagement Manager 2.0 could allow a remote attacker to ex ...) + NOT-FOR-US: IBM +CVE-2021-29780 (IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authent ...) + NOT-FOR-US: IBM +CVE-2021-29779 (IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitiv ...) + NOT-FOR-US: IBM +CVE-2021-29778 + RESERVED +CVE-2021-29777 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...) + NOT-FOR-US: IBM +CVE-2021-29776 + RESERVED +CVE-2021-29775 (IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak fo ...) + NOT-FOR-US: IBM +CVE-2021-29774 (IBM Jazz Team Server products could allow an authenticated user to obt ...) + NOT-FOR-US: IBM +CVE-2021-29773 (IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated ...) + NOT-FOR-US: IBM +CVE-2021-29772 (IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potenti ...) + NOT-FOR-US: IBM +CVE-2021-29771 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2021-29770 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...) + NOT-FOR-US: IBM +CVE-2021-29769 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...) + NOT-FOR-US: IBM +CVE-2021-29768 + RESERVED +CVE-2021-29767 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow ...) + NOT-FOR-US: IBM +CVE-2021-29766 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...) + NOT-FOR-US: IBM +CVE-2021-29765 (IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obta ...) + NOT-FOR-US: IBM +CVE-2021-29764 (IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to s ...) + NOT-FOR-US: IBM +CVE-2021-29763 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) + NOT-FOR-US: IBM +CVE-2021-29762 + RESERVED +CVE-2021-29761 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...) + NOT-FOR-US: IBM +CVE-2021-29760 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...) + NOT-FOR-US: IBM +CVE-2021-29759 (IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 ...) + NOT-FOR-US: IBM +CVE-2021-29758 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...) + NOT-FOR-US: IBM +CVE-2021-29757 (IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site r ...) + NOT-FOR-US: IBM +CVE-2021-29756 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site req ...) + NOT-FOR-US: IBM +CVE-2021-29755 + RESERVED +CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2021-29753 (IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Proc ...) + NOT-FOR-US: IBM +CVE-2021-29752 (IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability ...) + NOT-FOR-US: IBM +CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...) + NOT-FOR-US: IBM +CVE-2021-29750 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic al ...) + NOT-FOR-US: IBM +CVE-2021-29749 (IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6 ...) + NOT-FOR-US: IBM +CVE-2021-29748 + RESERVED +CVE-2021-29747 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) + NOT-FOR-US: IBM +CVE-2021-29746 + RESERVED +CVE-2021-29745 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge esc ...) + NOT-FOR-US: IBM +CVE-2021-29744 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...) + NOT-FOR-US: IBM +CVE-2021-29743 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...) + NOT-FOR-US: IBM +CVE-2021-29742 (IBM Security Verify Access Docker 10.0.0 could allow a user to imperso ...) + NOT-FOR-US: IBM +CVE-2021-29741 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...) + NOT-FOR-US: IBM +CVE-2021-29740 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 sys ...) + NOT-FOR-US: IBM +CVE-2021-29739 (IBM Planning Analytics Local 2.0 could allow a remote attacker to obta ...) + NOT-FOR-US: IBM +CVE-2021-29738 (IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 1 ...) + NOT-FOR-US: IBM +CVE-2021-29737 (IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information S ...) + NOT-FOR-US: IBM +CVE-2021-29736 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) + NOT-FOR-US: IBM +CVE-2021-29735 (IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulner ...) + NOT-FOR-US: IBM +CVE-2021-29734 + RESERVED +CVE-2021-29733 + RESERVED +CVE-2021-29732 + RESERVED +CVE-2021-29731 + RESERVED +CVE-2021-29730 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...) + NOT-FOR-US: IBM +CVE-2021-29729 + RESERVED +CVE-2021-29728 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains ...) + NOT-FOR-US: IBM +CVE-2021-29727 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...) + NOT-FOR-US: IBM +CVE-2021-29726 + RESERVED +CVE-2021-29725 (IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IB ...) + NOT-FOR-US: IBM +CVE-2021-29724 + RESERVED +CVE-2021-29723 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weak ...) + NOT-FOR-US: IBM +CVE-2021-29722 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weak ...) + NOT-FOR-US: IBM +CVE-2021-29721 + RESERVED +CVE-2021-29720 + RESERVED +CVE-2021-29719 (IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client s ...) + NOT-FOR-US: IBM +CVE-2021-29718 + RESERVED +CVE-2021-29717 + RESERVED +CVE-2021-29716 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to ...) + NOT-FOR-US: IBM +CVE-2021-29715 (IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to ...) + NOT-FOR-US: IBM +CVE-2021-29714 (IBM Content Navigator 3.0.CD could allow a malicious user to cause a d ...) + NOT-FOR-US: IBM +CVE-2021-29713 (IBM Jazz Team Server products are vulnerable to cross-site scripting. ...) + NOT-FOR-US: IBM +CVE-2021-29712 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2021-29711 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3. ...) + NOT-FOR-US: IBM +CVE-2021-29710 + RESERVED +CVE-2021-29709 + RESERVED +CVE-2021-29708 (IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI ...) + NOT-FOR-US: IBM +CVE-2021-29707 (IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could ...) + NOT-FOR-US: IBM +CVE-2021-29706 (IBM AIX 7.1 could allow a non-privileged local user to exploit a vulne ...) + NOT-FOR-US: IBM +CVE-2021-29705 + RESERVED +CVE-2021-29704 (IBM Security SOAR uses weaker than expected cryptographic algorithms t ...) + NOT-FOR-US: IBM +CVE-2021-29703 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulne ...) + NOT-FOR-US: IBM +CVE-2021-29702 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 a ...) + NOT-FOR-US: IBM +CVE-2021-29701 (IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as I ...) + NOT-FOR-US: IBM +CVE-2021-29700 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...) + NOT-FOR-US: IBM +CVE-2021-29699 (IBM Security Verify Access Docker 10.0.0 could allow a remote priviled ...) + NOT-FOR-US: IBM +CVE-2021-29698 + RESERVED +CVE-2021-29697 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...) + NOT-FOR-US: IBM +CVE-2021-29696 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...) + NOT-FOR-US: IBM +CVE-2021-29695 (IBM Host firmware for LC-class Systems could allow a remote attacker t ...) + NOT-FOR-US: IBM +CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expec ...) + NOT-FOR-US: IBM +CVE-2021-29693 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the ...) + NOT-FOR-US: IBM +CVE-2021-29692 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...) + NOT-FOR-US: IBM +CVE-2021-29691 (IBM Security Identity Manager 7.0.2 contains hard-coded credentials, s ...) + NOT-FOR-US: IBM +CVE-2021-29690 + RESERVED +CVE-2021-29689 + RESERVED +CVE-2021-29688 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...) + NOT-FOR-US: IBM +CVE-2021-29687 (IBM Security Identity Manager 7.0.2 could allow a remote user to enume ...) + NOT-FOR-US: IBM +CVE-2021-29686 (IBM Security Identity Manager 7.0.2 could allow an authenticated user ...) + NOT-FOR-US: IBM +CVE-2021-29685 + RESERVED +CVE-2021-29684 + RESERVED +CVE-2021-29683 (IBM Security Identity Manager 7.0.2 stores user credentials in plain c ...) + NOT-FOR-US: IBM +CVE-2021-29682 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...) + NOT-FOR-US: IBM +CVE-2021-29681 (IBM InfoSphere Information Server 11.7 could allow an attacker to obta ...) + NOT-FOR-US: IBM +CVE-2021-29680 + RESERVED +CVE-2021-29679 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated us ...) + NOT-FOR-US: IBM +CVE-2021-29678 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...) + NOT-FOR-US: IBM +CVE-2021-29677 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...) + NOT-FOR-US: IBM +CVE-2021-29676 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...) + NOT-FOR-US: IBM +CVE-2021-29675 + RESERVED +CVE-2021-29674 + RESERVED +CVE-2021-29673 (IBM Jazz Team Server products are vulnerable to cross-site scripting. ...) + NOT-FOR-US: IBM +CVE-2021-29672 (IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2021-29671 (IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the ...) + NOT-FOR-US: IBM +CVE-2021-29670 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) + NOT-FOR-US: IBM +CVE-2021-29669 + RESERVED +CVE-2021-29668 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) + NOT-FOR-US: IBM +CVE-2021-29667 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is ...) + NOT-FOR-US: IBM +CVE-2021-29666 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is ...) + NOT-FOR-US: IBM +CVE-2021-29665 (IBM Security Verify Access 20.07 is vulnerable to a stack based buffer ...) + NOT-FOR-US: IBM +CVE-2021-29664 + RESERVED +CVE-2021-29663 (CourseMS (aka Course Registration Management System) 2.1 is affected b ...) + NOT-FOR-US: CourseMS (aka Course Registration Management System) +CVE-2021-29661 (Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.htm ...) + NOT-FOR-US: Softing AG OPC Toolbox +CVE-2021-29660 (A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.htm ...) + NOT-FOR-US: Softing AG OPC Toolbox +CVE-2021-29659 (ownCloud 10.7 has an incorrect access control vulnerability, leading t ...) + - owncloud <removed> +CVE-2021-29658 (The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Co ...) + NOT-FOR-US: vscode-rufo extension for Visual Studio Code +CVE-2021-29657 (arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use ...) + - linux 5.10.28-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/a58d9166a756a0f4a6618e4f593232593d6df134 + NOTE: https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html +CVE-2021-29656 (Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validat ...) + NOT-FOR-US: Pexip Infinity Connect +CVE-2021-29655 (Pexip Infinity Connect before 1.8.0 omits certain provisioning authent ...) + NOT-FOR-US: Pexip Infinity Connect +CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data ( ...) + NOT-FOR-US: AjaxSearchPro +CVE-2021-29653 (HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain ci ...) + NOT-FOR-US: HashiCorp Vault and Vault Enterprise +CVE-2021-29652 (Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user s ...) + NOT-FOR-US: Pomerium +CVE-2021-29651 (Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). ...) + NOT-FOR-US: Pomerium +CVE-2021-29650 (An issue was discovered in the Linux kernel before 5.11.11. The netfil ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.28-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/175e476b8cdf2a4de7432583b49c871345e4f8a1 +CVE-2021-29649 (An issue was discovered in the Linux kernel before 5.11.11. The user m ...) + - linux 5.10.28-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/f60a85cad677c4f9bb4cadd764f1d106c38c7cf8 +CVE-2021-29648 (An issue was discovered in the Linux kernel before 5.11.11. The BPF su ...) + - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/350a5c4dd2452ea999cc5e1d4a8dbf12de2f97ef +CVE-2021-29647 (An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvm ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.28-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/50535249f624d0072cd885bcdce4e4b6fb770160 +CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_re ...) + - linux 5.10.28-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/0217ed2848e8538bcf9172d97ed2eeb4a26041bb +CVE-2021-3480 (A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointe ...) + - slapi-nis 0.56.5-2 (bug #988736) + [bullseye] - slapi-nis <no-dsa> (Minor issue) + [buster] - slapi-nis <no-dsa> (Minor issue) + [stretch] - slapi-nis <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1944640 + NOTE: https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master +CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...) + {DLA-2701-1} + - openexr 2.5.4-1 (bug #986796) + [buster] - openexr <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830 +CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality in versi ...) + {DLA-2701-1} + - openexr 2.5.4-1 (bug #986796) + [buster] - openexr <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939160 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a (master) + NOTE: Depends on prior v3 checks https://github.com/AcademySoftwareFoundation/openexr/commit/0963ff1c4fcb3e748a9386685622747bfef00eb1 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0c2b46f630a3b5f2f561c2849d047ee39f899179 (2.5) +CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in vers ...) + {DLA-2701-1} + - openexr 2.5.4-1 (bug #986796) + [buster] - openexr <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939159 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1 + NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0) +CVE-2021-29645 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendM ...) + NOT-FOR-US: Hitachi +CVE-2021-29644 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remo ...) + NOT-FOR-US: Hitachi +CVE-2021-29643 (PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsa ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to change the U ...) + NOT-FOR-US: GistPad +CVE-2021-29641 (Directus 8 before 8.8.2 allows remote authenticated users to execute a ...) + NOT-FOR-US: Directus +CVE-2021-29640 + RESERVED +CVE-2021-29639 + RESERVED +CVE-2021-29638 + RESERVED +CVE-2021-29637 + RESERVED +CVE-2021-29636 + RESERVED +CVE-2021-29635 + RESERVED +CVE-2021-29634 + RESERVED +CVE-2021-29633 + RESERVED +CVE-2021-29632 (In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before ...) + - kfreebsd-10 <unfixed> (unimportant) + NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:01.vt.asc +CVE-2021-29631 (In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before ...) + NOT-FOR-US: FreeBSD +CVE-2021-29630 (In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before ...) + NOT-FOR-US: FreeBSD +CVE-2021-29629 (In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before ...) + - dacs <removed> (bug #989288; unimportant) + [stretch] - dacs <not-affected> (Vulnerable module first bundled in 1.4.40) + NOTE: RADIUS authentication not enabled in Debian packaging. +CVE-2021-29628 (In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before ...) + NOT-FOR-US: FreeBSD +CVE-2021-29627 (In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13. ...) + NOT-FOR-US: FreeBSD +CVE-2021-29626 (In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11. ...) + - kfreebsd-10 <unfixed> (unimportant) +CVE-2021-29625 (Adminer is open-source database management software. A cross-site scri ...) + - adminer 4.7.9-2 (bug #988886) + [buster] - adminer <no-dsa> (Minor issue) + [stretch] - adminer <no-dsa> (Minor issue) + NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-2v82-5746-vwqc + NOTE: https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7 +CVE-2021-29624 (fastify-csrf is an open-source plugin helps developers protect their F ...) + NOT-FOR-US: fastify-csrf +CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...) + - exiv2 0.27.5-1 (bug #988481) + [bullseye] - exiv2 <no-dsa> (Minor issue) + [buster] - exiv2 <no-dsa> (Minor issue) + [stretch] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v + NOTE: https://github.com/Exiv2/exiv2/pull/1627 +CVE-2021-29622 (Prometheus is an open-source monitoring system and time series databas ...) + - prometheus <not-affected> (Vulnerable code disabled in Debian packaging) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/1 + NOTE: https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7 + NOTE: "Fixed" because the 2.15.2+ds-1 upload disabled codewise the functionality + NOTE: (due to lack of React support in Debian) in 01-Do_not_embed_blobs.patch. + NOTE: The vulnerability itself is introduced with 2.23.0 upstream. + NOTE: See https://bugs.debian.org/988804 for details. +CVE-2021-29621 (Flask-AppBuilder is a development framework, built on top of Flask. Us ...) + - flask-appbuilder <itp> (bug #998029) + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89 + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580 (v3.3.0) +CVE-2021-29620 (Report portal is an open source reporting and analysis framework. Star ...) + NOT-FOR-US: Report portal +CVE-2021-29619 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29618 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29617 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29616 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29615 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29614 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29613 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29612 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29611 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29610 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29609 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29608 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29607 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29606 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29605 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29604 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29603 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29602 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29601 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29600 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29599 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29598 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29597 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29596 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29595 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29594 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29593 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29592 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29591 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29590 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29589 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29588 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29587 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29586 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29585 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29584 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29583 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29582 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29581 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29580 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29579 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29578 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29577 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29576 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29575 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29574 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29573 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29572 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29571 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29570 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29569 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29568 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29567 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29566 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29565 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29564 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29563 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29562 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29561 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29560 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29559 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29558 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29557 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29556 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29555 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29554 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29553 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29552 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29551 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29550 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29549 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29548 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29547 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29546 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29545 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29544 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29543 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29542 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29541 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29540 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29539 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29538 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29537 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29536 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29535 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29534 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29533 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29532 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29531 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29530 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29529 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29528 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29527 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29526 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29525 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29524 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29523 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29522 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29521 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29520 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29519 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29518 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29517 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29516 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29515 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29514 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29513 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29512 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow <itp> (bug #804612) +CVE-2021-29511 (evm is a pure Rust implementation of Ethereum Virtual Machine. Prior t ...) + NOT-FOR-US: Rust crate evm +CVE-2021-29510 (Pydantic is a data validation and settings management using Python typ ...) + - pydantic 1.7.4-1 (bug #988480) + NOTE: https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh + NOTE: https://github.com/samuelcolvin/pydantic/commit/7e83fdd2563ffac081db7ecdf1affa65ef38c468 +CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The f ...) + - puma 4.3.8-1 (bug #989054) + [stretch] - puma <not-affected> (Incomplete fix for CVE-2019-16770 not applied) + NOTE: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5 + NOTE: https://github.com/puma/puma/commit/df72887170c7ef3614c941c9bdefb4a1f3546ebf + NOTE: CVE is related to an incomplete fix for CVE-2019-16770 +CVE-2021-29508 (Due to how Wire handles type information in its serialization format, ...) + NOT-FOR-US: Wire +CVE-2021-29507 (GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interfa ...) + - dlt-daemon <unfixed> (unimportant) + NOTE: https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f (useless boilerplate only) + NOTE: https://github.com/GENIVI/dlt-daemon/commit/f5344f8cf036e6dcb899522e8e679639dd23e1a4 + NOTE: No security impact, config files need to be trusted +CVE-2021-29506 (GraphHopper is an open-source Java routing engine. In GrassHopper from ...) + NOT-FOR-US: GraphHopper +CVE-2021-29505 (XStream is software for serializing Java objects to XML and back again ...) + {DLA-2704-1} + - libxstream-java 1.4.15-3 (bug #989491) + [buster] - libxstream-java 1.4.11.1-1+deb10u3 + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc + NOTE: https://github.com/x-stream/xstream/commit/f0c4a8d861b68ffc3119cfbbbd632deee624e227 (v1.4.17) +CVE-2021-29504 (WP-CLI is the command-line interface for WordPress. An improper error ...) + NOT-FOR-US: WP-CLI +CVE-2021-29503 (HedgeDoc is a platform to write and share markdown. HedgeDoc before ve ...) + NOT-FOR-US: HedgeDoc +CVE-2021-29502 (WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability ...) + NOT-FOR-US: Red discord bot addon +CVE-2021-29501 (Ticketer is a command based ticket system cog (plugin) for the red dis ...) + NOT-FOR-US: Red discord bot addon +CVE-2021-29500 (bubble fireworks is an open source java package relating to Spring Fra ...) + NOT-FOR-US: bubble fireworks +CVE-2021-29499 (SIF is an open source implementation of the Singularity Container Imag ...) + [experimental] - golang-github-sylabs-sif 2.3.1-1 + - golang-github-sylabs-sif <unfixed> (bug #991664) + [bullseye] - golang-github-sylabs-sif <no-dsa> (Minor issue) + NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg +CVE-2021-29498 + RESERVED +CVE-2021-29497 + RESERVED +CVE-2021-29496 + RESERVED +CVE-2021-29495 (Nim is a statically typed compiled systems programming language. In Ni ...) + - nim 1.4.2-1 + [buster] - nim <no-dsa> (Minor issue) + [stretch] - nim <no-dsa> (Minor issue) + NOTE: https://github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqr +CVE-2021-29494 + RESERVED +CVE-2021-29493 (Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has ...) + NOT-FOR-US: Kennnyshiwa-cogs +CVE-2021-29492 (Envoy is a cloud-native edge/middle/service proxy. Envoy does not deco ...) + - envoyproxy <itp> (bug #987544) +CVE-2021-29491 (Mixme is a library for recursive merging of Javascript objects. In Nod ...) + NOT-FOR-US: mixme nodejs module +CVE-2021-29490 (Jellyfin is a free software media system that provides media from a de ...) + NOT-FOR-US: Jellyfin +CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In Highch ...) + NOT-FOR-US: Highcharts JS +CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was disco ...) + - sabnzbdplus 3.2.1+dfsg-1 + [bullseye] - sabnzbdplus 3.1.1+dfsg-2+deb11u1 + [buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u2 + [stretch] - sabnzbdplus <no-dsa> (Minor issue; contrib not supported) + NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp + NOTE: https://github.com/sabnzbd/sabnzbd/commit/3766ba54026eaa520dbee5b57a2f33d4954fb98b +CVE-2021-29487 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...) + NOT-FOR-US: October CMS +CVE-2021-29486 (cumulative-distribution-function is an open source npm library used wh ...) + NOT-FOR-US: Node cumulative-distribution-function +CVE-2021-29485 (Ratpack is a toolkit for creating web applications. In versions prior ...) + NOT-FOR-US: Ratpack +CVE-2021-29484 (Ghost is a Node.js CMS. An unused endpoint added during the developmen ...) + NOT-FOR-US: Ghost CMS +CVE-2021-29483 (ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' ...) + NOT-FOR-US: ManageWiki MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-29482 (xz is a compression and decompression library focusing on the xz forma ...) + - golang-github-ulikunitz-xz 0.5.6-2 (bug #988243) + NOTE: https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27 + NOTE: https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b +CVE-2021-29481 (Ratpack is a toolkit for creating web applications. In versions prior ...) + NOT-FOR-US: Ratpack +CVE-2021-29480 (Ratpack is a toolkit for creating web applications. In versions prior ...) + NOT-FOR-US: Ratpack +CVE-2021-29479 (Ratpack is a toolkit for creating web applications. In versions prior ...) + NOT-FOR-US: Ratpack +CVE-2021-29478 (Redis is an open source (BSD licensed), in-memory data structure store ...) + - redis 5:6.0.13-1 (bug #988045) + [buster] - redis <not-affected> (Vulnerable code not present) + [stretch] - redis <not-affected> (Vulnerable code not present) + NOTE: https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ + NOTE: https://github.com/redis/redis/commit/29900d4e6bccdf3691bedf0ea9a5d84863fa3592 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3 +CVE-2021-29477 (Redis is an open source (BSD licensed), in-memory data structure store ...) + - redis 5:6.0.13-1 (bug #988045) + [buster] - redis <not-affected> (Vulnerable code not present) + [stretch] - redis <not-affected> (Vulnerable code not present) + NOTE: https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ + NOTE: https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g +CVE-2021-29476 (Requests is a HTTP library written in PHP. Requests mishandles deseria ...) + - wordpress 5.5.3+dfsg1-1 + [buster] - wordpress 5.0.11+dfsg1-0+deb10u1 + [stretch] - wordpress 4.7.19+dfsg-1+deb9u1 + NOTE: https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54 + NOTE: https://github.com/rmccue/Requests/pull/421 + NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + NOTE: https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3 + NOTE: The CVE directly correspond to CVE-2020-28032 for wordpress and we can track + NOTE: same versions as fixed. Strictly speaking CVE-2021-29476 is for the PHP Requests + NOTE: library directly. +CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...) + NOT-FOR-US: HedgeDoc +CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...) + NOT-FOR-US: HedgeDoc +CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...) + {DSA-4958-1 DLA-2750-1} + - exiv2 0.27.5-1 (bug #987736) + [bullseye] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2 + NOTE: https://github.com/Exiv2/exiv2/pull/1587 + NOTE: https://github.com/Exiv2/exiv2/commit/e6a0982f7cd9282052b6e3485a458d60629ffa0b + NOTE: https://github.com/Exiv2/exiv2/commit/f0ff11f044b2c8ddf4792415beb91fd815c633a1 +CVE-2021-29472 (Composer is a dependency manager for PHP. URLs for Mercurial repositor ...) + {DSA-4907-1 DLA-2654-1} + - composer 2.0.9-2 + NOTE: https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx + NOTE: https://github.com/composer/composer/commit/083b73515d1d72bc61c6374440b3f8a37531f8cf +CVE-2021-29471 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) + - matrix-synapse 1.33.2-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85 + NOTE: https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c (v1.33.2) +CVE-2021-29470 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 (bug #987450) + [bullseye] - exiv2 <no-dsa> (Minor issue) + [buster] - exiv2 <no-dsa> (Minor issue) + [stretch] - exiv2 <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj + NOTE: https://github.com/Exiv2/exiv2/pull/1581 + NOTE: https://github.com/Exiv2/exiv2/commit/b3de96f4b4408347bed57e625963720e8d0dd2ea + NOTE: https://github.com/Exiv2/exiv2/commit/c372f2677d6f7cf88a8f26ef6bc175561e406ee2 +CVE-2021-29469 (Node-redis is a Node.js Redis client. Before version 3.1.1, when a cli ...) + - node-redis 3.0.2+~cs5.18.1-3 + [buster] - node-redis 2.8.0-1+deb10u1 + NOTE: https://github.com/NodeRedis/node-redis/issues/1569 + NOTE: https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3 + NOTE: https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e +CVE-2021-29468 (Cygwin Git is a patch set for the git command line tool for the cygwin ...) + NOT-FOR-US: Cygwin Git +CVE-2021-29467 (Wrongthink is an encrypted peer-to-peer chat program. A user could che ...) + NOT-FOR-US: Wrongthink +CVE-2021-29466 (Discord-Recon is a bot for the Discord chat service. In versions of Di ...) + NOT-FOR-US: Discord-Recon +CVE-2021-29465 (Discord-Recon is a bot for the Discord chat service. Versions of Disco ...) + NOT-FOR-US: Discord-Recon +CVE-2021-29464 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 (bug #988242) + [bullseye] - exiv2 <no-dsa> (Minor issue) + [buster] - exiv2 <not-affected> (Vulnerable code introduced later) + [stretch] - exiv2 <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p + NOTE: https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54 +CVE-2021-29463 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 (bug #988241) + [bullseye] - exiv2 <no-dsa> (Minor issue) + [buster] - exiv2 <not-affected> (webp support introduced in 0.27) + [stretch] - exiv2 <not-affected> (webp support introduced in 0.27) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr + NOTE: https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b +CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of UPnP de ...) + - pupnp-1.8 <unfixed> (bug #987326) + [bullseye] - pupnp-1.8 <no-dsa> (Minor issue) + [buster] - pupnp-1.8 <no-dsa> (Minor issue) + - libupnp <removed> + [stretch] - libupnp <no-dsa> (Minor issue) + NOTE: https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg + NOTE: https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4 + NOTE: https://www.openwall.com/lists/oss-security/2021/04/20/4 +CVE-2021-29461 (Discord Recon Server is a bot that allows one to do one's reconnaissan ...) + NOT-FOR-US: Discord-Recon +CVE-2021-29460 (Kirby is an open source CMS. An editor with write access to the Kirby ...) + NOT-FOR-US: Kirby CMS +CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 (bug #987277) + [bullseye] - exiv2 <no-dsa> (Minor issue) + [buster] - exiv2 <no-dsa> (Minor issue) + [stretch] - exiv2 <no-dsa> (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5 + NOTE: https://github.com/Exiv2/exiv2/issues/1530 + NOTE: https://github.com/Exiv2/exiv2/pull/1536 + NOTE: https://github.com/Exiv2/exiv2/commit/0a91b56616404f7b29ca28deb01ce18b767d1871 + NOTE: https://github.com/Exiv2/exiv2/commit/c92ac88cb0ebe72a5a17654fe6cecf411ab1e572 + NOTE: https://github.com/Exiv2/exiv2/commit/9b7a19f957af53304655ed1efe32253a1b11a8d0 + NOTE: https://github.com/Exiv2/exiv2/commit/fadb68718eb1bff3bd3222bd26ff3328f5306730 + NOTE: https://github.com/Exiv2/exiv2/commit/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d +CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + {DSA-4958-1 DLA-2750-1} + - exiv2 0.27.3-3.1 (bug #991705) + [bullseye] - exiv2 0.27.3-3+deb11u1 + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm + NOTE: https://github.com/Exiv2/exiv2/issues/1529 + NOTE: https://github.com/Exiv2/exiv2/pull/1534 + NOTE: https://github.com/Exiv2/exiv2/commit/13e5a3e02339b746abcaee6408893ca2fd8e289d + NOTE: buster-security and bullseye-security updates refer to CVE-2021-31291, which + NOTE: was an addditional (and then rejected) CVE ID for the same issue as CVE-2021-29457 +CVE-2021-29456 (Authelia is an open-source authentication and authorization server pro ...) + NOT-FOR-US: Authelia +CVE-2021-29455 (Grassroot Platform is an application to make it faster, cheaper and ea ...) + NOT-FOR-US: Grassroot Platform +CVE-2021-29454 (Smarty is a template engine for PHP, facilitating the separation of pr ...) + - smarty3 <unfixed> + NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m + NOTE: https://github.com/smarty-php/smarty/commit/7ad97ad030b4289711e30819c928b8bc33c62b23 (3.1.42) +CVE-2021-29453 (matrix-media-repo is an open-source multi-domain media repository for ...) + NOT-FOR-US: matrix-media-repo +CVE-2021-29452 (a12n-server is an npm package which aims to provide a simple authentic ...) + NOT-FOR-US: Node a12n-server +CVE-2021-29451 (Portofino is an open source web development framework. Portofino befor ...) + NOT-FOR-US: Portofino +CVE-2021-29450 (Wordpress is an open source CMS. One of the blocks in the WordPress ed ...) + {DSA-4896-1 DLA-2630-1} + - wordpress 5.7.1+dfsg1-1 (bug #987065) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq +CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...) + NOT-FOR-US: Pi-hole +CVE-2021-29448 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...) + NOT-FOR-US: Pi-hole +CVE-2021-29447 (Wordpress is an open source CMS. A user with the ability to upload fil ...) + {DSA-4896-1 DLA-2630-1} + - wordpress 5.7.1+dfsg1-1 (unimportant) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh + NOTE: Only an issue when installation runs under PHP8. +CVE-2021-29446 (jose-node-cjs-runtime is an npm package which provides a number of cry ...) + NOT-FOR-US: Node jose-node-cjs-runtime +CVE-2021-29445 (jose-node-esm-runtime is an npm package which provides a number of cry ...) + NOT-FOR-US: Node jose-esm-runtime +CVE-2021-29444 (jose-browser-runtime is an npm package which provides a number of cryp ...) + NOT-FOR-US: Node jose-browser-runtime +CVE-2021-29443 (jose is an npm library providing a number of cryptographic operations. ...) + NOT-FOR-US: Node jose +CVE-2021-29442 (Nacos is a platform designed for dynamic service discovery and configu ...) + NOT-FOR-US: Nacos +CVE-2021-29441 (Nacos is a platform designed for dynamic service discovery and configu ...) + NOT-FOR-US: Nacos +CVE-2021-29440 (Grav is a file based Web-platform. Twig processing of static pages can ...) + NOT-FOR-US: Grav CMS +CVE-2021-29439 (The Grav admin plugin prior to version 1.10.11 does not correctly veri ...) + NOT-FOR-US: Grav admin plugin +CVE-2021-29438 (The Nextcloud dialogs library (npm package @nextcloud/dialogs) before ...) + NOT-FOR-US: Node @nextcloud/dialogs +CVE-2021-29437 (ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth ...) + NOT-FOR-US: ScratchOAuth2 +CVE-2021-29436 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) + NOT-FOR-US: Anuko Time Tracker +CVE-2021-29435 (trestle-auth is an authentication plugin for the Trestle admin framewo ...) + NOT-FOR-US: trestle-auth +CVE-2021-29434 (Wagtail is a Django content management system. In affected versions of ...) + NOT-FOR-US: wagtail +CVE-2021-29433 (Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 ...) + NOT-FOR-US: Matrix Sydent +CVE-2021-29432 (Sydent is a reference matrix identity server. A malicious user could a ...) + NOT-FOR-US: Matrix Sydent +CVE-2021-29431 (Sydent is a reference Matrix identity server. Sydent can be induced to ...) + NOT-FOR-US: Matrix Sydent +CVE-2021-29430 (Sydent is a reference Matrix identity server. Sydent does not limit th ...) + NOT-FOR-US: Matrix Sydent +CVE-2021-29429 (In Gradle before version 7.0, files created with open permissions in t ...) + - gradle <unfixed> (bug #987284) + [bullseye] - gradle <no-dsa> (Minor issue) + [buster] - gradle <no-dsa> (Minor issue) + [stretch] - gradle <no-dsa> (Minor issue) + NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8 +CVE-2021-29428 (In Gradle before version 7.0, on Unix-like systems, the system tempora ...) + - gradle <unfixed> (bug #987284) + [bullseye] - gradle <no-dsa> (Minor issue) + [buster] - gradle <no-dsa> (Minor issue) + [stretch] - gradle <no-dsa> (Minor issue; sticky bit on /tmp is set by default) + NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336 +CVE-2021-29427 (In Gradle from version 5.1 and before version 7.0 there is a vulnerabi ...) + - gradle <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395 +CVE-2021-29426 + RESERVED +CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNameUtil ...) + {DLA-2741-1} + - commons-io 2.8.0-1 + [buster] - commons-io 2.6-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/04/12/1 + NOTE: https://issues.apache.org/jira/browse/IO-556 +CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...) + {DLA-2701-1} + - openexr 2.5.4-1 (bug #986796) + [buster] - openexr <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9 +CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker ...) + {DLA-2701-1} + - openexr 2.5.4-1 (bug #986796) + [buster] - openexr <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753 +CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...) + {DLA-2701-1} + - openexr 2.5.4-1 (bug #986796) + [buster] - openexr <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f + NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0) +CVE-2021-29662 (The Data::Validate::IP module through 0.29 for Perl does not properly ...) + - libdata-validate-ip-perl 0.30-1 (unimportant) + NOTE: Documentation update: https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e + NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ + NOTE: Upstream only clarifies how to properly use the module with a documentation update +CVE-2021-29424 (The Net::Netmask module before 2.0000 for Perl does not properly consi ...) + - libnet-netmask-perl 1.9104-2 (bug #986135) + [buster] - libnet-netmask-perl <no-dsa> (Minor issue) + [stretch] - libnet-netmask-perl <no-dsa> (Minor issue) + NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ + NOTE: https://metacpan.org/changes/distribution/Net-Netmask#L11-22 + NOTE: https://github.com/jmaslak/Net-Netmask/commit/9023b403682f1eaadadf6cb71ba0117a1fa4f163 + NOTE: Fixed by: https://github.com/jmaslak/Net-Netmask/commit/9023b403682f1eaadadf6cb71ba0117a1fa4f163 + NOTE: Improvements and add safe_new() method: + NOTE: https://github.com/jmaslak/Net-Netmask/commit/6b60b4eb3e98ee7548c13ecb7cb02c626f948a40 + NOTE: Remove warnings introduced in tests: + NOTE: https://github.com/jmaslak/Net-Netmask/commit/30d82695e32bc3b1615c7cd08d34528252363436 +CVE-2021-29423 + RESERVED +CVE-2021-3473 (An internal product security audit of Lenovo XClarity Controller (XCC) ...) + NOT-FOR-US: Lenovo XClarity Controller (XCC) +CVE-2021-3472 (A flaw was found in xorg-x11-server in versions before 1.20.11. An int ...) + {DSA-4893-1 DLA-2627-1} + - xorg-server 2:1.20.11-1 + NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd + NOTE: https://lists.x.org/archives/xorg-announce/2021-April/003080.html +CVE-2021-29422 + RESERVED +CVE-2021-29421 (models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Pyth ...) + - pikepdf 1.17.3+dfsg-5 (bug #986274) + [buster] - pikepdf <no-dsa> (Minor issue) + NOTE: https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a (v2.10.0) +CVE-2021-29420 + RESERVED +CVE-2021-29419 + RESERVED +CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles certain unexpe ...) + NOT-FOR-US: Node netmask +CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...) + NOT-FOR-US: gitjacker +CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...) + NOT-FOR-US: Burp Suite (different from src:burp) +CVE-2021-29415 (The elliptic curve cryptography (ECC) hardware accelerator, part of th ...) + NOT-FOR-US: NordicSemiconductor nRF52840 +CVE-2021-29414 (STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect p ...) + NOT-FOR-US: STMicroelectronics STM32L4 devices +CVE-2021-29413 + RESERVED +CVE-2021-29412 + RESERVED +CVE-2021-29411 + RESERVED +CVE-2021-29410 + RESERVED +CVE-2021-29409 + RESERVED +CVE-2021-29408 + RESERVED +CVE-2021-29407 + RESERVED +CVE-2021-29406 + RESERVED +CVE-2021-29405 + RESERVED +CVE-2021-29404 + RESERVED +CVE-2021-29403 + RESERVED +CVE-2021-29402 + RESERVED +CVE-2021-29401 + RESERVED +CVE-2021-29400 (A cross-site request forgery (CSRF) vulnerability in the My SMTP Conta ...) + NOT-FOR-US: My SMTP Contact plugin for GetSimple CMS +CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to inadequate filt ...) + NOT-FOR-US: XMB +CVE-2021-29398 (Directory traversal in /northstar/Common/NorthFileManager/fileManagerO ...) + NOT-FOR-US: Northstar +CVE-2021-29397 (Cleartext Transmission of Sensitive Information in /northstar/Admin/lo ...) + NOT-FOR-US: Northstar +CVE-2021-29396 (Systemic Insecure Permissions in Northstar Technologies Inc NorthStar ...) + NOT-FOR-US: Northstar +CVE-2021-29395 (Directory travesal in /northstar/filemanager/download.jsp in Northstar ...) + NOT-FOR-US: Northstar +CVE-2021-29394 (Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar ...) + NOT-FOR-US: Northstar +CVE-2021-29393 (Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar T ...) + NOT-FOR-US: Northstar +CVE-2021-29392 + RESERVED +CVE-2021-29391 + RESERVED +CVE-2021-29390 + RESERVED +CVE-2021-29389 + RESERVED +CVE-2021-29388 (A stored cross-site scripting (XSS) vulnerability in SourceCodester Bu ...) + NOT-FOR-US: SourceCodester Budget Management System +CVE-2021-29387 (Multiple stored cross-site scripting (XSS) vulnerabilities in Sourceco ...) + NOT-FOR-US: Sourcecodester Equipment Inventory System +CVE-2021-29386 + RESERVED +CVE-2021-29385 + RESERVED +CVE-2021-29384 + RESERVED +CVE-2021-29383 + RESERVED +CVE-2021-29382 + RESERVED +CVE-2021-29381 + RESERVED +CVE-2021-29380 + RESERVED +CVE-2021-29379 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR- ...) + NOT-FOR-US: D-Link +CVE-2021-29378 + RESERVED +CVE-2021-29377 (Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerabil ...) + NOT-FOR-US: Pear Admin Think +CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...) + {DLA-2747-1 DLA-2746-1} + - ircii-pana <removed> + - ircii 20210314-1 (bug #986214) + [buster] - ircii 20190117-1+deb10u1 + - scrollz 2.2.3-2 (bug #986215) + [buster] - scrollz 2.2.3-1+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/2 + NOTE: https://github.com/ScrollZ/ScrollZ/issues/25 +CVE-2021-29375 + RESERVED +CVE-2021-29374 + RESERVED +CVE-2021-29373 + RESERVED +CVE-2021-29372 + RESERVED +CVE-2021-29371 + RESERVED +CVE-2021-29370 (A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1. ...) + NOT-FOR-US: Thanos-Soft Cheetah Browser in Android +CVE-2021-29369 (The gnuplot package prior to version 0.1.0 for Node.js allows code exe ...) + NOT-FOR-US: Node gnuplot +CVE-2021-29368 + RESERVED +CVE-2021-29367 (A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows ...) + NOT-FOR-US: Irfanview +CVE-2021-29366 (A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irf ...) + NOT-FOR-US: Irfanview +CVE-2021-29365 (Irfanview 4.57 is affected by an infinite loop when processing a craft ...) + NOT-FOR-US: Irfanview +CVE-2021-29364 (A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanvi ...) + NOT-FOR-US: Irfanview +CVE-2021-29363 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanvie ...) + NOT-FOR-US: Irfanview +CVE-2021-29362 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanvie ...) + NOT-FOR-US: Irfanview +CVE-2021-29361 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfa ...) + NOT-FOR-US: Irfanview +CVE-2021-29360 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfa ...) + NOT-FOR-US: Irfanview +CVE-2021-29359 + RESERVED +CVE-2021-29358 (A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview ...) + NOT-FOR-US: Irfanview +CVE-2021-29357 (The ECT Provider component in OutSystems Platform Server 10 before 10. ...) + NOT-FOR-US: OutSystems Platform Server +CVE-2021-29356 + RESERVED +CVE-2021-29355 + RESERVED +CVE-2021-29354 + RESERVED +CVE-2021-29353 + RESERVED +CVE-2021-29352 + RESERVED +CVE-2021-29351 + RESERVED +CVE-2021-29350 (SQL injection in the getip function in conn/function.php in 发&# ...) + NOT-FOR-US: Online video course +CVE-2021-29349 (Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that all ...) + - mahara <removed> +CVE-2021-29348 + RESERVED +CVE-2021-29347 + RESERVED +CVE-2021-29346 + RESERVED +CVE-2021-29345 + RESERVED +CVE-2021-29344 + RESERVED +CVE-2021-29343 (Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" p ...) + NOT-FOR-US: Ovidentia CMS +CVE-2021-29342 + RESERVED +CVE-2021-29341 + RESERVED +CVE-2021-29340 + RESERVED +CVE-2021-29339 + RESERVED +CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash t ...) + - openjpeg2 2.4.0-4 (bug #987276) + [bullseye] - openjpeg2 <no-dsa> (Minor issue) + [buster] - openjpeg2 <no-dsa> (Minor issue) + [stretch] - openjpeg2 <no-dsa> (Minor issue) + NOTE: https://github.com/uclouvain/openjpeg/issues/1338 +CVE-2021-29337 (MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users ...) + NOT-FOR-US: MSI +CVE-2021-29336 + RESERVED +CVE-2021-29335 + RESERVED +CVE-2021-29334 + RESERVED +CVE-2021-29333 + RESERVED +CVE-2021-29332 + RESERVED +CVE-2021-29331 + RESERVED +CVE-2021-29330 + RESERVED +CVE-2021-29329 (OpenSource Moddable v10.5.0 was discovered to contain a stack overflow ...) + NOT-FOR-US: OpenSource Moddable +CVE-2021-29328 (OpenSource Moddable v10.5.0 was discovered to contain buffer over-read ...) + NOT-FOR-US: OpenSource Moddable +CVE-2021-29327 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...) + NOT-FOR-US: OpenSource Moddable +CVE-2021-29326 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...) + NOT-FOR-US: OpenSource Moddable +CVE-2021-29325 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...) + NOT-FOR-US: OpenSource Moddable +CVE-2021-29324 (OpenSource Moddable v10.5.0 was discovered to contain a stack overflow ...) + NOT-FOR-US: OpenSource Moddable +CVE-2021-29323 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...) + NOT-FOR-US: OpenSource Moddable +CVE-2021-29322 + RESERVED +CVE-2021-29321 + RESERVED +CVE-2021-29320 + RESERVED +CVE-2021-29319 + RESERVED +CVE-2021-29318 + RESERVED +CVE-2021-29317 + RESERVED +CVE-2021-29316 + RESERVED +CVE-2021-29315 + RESERVED +CVE-2021-29314 + RESERVED +CVE-2021-29313 (Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the ...) + NOT-FOR-US: SeaCMS +CVE-2021-29312 + RESERVED +CVE-2021-29311 + RESERVED +CVE-2021-29310 + RESERVED +CVE-2021-29309 + RESERVED +CVE-2021-29308 + RESERVED +CVE-2021-29307 + RESERVED +CVE-2021-29306 + RESERVED +CVE-2021-29305 + RESERVED +CVE-2021-29304 + RESERVED +CVE-2021-29303 + RESERVED +CVE-2021-29302 (TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a ...) + NOT-FOR-US: TP-Link +CVE-2021-29301 + RESERVED +CVE-2021-29300 (The @ronomon/opened library before 1.5.2 is vulnerable to a command in ...) + NOT-FOR-US: @ronomon/opened +CVE-2021-29299 + RESERVED +CVE-2021-29298 (Improper Input Validation in Emerson GE Automation Proficy Machine Edi ...) + NOT-FOR-US: Emerson GE Automation Proficy Machine Edition +CVE-2021-29297 (Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 ...) + NOT-FOR-US: Emerson GE Automation Proficy Machine Edition +CVE-2021-29296 (** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability ...) + NOT-FOR-US: D-Link +CVE-2021-29295 (** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability ...) + NOT-FOR-US: D-Link +CVE-2021-29294 (** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability ...) + NOT-FOR-US: D-Link +CVE-2021-29293 + RESERVED +CVE-2021-29292 + RESERVED +CVE-2021-29291 + RESERVED +CVE-2021-29290 + RESERVED +CVE-2021-29289 + RESERVED +CVE-2021-29288 + RESERVED +CVE-2021-29287 + RESERVED +CVE-2021-29286 + RESERVED +CVE-2021-29285 + RESERVED +CVE-2021-29284 + RESERVED +CVE-2021-29283 + RESERVED +CVE-2021-29282 + RESERVED +CVE-2021-29281 + RESERVED +CVE-2021-29280 (In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause ...) + NOT-FOR-US: TP-Link +CVE-2021-29279 (There is a integer overflow in function filter_core/filter_props.c:gf_ ...) + - gpac 1.0.1+dfsg1-4 (bug #987323) + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/da69ad1f970a7e17c865eaec9af98cc84df10d5b + NOTE: https://github.com/gpac/gpac/issues/1718 +CVE-2021-29278 + RESERVED +CVE-2021-29277 + RESERVED +CVE-2021-29276 + RESERVED +CVE-2021-29275 + RESERVED +CVE-2021-29274 (Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mi ...) + - redmine <not-affected> (Vulnerable code introduced in 4.1.0) + NOTE: https://www.redmine.org/issues/33846 +CVE-2021-XXXX [first_boot: Use session to verify first boot welcome step] + - freedombox 21.4.2 + - plinth <removed> + [buster] - plinth 19.1+deb10u2 + [stretch] - plinth <no-dsa> (Minor issue) + NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/2074 (not yet public) + NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/commit/f2005f56aa44d15c0fb82c5211c548a575961b03 +CVE-2021-29273 + RESERVED +CVE-2021-29272 (bluemonday before 1.0.5 allows XSS because certain Go lowercasing conv ...) + NOT-FOR-US: bluemonday +CVE-2021-29271 (remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator ...) + NOT-FOR-US: remark42 +CVE-2021-29270 + RESERVED +CVE-2021-29269 + RESERVED +CVE-2021-29268 + RESERVED +CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XS ...) + NOT-FOR-US: SherlockIM +CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. drivers/vho ...) + - linux 5.10.26-1 (unimportant) + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9 +CVE-2021-29265 (An issue was discovered in the Linux kernel before 5.11.7. usbip_sockf ...) + {DLA-2689-1} + - linux 5.10.24-1 + [buster] - linux 4.19.181-1 + NOTE: https://git.kernel.org/linus/9380afd6df70e24eacbdbde33afc6a3950965d22 +CVE-2021-29264 (An issue was discovered in the Linux kernel through 5.11.10. drivers/n ...) + {DLA-2690-1} + - linux 5.10.28-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f +CVE-2021-29263 (In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible ...) + - intellij-idea <itp> (bug #747616) +CVE-2021-3471 + REJECTED +CVE-2021-3470 (A heap overflow issue was found in Redis in versions before 5.0.10, be ...) + - redis 5:6.0.9-1 (unimportant) + NOTE: https://github.com/redis/redis/pull/7963 + NOTE: https://github.com/redis/redis/commit/9824fe3e392caa04dc1b4071886e9ac402dd6d95 + NOTE: Only an issue if not using a heap allocator other than jemalloc or glibc's malloc +CVE-2021-3469 (Foreman versions before 2.3.4 and before 2.4.0 is affected by an impro ...) + - foreman <itp> (bug #663101) +CVE-2021-3468 (A flaw was found in avahi in versions 0.6 up to 0.8. The event used to ...) + - avahi <unfixed> (bug #984938) + [bullseye] - avahi <no-dsa> (Minor issue) + [buster] - avahi <no-dsa> (Minor issue) + [stretch] - avahi <postponed> (Minor issue; can be fixed in next DLA) + NOTE: https://github.com/lathiat/avahi/pull/330 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3 +CVE-2021-29262 (When starting Apache Solr versions prior to 8.8.2, configured with the ...) + - lucene-solr <not-affected> (Vulnerable code not yet present) +CVE-2021-29261 (The unofficial Svelte extension before 104.8.0 for Visual Studio Code ...) + NOT-FOR-US: vscode extension Svelte +CVE-2021-29260 + RESERVED +CVE-2021-29259 + RESERVED +CVE-2021-29258 (An issue was discovered in Envoy 1.14.0. There is a remotely exploitab ...) + - envoyproxy <itp> (bug #987544) +CVE-2021-29257 + RESERVED +CVE-2021-29256 (. The Arm Mali GPU kernel driver allows an unprivileged user to achiev ...) + NOT-FOR-US: Arm Mali GPU kernel driver +CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credent ...) + NOT-FOR-US: MicroSeven +CVE-2021-29254 + RESERVED +CVE-2021-29253 (The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 ...) + NOT-FOR-US: RSA +CVE-2021-29252 (RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerabi ...) + NOT-FOR-US: RSA +CVE-2021-29251 (BTCPay Server before 1.0.7.1 mishandles the policy setting in which us ...) + NOT-FOR-US: BTCPay Server +CVE-2021-29250 (BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripti ...) + NOT-FOR-US: BTCPay Server +CVE-2021-29249 (BTCPay Server before 1.0.6.0, when the payment button is used, has a p ...) + NOT-FOR-US: BTCPay Server +CVE-2021-29248 (BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain ...) + NOT-FOR-US: BTCPay Server +CVE-2021-29247 (BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain ...) + NOT-FOR-US: BTCPay Server +CVE-2021-29246 (BTCPay Server through 1.0.7.0 suffers from directory traversal, which ...) + NOT-FOR-US: BTCPay Server +CVE-2021-29245 (BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseud ...) + NOT-FOR-US: BTCPay Server +CVE-2021-29244 + RESERVED +CVE-2021-29243 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. ...) + NOT-FOR-US: Cloudera Manager +CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper input vali ...) + NOT-FOR-US: CODESYS Control Runtime +CVE-2021-29241 (CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that ...) + NOT-FOR-US: CODESYS Gateway 3 +CVE-2021-29240 (The Package Manager of CODESYS Development System 3 before 3.5.17.0 do ...) + NOT-FOR-US: Package Manager of CODESYS Development System 3 +CVE-2021-29239 (CODESYS Development System 3 before 3.5.17.0 displays or executes mali ...) + NOT-FOR-US: CODESYS Development System 3 +CVE-2021-29238 (CODESYS Automation Server before 1.16.0 allows cross-site request forg ...) + NOT-FOR-US: CODESYS Automation Server +CVE-2021-29237 + RESERVED +CVE-2021-29236 + RESERVED +CVE-2021-29235 + RESERVED +CVE-2021-29234 + RESERVED +CVE-2021-29233 + RESERVED +CVE-2021-29232 + RESERVED +CVE-2021-29231 + RESERVED +CVE-2021-29230 + RESERVED +CVE-2021-29229 + RESERVED +CVE-2021-29228 + RESERVED +CVE-2021-29227 + RESERVED +CVE-2021-29226 + RESERVED +CVE-2021-29225 + RESERVED +CVE-2021-29224 + RESERVED +CVE-2021-29223 + RESERVED +CVE-2021-29222 + RESERVED +CVE-2021-29221 (A local privilege escalation vulnerability was discovered in Erlang/OT ...) + - erlang <not-affected> (Windows-specific) +CVE-2021-29220 + RESERVED +CVE-2021-29219 (A potential local buffer overflow vulnerability has been identified in ...) + NOT-FOR-US: HPE +CVE-2021-29218 (A local unquoted search path security vulnerability has been identifie ...) + NOT-FOR-US: HPE +CVE-2021-29217 + RESERVED +CVE-2021-29216 + RESERVED +CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...) + NOT-FOR-US: HPE +CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...) + NOT-FOR-US: HPE +CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...) + NOT-FOR-US: HPE +CVE-2021-29212 (A remote unauthenticated directory traversal security vulnerability ha ...) + NOT-FOR-US: HPE +CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) + NOT-FOR-US: HPE +CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...) + NOT-FOR-US: HPE +CVE-2021-29209 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...) + NOT-FOR-US: HPE +CVE-2021-29208 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...) + NOT-FOR-US: HPE +CVE-2021-29207 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) + NOT-FOR-US: HPE +CVE-2021-29206 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) + NOT-FOR-US: HPE +CVE-2021-29205 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) + NOT-FOR-US: HPE +CVE-2021-29204 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) + NOT-FOR-US: HPE +CVE-2021-29203 (A security vulnerability has been identified in the HPE Edgeline Infra ...) + NOT-FOR-US: HPE +CVE-2021-29202 (A local buffer overflow vulnerability was discovered in HPE Integrated ...) + NOT-FOR-US: HPE +CVE-2021-29201 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) + NOT-FOR-US: HPE +CVE-2021-29200 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version An u ...) + NOT-FOR-US: Apache OFBiz +CVE-2021-29199 + RESERVED +CVE-2021-29198 + RESERVED +CVE-2021-29197 + RESERVED +CVE-2021-29196 + RESERVED +CVE-2021-29195 + RESERVED +CVE-2021-29194 + RESERVED +CVE-2021-29193 + RESERVED +CVE-2021-29192 + RESERVED +CVE-2021-29191 + RESERVED +CVE-2021-29190 + RESERVED +CVE-2021-29189 + RESERVED +CVE-2021-29188 + RESERVED +CVE-2021-29187 + RESERVED +CVE-2021-29186 + RESERVED +CVE-2021-29185 + RESERVED +CVE-2021-29184 + RESERVED +CVE-2021-29183 + RESERVED +CVE-2021-29182 + RESERVED +CVE-2021-29181 + RESERVED +CVE-2021-29180 + RESERVED +CVE-2021-29179 + RESERVED +CVE-2021-29178 + RESERVED +CVE-2021-29177 + RESERVED +CVE-2021-29176 + RESERVED +CVE-2021-29175 + RESERVED +CVE-2021-29174 + RESERVED +CVE-2021-29173 + RESERVED +CVE-2021-29172 + RESERVED +CVE-2021-29171 + RESERVED +CVE-2021-29170 + RESERVED +CVE-2021-29169 + RESERVED +CVE-2021-29168 + RESERVED +CVE-2021-29167 + RESERVED +CVE-2021-29166 + RESERVED +CVE-2021-29165 + RESERVED +CVE-2021-29164 + RESERVED +CVE-2021-29163 + RESERVED +CVE-2021-29162 + RESERVED +CVE-2021-29161 + RESERVED +CVE-2021-29160 + RESERVED +CVE-2021-29159 (A cross-site scripting (XSS) vulnerability has been discovered in Nexu ...) + NOT-FOR-US: Nexus Repository Manager +CVE-2021-29158 (Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has ...) + NOT-FOR-US: Sonatype Nexus Repository Manager +CVE-2021-29157 (Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with acce ...) + - dovecot 1:2.3.13+dfsg1-2 (bug #990566) + [buster] - dovecot <not-affected> (Vulnerable code introduced later) + [stretch] - dovecot <not-affected> (Vulnerable code introduced later) + NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html + NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/1 +CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger ...) + NOT-FOR-US: ForgeRock OpenAM +CVE-2021-29155 (An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf ...) + {DLA-2690-1} + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + [stretch] - linux <not-affected> (Vulnerability introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/4 + NOTE: Fixes need to be made complete for older series to not open CVE-2021-33200, + NOTE: cf. https://lore.kernel.org/stable/215e98bf-21c7-0074-129d-49a51526418b@iogearbox.net/ +CVE-2021-29154 (BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect c ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.28-1 + [buster] - linux 4.19.194-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/04/08/1 +CVE-2021-3467 (A NULL pointer dereference flaw was found in the way Jasper versions b ...) + - jasper <removed> + NOTE: https://github.com/jasper-software/jasper/issues/268 + NOTE: https://github.com/jasper-software/jasper/commit/c4144a6fdb2660794136d1daaa80682ee40b138b +CVE-2021-3466 (A flaw was found in libmicrohttpd. A missing bounds check in the post_ ...) + - libmicrohttpd 0.9.71-1 + [buster] - libmicrohttpd <not-affected> (Vulnerable code introduced later) + [stretch] - libmicrohttpd <not-affected> (Vulnerable code introduced later) + NOTE: Patch: https://git.gnunet.org/libmicrohttpd.git/commit/?id=a110ae6276660bee3caab30e9ff3f12f85cf3241 + NOTE: Introduced in https://git.gnunet.org/libmicrohttpd.git/commit/?id=55f715e15e3ce66babc939b5a670bee02d4d9571 +CVE-2021-3465 + REJECTED +CVE-2021-29153 + RESERVED +CVE-2021-29152 (A remote denial of service (DoS) vulnerability was discovered in Aruba ...) + NOT-FOR-US: Aruba +CVE-2021-29151 (A remote authentication bypass vulnerability was discovered in Aruba C ...) + NOT-FOR-US: Aruba +CVE-2021-29150 (A remote insecure deserialization vulnerability was discovered in Arub ...) + NOT-FOR-US: Aruba +CVE-2021-29149 (A local bypass security restrictions vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-29148 (A local cross-site scripting (XSS) vulnerability was discovered in Aru ...) + NOT-FOR-US: Aruba +CVE-2021-29147 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-29146 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) + NOT-FOR-US: Aruba +CVE-2021-29145 (A remote server side request forgery (SSRF) remote code execution vuln ...) + NOT-FOR-US: Aruba +CVE-2021-29144 (A remote disclosure of sensitive information vulnerability was discove ...) + NOT-FOR-US: Aruba +CVE-2021-29143 (A remote execution of arbitrary commands vulnerability was discovered ...) + NOT-FOR-US: Aruba +CVE-2021-29142 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) + NOT-FOR-US: Aruba +CVE-2021-29141 (A remote disclosure of sensitive information vulnerability was discove ...) + NOT-FOR-US: Aruba +CVE-2021-29140 (A remote XML external entity (XXE) vulnerability was discovered in Aru ...) + NOT-FOR-US: Aruba +CVE-2021-29139 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) + NOT-FOR-US: Aruba +CVE-2021-29138 (A remote disclosure of privileged information vulnerability was discov ...) + NOT-FOR-US: Aruba +CVE-2021-29137 (A remote URL redirection vulnerability was discovered in Aruba AirWave ...) + NOT-FOR-US: Aruba +CVE-2021-29136 (Open Container Initiative umoci before 0.4.7 allows attackers to overw ...) + - umoci 0.4.7+ds-1 + [buster] - umoci <no-dsa> (Minor issue) + NOTE: https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v + NOTE: https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57 (v0.4.7) +CVE-2021-29135 + RESERVED +CVE-2021-3464 (A DLL search path vulnerability was reported in Lenovo PCManager, prio ...) + NOT-FOR-US: Lenovo +CVE-2021-3463 (A null pointer dereference vulnerability in Lenovo Power Management Dr ...) + NOT-FOR-US: Lenovo +CVE-2021-3462 (A privilege escalation vulnerability in Lenovo Power Management Driver ...) + NOT-FOR-US: Lenovo +CVE-2021-29134 + RESERVED +CVE-2021-29133 (Lack of verification in haserl, a component of Alpine Linux Configurat ...) + NOT-FOR-US: haserl (Alpine), different from src:haserl +CVE-2021-29132 + RESERVED +CVE-2021-29131 + RESERVED +CVE-2021-29130 + RESERVED +CVE-2021-29129 + RESERVED +CVE-2021-29128 + RESERVED +CVE-2021-29127 + RESERVED +CVE-2021-29126 + RESERVED +CVE-2021-29125 + RESERVED +CVE-2021-29124 + RESERVED +CVE-2021-29123 + RESERVED +CVE-2021-29122 + RESERVED +CVE-2021-29121 + RESERVED +CVE-2021-29120 + RESERVED +CVE-2021-29119 + RESERVED +CVE-2021-29118 + RESERVED +CVE-2021-29117 + RESERVED +CVE-2021-29116 (A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Serve ...) + NOT-FOR-US: Esri ArcGIS Server +CVE-2021-29115 (An information disclosure vulnerability in the ArcGIS Service Director ...) + NOT-FOR-US: Esri ArcGIS +CVE-2021-29114 (A SQL injection vulnerability in feature services provided by Esri Arc ...) + NOT-FOR-US: Esri ArcGIS +CVE-2021-29113 (A remote file inclusion vulnerability in the ArcGIS Server help docume ...) + NOT-FOR-US: ArcGIS Server +CVE-2021-29112 + RESERVED +CVE-2021-29111 + RESERVED +CVE-2021-29110 (Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may ...) + NOT-FOR-US: Esri +CVE-2021-29109 (A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 a ...) + NOT-FOR-US: Esri +CVE-2021-29108 (There is an privilege escalation vulnerability in organization-specifi ...) + NOT-FOR-US: Esri +CVE-2021-29107 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...) + NOT-FOR-US: ArcGIS Server Manager +CVE-2021-29106 (A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Se ...) + NOT-FOR-US: ArcGIS Server +CVE-2021-29105 (A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Serve ...) + NOT-FOR-US: ArcGIS Server Services Directory +CVE-2021-29104 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...) + NOT-FOR-US: ArcGIS Server Manager +CVE-2021-29103 (A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server ...) + NOT-FOR-US: ArcGIS Server +CVE-2021-29102 (A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Ma ...) + NOT-FOR-US: ArcGIS Server Manager +CVE-2021-29101 (ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only direc ...) + NOT-FOR-US: ArcGIS GeoEvent Server +CVE-2021-29100 (A path traversal vulnerability exists in Esri ArcGIS Earth versions 1. ...) + NOT-FOR-US: Esri +CVE-2021-29099 (A SQL injection vulnerability exists in some configurations of ArcGIS ...) + NOT-FOR-US: Esri +CVE-2021-29098 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...) + NOT-FOR-US: Esri (various ArcGIS products) +CVE-2021-29097 (Multiple buffer overflow vulnerabilities when parsing a specially craf ...) + NOT-FOR-US: Esri (various ArcGIS products) +CVE-2021-29096 (A use-after-free vulnerability when parsing a specially crafted file i ...) + NOT-FOR-US: Esri (various ArcGIS products) +CVE-2021-29095 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...) + NOT-FOR-US: Esri (various ArcGIS products) +CVE-2021-29094 (Multiple buffer overflow vulnerabilities when parsing a specially craf ...) + NOT-FOR-US: Esri (various ArcGIS products) +CVE-2021-29093 (A use-after-free vulnerability when parsing a specially crafted file i ...) + NOT-FOR-US: Esri (various ArcGIS products) +CVE-2021-3461 + RESERVED + NOT-FOR-US: Keycloak +CVE-2021-29092 (Unrestricted upload of file with dangerous type vulnerability in file ...) + NOT-FOR-US: Synology +CVE-2021-29091 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2021-29090 (Improper neutralization of special elements used in an SQL command ('S ...) + NOT-FOR-US: Synology +CVE-2021-29089 (Improper neutralization of special elements used in an SQL command ('S ...) + NOT-FOR-US: Synology +CVE-2021-29088 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2021-29087 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2021-29086 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) + NOT-FOR-US: Synology +CVE-2021-29085 (Improper neutralization of special elements in output used by a downst ...) + NOT-FOR-US: Synology +CVE-2021-29084 (Improper neutralization of special elements in output used by a downst ...) + NOT-FOR-US: Synology +CVE-2021-29083 (Improper neutralization of special elements used in an OS command in S ...) + NOT-FOR-US: Synology +CVE-2021-3460 (The Motorola MH702x devices, prior to version 2.0.0.301, do not proper ...) + NOT-FOR-US: Motorola MH702x devices +CVE-2021-3459 (A privilege escalation vulnerability was reported in the MM1000 device ...) + NOT-FOR-US: MM1000 device +CVE-2021-3458 (The Motorola MM1000 device configuration portal can be accessed withou ...) + NOT-FOR-US: Motorola MM1000 device configuration portal +CVE-2021-29082 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: NETGEAR +CVE-2021-29081 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: NETGEAR +CVE-2021-29080 (Certain NETGEAR devices are affected by password reset by an unauthent ...) + NOT-FOR-US: NETGEAR +CVE-2021-29079 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: NETGEAR +CVE-2021-29078 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: NETGEAR +CVE-2021-29077 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: NETGEAR +CVE-2021-29076 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: NETGEAR +CVE-2021-29075 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: NETGEAR +CVE-2021-29074 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: NETGEAR +CVE-2021-29073 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: NETGEAR +CVE-2021-29072 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: NETGEAR +CVE-2021-29071 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: NETGEAR +CVE-2021-29070 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: NETGEAR +CVE-2021-29069 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: NETGEAR +CVE-2021-29068 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: NETGEAR +CVE-2021-29067 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: NETGEAR +CVE-2021-29066 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: NETGEAR +CVE-2021-29065 (NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication ...) + NOT-FOR-US: NETGEAR +CVE-2021-29064 + RESERVED +CVE-2021-29063 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + - mpmath 1.2.1-2 (bug #990576) + [bullseye] - mpmath <no-dsa> (Minor issue) + [buster] - mpmath <no-dsa> (Minor issue) + [stretch] - mpmath <no-dsa> (Minor issue) + NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md + NOTE: https://github.com/fredrik-johansson/mpmath/issues/548 + NOTE: https://github.com/fredrik-johansson/mpmath/commit/c811b37c65a4372a7ce613111d2a508c204f9833 + NOTE: https://github.com/fredrik-johansson/mpmath/commit/2865c7d12b2a077d420427ad187eca831a48bff4 +CVE-2021-29062 + RESERVED +CVE-2021-29061 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + NOT-FOR-US: Vfsjfilechooser2 +CVE-2021-29060 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + - node-color-string 1.5.4-2 + [buster] - node-color-string <no-dsa> (Minor issue) + NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md + NOTE: https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3 +CVE-2021-29059 (A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and be ...) + NOT-FOR-US: Node is-svg +CVE-2021-29058 + RESERVED +CVE-2021-29057 + RESERVED +CVE-2021-29056 (Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via ...) + NOT-FOR-US: Pixelimity +CVE-2021-29055 + RESERVED +CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request Forgery (CS ...) + NOT-FOR-US: Papoo +CVE-2021-29053 (Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Lif ...) + NOT-FOR-US: Liferay +CVE-2021-29052 (The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Life ...) + NOT-FOR-US: Liferay +CVE-2021-29051 (Cross-site scripting (XSS) vulnerability in the Asset module's Asset P ...) + NOT-FOR-US: Liferay +CVE-2021-29050 + RESERVED +CVE-2021-29049 (Cross-site scripting (XSS) vulnerability in the Portal Workflow module ...) + NOT-FOR-US: Liferay +CVE-2021-29048 (Cross-site scripting (XSS) vulnerability in the Layout module's page a ...) + NOT-FOR-US: Liferay +CVE-2021-29047 (The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Li ...) + NOT-FOR-US: Liferay +CVE-2021-29046 (Cross-site scripting (XSS) vulnerability in the Asset module's categor ...) + NOT-FOR-US: Liferay +CVE-2021-29045 (Cross-site scripting (XSS) vulnerability in the Redirect module's redi ...) + NOT-FOR-US: Liferay +CVE-2021-29044 (Cross-site scripting (XSS) vulnerability in the Site module's membersh ...) + NOT-FOR-US: Liferay +CVE-2021-29043 (The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Lif ...) + NOT-FOR-US: Liferay +CVE-2021-29042 + RESERVED +CVE-2021-29041 (Denial-of-service (DoS) vulnerability in the Multi-Factor Authenticati ...) + NOT-FOR-US: Liferay +CVE-2021-29040 (The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay ...) + NOT-FOR-US: Liferay +CVE-2021-29039 (Cross-site scripting (XSS) vulnerability in the Asset module's categor ...) + NOT-FOR-US: Liferay +CVE-2021-29038 + RESERVED +CVE-2021-29037 + RESERVED +CVE-2021-29036 + RESERVED +CVE-2021-29035 + RESERVED +CVE-2021-29034 + RESERVED +CVE-2021-29033 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) + NOT-FOR-US: Bitweaver +CVE-2021-29032 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) + NOT-FOR-US: Bitweaver +CVE-2021-29031 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) + NOT-FOR-US: Bitweaver +CVE-2021-29030 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) + NOT-FOR-US: Bitweaver +CVE-2021-29029 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) + NOT-FOR-US: Bitweaver +CVE-2021-29028 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) + NOT-FOR-US: Bitweaver +CVE-2021-29027 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) + NOT-FOR-US: Bitweaver +CVE-2021-29026 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) + NOT-FOR-US: Bitweaver +CVE-2021-29025 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...) + NOT-FOR-US: Bitweaver +CVE-2021-29024 (In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticat ...) + NOT-FOR-US: InvoicePlane +CVE-2021-29023 (InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset ...) + NOT-FOR-US: InvoicePlane +CVE-2021-29022 (In InvoicePlane 1.5.11, the upload feature discloses the full path of ...) + NOT-FOR-US: InvoicePlane +CVE-2021-29021 + RESERVED +CVE-2021-29020 + RESERVED +CVE-2021-29019 + RESERVED +CVE-2021-29018 + RESERVED +CVE-2021-29017 + RESERVED +CVE-2021-29016 + RESERVED +CVE-2021-29015 + RESERVED +CVE-2021-29014 + RESERVED +CVE-2021-29013 + RESERVED +CVE-2021-29012 (DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to ev ...) + NOT-FOR-US: DMA Softlab Radius Manager +CVE-2021-29011 (DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting ( ...) + NOT-FOR-US: DMA Softlab Radius Manager +CVE-2021-29010 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...) + NOT-FOR-US: SEO Panel +CVE-2021-29009 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...) + NOT-FOR-US: SEO Panel +CVE-2021-29008 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...) + NOT-FOR-US: SEO Panel +CVE-2021-29007 + RESERVED +CVE-2021-29006 (rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An ...) + NOT-FOR-US: rConfig +CVE-2021-29005 (Insecure permission of chmod command on rConfig server 3.9.6 exists. A ...) + NOT-FOR-US: rConfig +CVE-2021-29004 (rConfig 3.9.6 is affected by SQL Injection. A user must be authenticat ...) + NOT-FOR-US: rConfig +CVE-2021-29003 (Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers ...) + NOT-FOR-US: Genexis devices +CVE-2021-29002 (A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 e ...) + NOT-FOR-US: Plone +CVE-2021-29001 + RESERVED +CVE-2021-29000 + RESERVED +CVE-2021-28999 + RESERVED +CVE-2021-28998 + RESERVED +CVE-2021-28997 + RESERVED +CVE-2021-28996 + RESERVED +CVE-2021-28995 + RESERVED +CVE-2021-28994 (kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8. ...) + - kopanocore <unfixed> (bug #986272) + [buster] - kopanocore <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/6 +CVE-2021-28993 (Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is ...) + NOT-FOR-US: Plixer Scrutinizer +CVE-2021-28992 + RESERVED +CVE-2021-28991 + RESERVED +CVE-2021-28990 + RESERVED +CVE-2021-28989 + RESERVED +CVE-2021-28988 + RESERVED +CVE-2021-28987 + RESERVED +CVE-2021-28986 + RESERVED +CVE-2021-28985 + RESERVED +CVE-2021-28984 + RESERVED +CVE-2021-28983 + RESERVED +CVE-2021-28982 + RESERVED +CVE-2021-28981 + RESERVED +CVE-2021-28980 + RESERVED +CVE-2021-28979 (SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP resp ...) + NOT-FOR-US: SafeNet KeySecure Management Console +CVE-2021-28978 + RESERVED +CVE-2021-28977 (Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upl ...) + NOT-FOR-US: GetSimpleCMS +CVE-2021-28976 (Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in a ...) + NOT-FOR-US: GetSimpleCMS +CVE-2021-3457 (An improper authorization handling flaw was found in Foreman. The Shel ...) + - foreman <itp> (bug #663101) +CVE-2021-3456 + RESERVED + - foreman <itp> (bug #663101) +CVE-2021-28975 (WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's de ...) + NOT-FOR-US: WP Mailster +CVE-2021-28974 + RESERVED +CVE-2021-28973 (The XML Import functionality of the Administration console in Perforce ...) + NOT-FOR-US: Helix ALM +CVE-2021-28970 (eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices ...) + NOT-FOR-US: Central Management of FireEye EX 3500 devices +CVE-2021-28969 (eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticat ...) + NOT-FOR-US: Central Management of FireEye EX 3500 devices +CVE-2021-28968 (An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in ...) + NOT-FOR-US: PunBB +CVE-2021-28967 (The unofficial MATLAB extension before 2.0.1 for Visual Studio Code al ...) + NOT-FOR-US: MATLAB extenstion for vscode +CVE-2021-28966 (In Ruby through 3.0 on Windows, a remote attacker can submit a crafted ...) + - ruby2.7 <not-affected> (Windows-specific) + NOTE: https://hackerone.com/reports/1131465 +CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, a ...) + {DSA-5066-1} + - ruby2.7 2.7.3-1 (bug #986807) + - ruby2.5 <removed> + - ruby2.3 <removed> + [stretch] - ruby2.3 <postponed> (Minor issue; can be fixed in next update) + [experimental] - ruby-rexml 3.2.5-1 + - ruby-rexml <removed> (bug #986806) + NOTE: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ +CVE-2021-28972 (In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5. ...) + {DLA-2690-1} + - linux 5.10.26-1 + [buster] - linux 4.19.194-1 + [stretch] - linux <ignored> (Driver is specific to IBM Power systems) + NOTE: https://git.kernel.org/linus/cc7a0bb058b85ea03db87169c60c7cfdd5d34678 +CVE-2021-28971 (In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.26-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/d88d05a9e0b6d9356e97129d4ff9942d765f46ea +CVE-2021-28964 (A race condition was discovered in get_old_root in fs/btrfs/ctree.c in ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.26-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5 +CVE-2021-28962 (Stormshield Network Security (SNS) before 4.2.2 allows a read-only adm ...) + NOT-FOR-US: Stormshield Network Security (SNS) +CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDN ...) + NOT-FOR-US: DDNS package for OpenWrt +CVE-2021-28960 (Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthe ...) + NOT-FOR-US: ManageEngine +CVE-2021-28959 (Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to una ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-28958 (Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to una ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-28956 (** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka S ...) + NOT-FOR-US: vscode-sass-lint +CVE-2021-28955 (git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will ...) + NOT-FOR-US: git-bug +CVE-2021-28954 (In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary ...) + NOT-FOR-US: Chris Walz bit +CVE-2021-28953 (The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual S ...) + NOT-FOR-US: unofficial C/C++ Advanced Lint extension for Visual Studio Code +CVE-2021-3455 (Disconnecting L2CAP channel right after invalid ATT request leads free ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-3454 (Truncated L2CAP K-frame causes assertion failure. Zephyr versions > ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-3453 (Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS m ...) + NOT-FOR-US: Lenovo +CVE-2021-3452 (A potential vulnerability in the system shutdown SMI callback function ...) + NOT-FOR-US: Lenovo +CVE-2021-3451 (A denial of service vulnerability was reported in Lenovo PCManager, pr ...) + NOT-FOR-US: Lenovo +CVE-2021-3450 (The X509_V_FLAG_X509_STRICT flag enables additional security checks of ...) + - openssl 1.1.1k-1 + [buster] - openssl <not-affected> (Vulnerable code introduced in 1.1.1h) + [stretch] - openssl <not-affected> (Vulnerable code introduced in 1.1.1h) + - openssl1.0 <not-affected> (Vulnerable code introduced in 1.1.1h) + NOTE: https://www.openssl.org/news/secadv/20210325.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b +CVE-2021-28957 (An XSS vulnerability was discovered in python-lxml's clean module vers ...) + {DSA-4880-1 DLA-2606-1} + - lxml 4.6.3-1 (bug #985643) + NOTE: https://bugs.launchpad.net/lxml/+bug/1888153 + NOTE: https://github.com/lxml/lxml/pull/316 + NOTE: https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d +CVE-2021-28952 (An issue was discovered in the Linux kernel through 5.11.8. The sound/ ...) + - linux 5.10.26-1 (unimportant) + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/1c668e1c0a0f74472469cd514f40c9012b324c31 +CVE-2021-28951 (An issue was discovered in fs/io_uring.c in the Linux kernel through 5 ...) + - linux 5.10.26-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/3ebba796fa251d042be42b929a2d916ee5c34a49 +CVE-2021-28950 (An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before ...) + {DLA-2689-1} + - linux 5.10.24-1 + NOTE: https://git.kernel.org/linus/775c5033a0d164622d9d10dd0f0a5531639ed3ed +CVE-2021-28949 + RESERVED +CVE-2021-28948 + RESERVED +CVE-2021-28947 + RESERVED +CVE-2021-28946 + RESERVED +CVE-2021-28945 + RESERVED +CVE-2021-28944 + RESERVED +CVE-2021-28943 + RESERVED +CVE-2021-28942 + RESERVED +CVE-2021-28941 (Because of no validation on a curl command in MagpieRSS 0.72 in the /e ...) + NOT-FOR-US: MagpieRSS +CVE-2021-28940 (Because of a incorrect escaped exec command in MagpieRSS in 0.72 in th ...) + NOT-FOR-US: MagpieRSS +CVE-2021-28939 + RESERVED +CVE-2021-28938 (Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2- ...) + NOT-FOR-US: Siren Federate +CVE-2021-28937 (The /password.html page of the Web management interface of the Acexy W ...) + NOT-FOR-US: Acexy Wireless-N WiFi Repeater +CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management ...) + NOT-FOR-US: Acexy Wireless-N WiFi Repeater +CVE-2021-28935 (CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin ...) + NOT-FOR-US: CMS Made Simple (CMSMS) +CVE-2021-28934 + RESERVED +CVE-2021-28933 + RESERVED +CVE-2021-28932 + RESERVED +CVE-2021-28931 (Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers ...) + NOT-FOR-US: Fork CMS +CVE-2021-28930 + RESERVED +CVE-2021-28929 + RESERVED +CVE-2021-28928 + RESERVED +CVE-2021-28927 (The text-to-speech engine in libretro RetroArch for Windows 1.9.0 pass ...) + - retroarch <not-affected> (Windows-specific) +CVE-2021-28926 + RESERVED +CVE-2021-28925 (SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 vi ...) + NOT-FOR-US: Nagios Network Analyzer +CVE-2021-28924 (Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the ...) + NOT-FOR-US: Nagios Network Analyzer +CVE-2021-28923 + RESERVED +CVE-2021-28922 + RESERVED +CVE-2021-28921 + RESERVED +CVE-2021-28920 + RESERVED +CVE-2021-28919 + RESERVED +CVE-2021-28918 (Improper input validation of octal strings in netmask npm package v1.0 ...) + NOT-FOR-US: netmask nodejs module + NOTE: https://sick.codes/sick-2021-011 + NOTE: https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/ +CVE-2021-28917 + RESERVED +CVE-2021-28916 + RESERVED +CVE-2021-28915 + RESERVED +CVE-2021-28914 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to ...) + NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort +CVE-2021-28913 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...) + NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort +CVE-2021-28912 (BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard c ...) + NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort +CVE-2021-28911 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...) + NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort +CVE-2021-28910 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSR ...) + NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort +CVE-2021-28909 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...) + NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort +CVE-2021-28908 + RESERVED +CVE-2021-28907 + RESERVED +CVE-2021-28906 (In function read_yin_leaf() in libyang <= v1.0.225, it doesn't chec ...) + - libyang <unfixed> (bug #989060) + [bullseye] - libyang <no-dsa> (Minor issue) + [buster] - libyang <no-dsa> (Minor issue) + NOTE: https://github.com/CESNET/libyang/issues/1455 +CVE-2021-28905 (In function lys_node_free() in libyang <= v1.0.225, it asserts that ...) + - libyang <unfixed> (bug #989060) + [bullseye] - libyang <no-dsa> (Minor issue) + [buster] - libyang <no-dsa> (Minor issue) + NOTE: https://github.com/CESNET/libyang/issues/1452 +CVE-2021-28904 (In function ext_get_plugin() in libyang <= v1.0.225, it doesn't che ...) + - libyang <unfixed> (bug #989060) + [bullseye] - libyang <no-dsa> (Minor issue) + [buster] - libyang <no-dsa> (Minor issue) + NOTE: https://github.com/CESNET/libyang/issues/1451 +CVE-2021-28903 (A stack overflow in libyang <= v1.0.225 can cause a denial of servi ...) + - libyang <unfixed> (bug #989060) + [bullseye] - libyang <no-dsa> (Minor issue) + [buster] - libyang <no-dsa> (Minor issue) + NOTE: https://github.com/CESNET/libyang/issues/1453 +CVE-2021-28902 (In function read_yin_container() in libyang <= v1.0.225, it doesn't ...) + - libyang <unfixed> (bug #989060) + [bullseye] - libyang <no-dsa> (Minor issue) + [buster] - libyang <no-dsa> (Minor issue) + NOTE: https://github.com/CESNET/libyang/issues/1454 +CVE-2021-28901 (Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Soft ...) + NOT-FOR-US: Sita Software Azur CMS. +CVE-2021-28900 + RESERVED +CVE-2021-28899 (Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileS ...) + - liblivemedia <removed> + [buster] - liblivemedia <no-dsa> (Minor issue) + [stretch] - liblivemedia <no-dsa> (Minor issue) + NOTE: http://lists.live555.com/pipermail/live-devel/2021-March/021891.html +CVE-2021-28898 + RESERVED +CVE-2021-28897 + RESERVED +CVE-2021-28896 + RESERVED +CVE-2021-28895 + RESERVED +CVE-2021-28894 + RESERVED +CVE-2021-28893 + RESERVED +CVE-2021-28892 + RESERVED +CVE-2021-28891 + RESERVED +CVE-2021-28890 (J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via th ...) + NOT-FOR-US: J2eeFAST +CVE-2021-28889 + RESERVED +CVE-2021-28888 + RESERVED +CVE-2021-28887 + RESERVED +CVE-2021-28886 + RESERVED +CVE-2021-28885 + RESERVED +CVE-2021-28884 + RESERVED +CVE-2021-28883 + RESERVED +CVE-2021-28882 + RESERVED +CVE-2021-28881 + RESERVED +CVE-2021-28880 + RESERVED +CVE-2021-28879 (In the standard library in Rust before 1.52.0, the Zip implementation ...) + - rustc 1.53.0+dfsg1-1 (bug #986803) + [bullseye] - rustc <no-dsa> (Minor issue) + [buster] - rustc <no-dsa> (Minor issue) + [stretch] - rustc <no-dsa> (Minor issue) + NOTE: https://github.com/rust-lang/rust/issues/82282 + NOTE: https://github.com/rust-lang/rust/pull/82289 +CVE-2021-28878 (In the standard library in Rust before 1.52.0, the Zip implementation ...) + - rustc 1.53.0+dfsg1-1 (bug #986803) + [bullseye] - rustc <no-dsa> (Minor issue) + [buster] - rustc <no-dsa> (Minor issue) + [stretch] - rustc <no-dsa> (Minor issue) + NOTE: https://github.com/rust-lang/rust/issues/82291 + NOTE: https://github.com/rust-lang/rust/pull/82292 +CVE-2021-28877 (In the standard library in Rust before 1.51.0, the Zip implementation ...) + - rustc 1.53.0+dfsg1-1 (bug #986803) + [bullseye] - rustc <no-dsa> (Minor issue) + [buster] - rustc <no-dsa> (Minor issue) + [stretch] - rustc <no-dsa> (Minor issue) + NOTE: https://github.com/rust-lang/rust/pull/80670 +CVE-2021-28876 (In the standard library in Rust before 1.52.0, the Zip implementation ...) + - rustc 1.53.0+dfsg1-1 (bug #986803) + [bullseye] - rustc <no-dsa> (Minor issue) + [buster] - rustc <no-dsa> (Minor issue) + [stretch] - rustc <no-dsa> (Minor issue) + NOTE: https://github.com/rust-lang/rust/issues/81740 + NOTE: https://github.com/rust-lang/rust/pull/81741 +CVE-2021-28875 (In the standard library in Rust before 1.50.0, read_to_end() does not ...) + - rustc 1.53.0+dfsg1-1 (bug #986803) + [bullseye] - rustc <no-dsa> (Minor issue) + [buster] - rustc <no-dsa> (Minor issue) + [stretch] - rustc <no-dsa> (Minor issue) + NOTE: https://github.com/rust-lang/rust/issues/80894 + NOTE: https://github.com/rust-lang/rust/pull/80895 +CVE-2021-28874 (SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contai ...) + NOT-FOR-US: SerenityOS +CVE-2021-28873 + RESERVED +CVE-2021-28872 + RESERVED +CVE-2021-28871 + RESERVED +CVE-2021-28870 + RESERVED +CVE-2021-28869 + RESERVED +CVE-2021-28868 + RESERVED +CVE-2021-28867 + RESERVED +CVE-2021-28866 + RESERVED +CVE-2021-28865 + RESERVED +CVE-2021-28864 + RESERVED +CVE-2021-28863 + RESERVED +CVE-2021-28862 + RESERVED +CVE-2021-28861 + RESERVED +CVE-2021-28860 (In Node.js mixme, prior to v0.5.1, an attacker can add or alter proper ...) + NOT-FOR-US: Node mixme +CVE-2021-28859 + RESERVED +CVE-2021-28858 (TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL b ...) + NOT-FOR-US: TP-Link +CVE-2021-28857 (TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and passw ...) + NOT-FOR-US: TP-Link +CVE-2021-28856 (In Deark before v1.5.8, a specially crafted input file can cause a div ...) + NOT-FOR-US: Deark +CVE-2021-28855 (In Deark before 1.5.8, a specially crafted input file can cause a NULL ...) + NOT-FOR-US: Deark +CVE-2021-28854 + RESERVED +CVE-2021-28853 + RESERVED +CVE-2021-28852 + RESERVED +CVE-2021-28851 + RESERVED +CVE-2021-28850 + RESERVED +CVE-2021-28849 + RESERVED +CVE-2021-28848 (Mintty before 3.4.5 allows remote servers to cause a denial of service ...) + NOT-FOR-US: Mintty +CVE-2021-28847 (MobaXterm before 21.0 allows remote servers to cause a denial of servi ...) + NOT-FOR-US: MobaXterm +CVE-2021-28846 (A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW ...) + NOT-FOR-US: TRENDnet +CVE-2021-28845 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...) + NOT-FOR-US: TRENDnet +CVE-2021-28844 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...) + NOT-FOR-US: TRENDnet +CVE-2021-28843 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...) + NOT-FOR-US: TRENDnet +CVE-2021-28842 (Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11 ...) + NOT-FOR-US: TRENDnet +CVE-2021-28841 (Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, ...) + NOT-FOR-US: TRENDnet +CVE-2021-28840 (Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07. ...) + NOT-FOR-US: D-Link +CVE-2021-28839 (Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07. ...) + NOT-FOR-US: D-Link +CVE-2021-28838 (Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, D ...) + NOT-FOR-US: D-Link +CVE-2021-28837 + RESERVED +CVE-2021-28836 + RESERVED +CVE-2021-28835 + RESERVED +CVE-2021-28834 (Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge: ...) + {DSA-4890-1} + - ruby-kramdown 2.3.0-5 (bug #985569) + [stretch] - ruby-kramdown <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/gettalong/kramdown/pull/708 + NOTE: Fixed by: https://github.com/gettalong/kramdown/commit/d6a1cbcb2caa2f8a70927f176070d126b2422760 + NOTE: Introduced by https://github.com/gettalong/kramdown/commit/ff0218aefcf00cd5a389e17e075d36cd46d011e2 (v1.16) +CVE-2021-28833 (Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist ...) + NOT-FOR-US: Increments Qiita::Markdown +CVE-2021-28832 (VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via ...) + NOT-FOR-US: VSCodeVim +CVE-2021-28831 (decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit ...) + {DLA-2614-1} + - busybox <unfixed> (bug #985674) + [bullseye] - busybox <no-dsa> (Minor issue) + [buster] - busybox <no-dsa> (Minor issue) + NOTE: https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd +CVE-2021-27851 (A security vulnerability that can lead to local privilege escalation h ...) + - guix 1.2.0-4 (bug #985467; unimportant) + NOTE: https://issues.guix.gnu.org/47229 + NOTE: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf + NOTE: https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/ + NOTE: Neutralised by kernel hardening (fs.protected_hardlinks = 1) +CVE-2021-28830 (The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R component ...) + NOT-FOR-US: TIBCO +CVE-2021-28829 (The Administration GUI component of TIBCO Software Inc.'s TIBCO Admini ...) + NOT-FOR-US: TIBCO +CVE-2021-28828 (The Administration GUI component of TIBCO Software Inc.'s TIBCO Admini ...) + NOT-FOR-US: TIBCO +CVE-2021-28827 (The Administration GUI component of TIBCO Software Inc.'s TIBCO Admini ...) + NOT-FOR-US: TIBCO +CVE-2021-28826 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Mess ...) + NOT-FOR-US: TIBCO +CVE-2021-28825 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Mess ...) + NOT-FOR-US: TIBCO +CVE-2021-28824 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Acti ...) + NOT-FOR-US: TIBCO +CVE-2021-28823 (The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL ...) + NOT-FOR-US: TIBCO +CVE-2021-28822 (The Enterprise Message Service Server (tibemsd), Enterprise Message Se ...) + NOT-FOR-US: TIBCO +CVE-2021-28821 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Ente ...) + NOT-FOR-US: TIBCO +CVE-2021-28820 (The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API ...) + NOT-FOR-US: TIBCO +CVE-2021-28819 (The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL ...) + NOT-FOR-US: TIBCO +CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon ...) + NOT-FOR-US: TIBCO +CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Rend ...) + NOT-FOR-US: TIBCO +CVE-2021-28816 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-28815 (Insecure storage of sensitive information has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...) + NOT-FOR-US: QNAP +CVE-2021-28813 (A vulnerability involving insecure storage of sensitive information ha ...) + NOT-FOR-US: QNAP +CVE-2021-28812 (A command injection vulnerability has been reported to affect certain ...) + NOT-FOR-US: QNAP +CVE-2021-28811 (If exploited, this command injection vulnerability could allow remote ...) + NOT-FOR-US: QNAP +CVE-2021-28810 (If exploited, this vulnerability allows an attacker to access resource ...) + NOT-FOR-US: QNAP +CVE-2021-28809 (An improper access control vulnerability has been reported to affect c ...) + NOT-FOR-US: QNAP +CVE-2021-28808 + RESERVED +CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been reported to ...) + NOT-FOR-US: QNAP +CVE-2021-28806 (A DOM-based XSS vulnerability has been reported to affect QNAP NAS run ...) + NOT-FOR-US: QNAP +CVE-2021-28805 (Inclusion of sensitive information in the source code has been reporte ...) + NOT-FOR-US: QNAP +CVE-2021-28804 (A command injection vulnerabilities have been reported to affect QTS a ...) + NOT-FOR-US: QNAP +CVE-2021-28803 (This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11. ...) + NOT-FOR-US: QNAP +CVE-2021-28802 (A command injection vulnerabilities have been reported to affect QTS a ...) + NOT-FOR-US: QNAP +CVE-2021-28801 (An out-of-bounds read vulnerability has been reported to affect certai ...) + NOT-FOR-US: QNAP +CVE-2021-28800 (A command injection vulnerability has been reported to affect QNAP NAS ...) + NOT-FOR-US: QNAP +CVE-2021-28799 (An improper authorization vulnerability has been reported to affect QN ...) + NOT-FOR-US: QNAP +CVE-2021-28798 (A relative path traversal vulnerability has been reported to affect QN ...) + NOT-FOR-US: QNAP +CVE-2021-28797 (A stack-based buffer overflow vulnerability has been reported to affec ...) + NOT-FOR-US: QNAP NAS devices +CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. ...) + NOT-FOR-US: Increments Qiita::Markdown +CVE-2021-28795 + RESERVED +CVE-2021-28794 (The unofficial ShellCheck extension before 0.13.4 for Visual Studio Co ...) + NOT-FOR-US: ShellCheck extension for Visual Studio Code +CVE-2021-28793 (vscode-restructuredtext before 146.0.0 contains an incorrect access co ...) + NOT-FOR-US: vscode-restructuredtext +CVE-2021-28792 (The unofficial Swift Development Environment extension before 2.12.1 f ...) + NOT-FOR-US: Swift Development Environment extension for Visual Studio Code +CVE-2021-28791 (The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Co ...) + NOT-FOR-US: SwiftFormat extension for Visual Studio Code +CVE-2021-28790 (The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code ...) + NOT-FOR-US: SwiftLint extension for Visual Studio Code +CVE-2021-28789 (The unofficial apple/swift-format extension before 1.1.2 for Visual St ...) + NOT-FOR-US: apple/swift-format extension for Visual Studio Code +CVE-2021-28788 + RESERVED +CVE-2021-28787 + RESERVED +CVE-2021-28786 + RESERVED +CVE-2021-28785 + RESERVED +CVE-2021-28784 + RESERVED +CVE-2021-28783 + RESERVED +CVE-2021-28782 + RESERVED +CVE-2021-28781 + RESERVED +CVE-2021-28780 + RESERVED +CVE-2021-28779 + RESERVED +CVE-2021-28778 + RESERVED +CVE-2021-28777 + RESERVED +CVE-2021-28776 + RESERVED +CVE-2021-28775 + RESERVED +CVE-2021-28774 + RESERVED +CVE-2021-28773 + RESERVED +CVE-2021-28772 + RESERVED +CVE-2021-28771 + RESERVED +CVE-2021-28770 + RESERVED +CVE-2021-28769 + RESERVED +CVE-2021-28768 + RESERVED +CVE-2021-28767 + RESERVED +CVE-2021-28766 + RESERVED +CVE-2021-28765 + RESERVED +CVE-2021-28764 + RESERVED +CVE-2021-28763 + RESERVED +CVE-2021-28762 + RESERVED +CVE-2021-28761 + RESERVED +CVE-2021-28760 + RESERVED +CVE-2021-28759 + RESERVED +CVE-2021-28758 + RESERVED +CVE-2021-28757 + RESERVED +CVE-2021-28756 + RESERVED +CVE-2021-28755 + RESERVED +CVE-2021-28754 + RESERVED +CVE-2021-28753 + RESERVED +CVE-2021-28752 + RESERVED +CVE-2021-28751 + RESERVED +CVE-2021-28750 + RESERVED +CVE-2021-28749 + RESERVED +CVE-2021-28748 + RESERVED +CVE-2021-28747 + RESERVED +CVE-2021-28746 + RESERVED +CVE-2021-28745 + RESERVED +CVE-2021-28744 + RESERVED +CVE-2021-28743 + RESERVED +CVE-2021-28742 + RESERVED +CVE-2021-28741 + RESERVED +CVE-2021-28740 + RESERVED +CVE-2021-28739 + RESERVED +CVE-2021-28738 + RESERVED +CVE-2021-28737 + RESERVED +CVE-2021-28736 + RESERVED +CVE-2021-28735 + RESERVED +CVE-2021-28734 + RESERVED +CVE-2021-28733 + RESERVED +CVE-2021-28732 + REJECTED +CVE-2021-28731 + RESERVED +CVE-2021-28730 + RESERVED +CVE-2021-28729 + RESERVED +CVE-2021-28728 + RESERVED +CVE-2021-28727 + RESERVED +CVE-2021-28726 + RESERVED +CVE-2021-28725 + RESERVED +CVE-2021-28724 + RESERVED +CVE-2021-28723 + RESERVED +CVE-2021-28722 + RESERVED +CVE-2021-28721 + RESERVED +CVE-2021-28720 + RESERVED +CVE-2021-28719 + RESERVED +CVE-2021-28718 + RESERVED +CVE-2021-28717 + RESERVED +CVE-2021-28716 + RESERVED +CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...) + {DSA-5050-1} + - linux 5.15.15-1 + NOTE: https://xenbits.xen.org/xsa/advisory-392.html +CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...) + {DSA-5050-1} + - linux 5.15.15-1 + NOTE: https://xenbits.xen.org/xsa/advisory-392.html +CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...) + {DSA-5050-1} + - linux 5.15.15-1 + NOTE: https://xenbits.xen.org/xsa/advisory-391.html +CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency events T[his ...) + {DSA-5050-1} + - linux 5.15.15-1 + NOTE: https://xenbits.xen.org/xsa/advisory-391.html +CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency events T[his ...) + {DSA-5050-1} + - linux 5.15.15-1 + NOTE: https://xenbits.xen.org/xsa/advisory-391.html +CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For efficie ...) + - xen <not-affected> (Only affects 4.15 series) + NOTE: https://www.openwall.com/lists/oss-security/2021/11/19/9 + NOTE: https://xenbits.xen.org/xsa/advisory-390.html +CVE-2021-28709 (issues with partially successful P2M updates on x86 T[his CNA informat ...) + {DSA-5017-1} + - xen 4.14.3+32-g9de3671772-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-389.html +CVE-2021-28708 (PoD operations on misaligned GFNs T[his CNA information record relates ...) + {DSA-5017-1} + - xen 4.14.3+32-g9de3671772-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-388.html +CVE-2021-28707 (PoD operations on misaligned GFNs T[his CNA information record relates ...) + {DSA-5017-1} + - xen 4.14.3+32-g9de3671772-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-388.html +CVE-2021-28706 (guests may exceed their designated memory limit When a guest is permit ...) + {DSA-5017-1} + - xen 4.14.3+32-g9de3671772-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-385.html +CVE-2021-28705 (issues with partially successful P2M updates on x86 T[his CNA informat ...) + {DSA-5017-1} + - xen 4.14.3+32-g9de3671772-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-389.html +CVE-2021-28704 (PoD operations on misaligned GFNs T[his CNA information record relates ...) + {DSA-5017-1} + - xen 4.14.3+32-g9de3671772-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-388.html +CVE-2021-28703 (grant table v2 status pages may remain accessible after de-allocation ...) + - xen 4.14.0+80-gd101b417b7-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-387.html + NOTE: Fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches + NOTE: as a prerequisite of the fix for XSA-378. 4.14.0-1~exp1 was the first version in + NOTE: Debian including the fix. + NOTE: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e (4.14.0-rc1) +CVE-2021-28702 (PCI devices with RMRRs not deassigned correctly Certain PCI devices in ...) + {DSA-5017-1} + - xen 4.14.3+32-g9de3671772-1 + [buster] - xen <not-affected> (Vulnerable code introduced later) + [stretch] - xen <not-affected> (Vulnerable code introduced later) + NOTE: https://xenbits.xen.org/xsa/advisory-386.html +CVE-2021-28701 (Another race in XENMAPSPACE_grant_table handling Guests are permitted ...) + {DSA-4977-1} + - xen 4.14.3-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-384.html +CVE-2021-28700 (xen/arm: No memory limit for dom0less domUs The dom0less feature allow ...) + {DSA-4977-1} + - xen 4.14.3-1 + [buster] - xen <not-affected> (Only affects 4.12 and later) + [stretch] - xen <not-affected> (Only affects 4.12 and later) + NOTE: https://xenbits.xen.org/xsa/advisory-383.html +CVE-2021-28699 (inadequate grant-v2 status frames array bounds check The v2 grant tabl ...) + {DSA-4977-1} + - xen 4.14.3-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <not-affected> (Only affects 4.10 and later) + NOTE: https://xenbits.xen.org/xsa/advisory-382.html +CVE-2021-28698 (long running loops in grant table handling In order to properly monito ...) + {DSA-4977-1} + - xen 4.14.3-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-380.html +CVE-2021-28697 (grant table v2 status pages may remain accessible after de-allocation ...) + {DSA-4977-1} + - xen 4.14.3-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-379.html +CVE-2021-28696 (IOMMU page mapping issues on x86 T[his CNA information record relates ...) + {DSA-4977-1} + - xen 4.14.3-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-378.html +CVE-2021-28695 (IOMMU page mapping issues on x86 T[his CNA information record relates ...) + {DSA-4977-1} + - xen 4.14.3-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-378.html +CVE-2021-28694 (IOMMU page mapping issues on x86 T[his CNA information record relates ...) + {DSA-4977-1} + - xen 4.14.3-1 + [buster] - xen <end-of-life> (DSA 4677-1) + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-378.html +CVE-2021-28693 (xen/arm: Boot modules are not scrubbed The bootloader will load boot m ...) + - xen 4.14.2+25-gb6a8c4f72d-1 + [buster] - xen <not-affected> (Only affects 4.12 and later) + [stretch] - xen <not-affected> (Only affects 4.12 and later) + NOTE: https://xenbits.xen.org/xsa/advisory-372.html +CVE-2021-28692 (inappropriate x86 IOMMU timeout detection / handling IOMMUs process co ...) + {DSA-4931-1} + - xen 4.14.2+25-gb6a8c4f72d-1 + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-373.html +CVE-2021-28691 (Guest triggered use-after-free in Linux xen-netback A malicious or bug ...) + - linux 5.10.46-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://xenbits.xen.org/xsa/advisory-374.html +CVE-2021-28690 (x86: TSX Async Abort protections not restored after S3 This issue rela ...) + {DSA-4931-1} + - xen 4.14.2+25-gb6a8c4f72d-1 + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-377.html +CVE-2021-28689 (x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests ...) + - xen <unfixed> (unimportant) + NOTE: https://xenbits.xen.org/xsa/advisory-370.html + NOTE: Unfixable design/architecture limitation, no fix planned +CVE-2021-28688 (The fix for XSA-365 includes initialization of pointers such that subs ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.28-1 + [buster] - linux 4.19.194-1 + NOTE: https://xenbits.xen.org/xsa/advisory-371.html + NOTE: https://git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432 +CVE-2021-28686 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...) + NOT-FOR-US: ASUS +CVE-2021-28685 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...) + NOT-FOR-US: ASUS +CVE-2021-28684 (The XML parser used in ConeXware PowerArchiver before 20.10.02 allows ...) + NOT-FOR-US: ConeXware PowerArchiver +CVE-2021-28683 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...) + - envoyproxy <itp> (bug #987544) +CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...) + - envoyproxy <itp> (bug #987544) +CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...) + NOT-FOR-US: Pion WebRTC +CVE-2021-28680 (The devise_masquerade gem before 1.3 allows certain attacks when a pas ...) + NOT-FOR-US: devise_masquerade +CVE-2021-28679 + RESERVED +CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...) + [experimental] - pillow 8.2.0-1 + - pillow 8.1.2+dfsg-0.2 (bug #989062) + [buster] - pillow <no-dsa> (Minor issue) + [stretch] - pillow <not-affected> (Vulnerable code introduced later) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos + NOTE: https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1 +CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, the read ...) + {DLA-2716-1} + [experimental] - pillow 8.2.0-1 + - pillow 8.1.2+dfsg-0.2 (bug #989062) + [buster] - pillow <no-dsa> (Minor issue) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open + NOTE: https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92 +CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecod ...) + {DLA-2716-1} + [experimental] - pillow 8.2.0-1 + - pillow 8.1.2+dfsg-0.2 (bug #989062) + [buster] - pillow <ignored> (Minor issue) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos + NOTE: https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856 +CVE-2021-28675 (An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImag ...) + [experimental] - pillow 8.2.0-1 + - pillow 8.1.2+dfsg-0.2 (bug #989062) + [buster] - pillow <ignored> (Minor issue) + [stretch] - pillow <ignored> (Minor issue, too intrusive to backport) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin + NOTE: https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497 +CVE-2021-28674 (The node management page in SolarWinds Orion Platform before 2020.2.5 ...) + NOT-FOR-US: SolarWinds +CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...) + NOT-FOR-US: Xerox +CVE-2021-28672 (Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 65 ...) + NOT-FOR-US: Xerox +CVE-2021-28671 (Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 65 ...) + NOT-FOR-US: Xerox +CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 befor ...) + NOT-FOR-US: Xerox +CVE-2021-28669 (Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103. ...) + NOT-FOR-US: Xerox +CVE-2021-28668 (Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103. ...) + NOT-FOR-US: Xerox +CVE-2021-28667 (StackStorm before 3.4.1, in some situations, has an infinite loop that ...) + NOT-FOR-US: StackStorm +CVE-2021-28666 + RESERVED +CVE-2021-28665 (Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a me ...) + NOT-FOR-US: Stormshield SNS +CVE-2021-28664 (The Arm Mali GPU kernel driver allows privilege escalation or a denial ...) + NOT-FOR-US: ARM components for Android +CVE-2021-28663 (The Arm Mali GPU kernel driver allows privilege escalation or informat ...) + NOT-FOR-US: ARM components for Android +CVE-2021-28662 (An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. ...) + {DSA-4924-1} + - squid 4.13-10 (bug #988891) + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch +CVE-2021-28661 (Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x thr ...) + NOT-FOR-US: ilverStripe GraphQL Server +CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted renegoti ...) + {DSA-4875-1} + - openssl 1.1.1k-1 + [stretch] - openssl <not-affected> (Vulnerable code introduced later) + - openssl1.0 <not-affected> (Vulnerability does not impact 1.0.2 series) + NOTE: https://www.openssl.org/news/secadv/20210325.txt + NOTE: Introduced by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c589c34e619c8700ab16b152dd9c8ee58356b319 (OpenSSL_1_1_1-pre1) + NOTE: Prerequisite: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=46d81bcabe2d36055bdd37079ed6acf976d967a7 + NOTE: Prerequisite (test): https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3ff38629a2df6635f36bfb79513cc6440db8cd70 + NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb9fa6b51defd48157eeb207f52181f735d96148 (OpenSSL_1_1_1k) + NOTE: Followup: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d33c2a3d8453a75509bcc8d2cf7d2dc2a3a518d0 +CVE-2021-28687 (HVM soft-reset crashes toolstack libxl requires all data structures pa ...) + - xen 4.14.2+25-gb6a8c4f72d-1 + [buster] - xen <not-affected> (Vulnerable code introduced later) + [stretch] - xen <not-affected> (Vulnerable code introduced later) + NOTE: https://xenbits.xen.org/xsa/advisory-368.html +CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in t ...) + {DLA-2689-1 DLA-2610-1} + - linux 5.10.24-1 + [buster] - linux 4.19.181-1 + NOTE: https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7 +CVE-2021-28659 + RESERVED +CVE-2021-28658 (In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, ...) + {DLA-2622-1} + - python-django 2:2.2.20-1 (bug #986447) + [buster] - python-django <no-dsa> (Minor issue; can be fixed via point release) + NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/ + NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main) + NOTE: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 (2.2.20) +CVE-2021-28657 (A carefully crafted or corrupt file may trigger an infinite loop in Ti ...) + - tika <unfixed> (bug #986805) + [bullseye] - tika <no-dsa> (Minor issue) + [buster] - tika <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/03/30/3 +CVE-2021-28656 + RESERVED +CVE-2021-28655 + RESERVED +CVE-2021-28654 + RESERVED +CVE-2021-28653 (The iOS and macOS apps before 1.4.1 for the Western Digital G-Technolo ...) + NOT-FOR-US: iOS and macOS apps for the Western Digital G-Technology ArmorLock NVMe SSD +CVE-2021-28652 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) + {DSA-4924-1 DLA-2685-1} + - squid 4.13-10 (bug #988892) + - squid3 <removed> + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447 + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-0003e3518dc95e4b5ab46b5140af79b22253048e.patch +CVE-2021-28651 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) + {DSA-4924-1 DLA-2685-1} + - squid 4.13-10 (bug #988893) + - squid3 <removed> + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4 + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-a975fd5aedc866629214aaaccb38376855351899.patch +CVE-2021-28963 (Shibboleth Service Provider before 3.2.1 allows content injection beca ...) + {DSA-4872-1 DLA-2599-1} + - shibboleth-sp 3.2.1+dfsg1-1 (bug #985405) + - shibboleth-sp2 <removed> + NOTE: https://shibboleth.net/community/advisories/secadv_20210317.txt + NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-922 + NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 +CVE-2021-3448 (A flaw was found in dnsmasq in versions before 2.85. When configured t ...) + - dnsmasq 2.85-1 + [buster] - dnsmasq <postponed> (Revisit once upstream has backported to 2.80) + [stretch] - dnsmasq <postponed> (Probably easier to base the patch on a backported version) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939368 + NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2 +CVE-2021-3447 (A flaw was found in several ansible modules, where parameters containi ...) + - ansible <undetermined> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939349 + NOTE: check, details on upstream status not yet clear +CVE-2021-3446 (A flaw was found in libtpms in versions before 0.8.2. The commonly use ...) + - libtpms 0.8.2-1 (bug #986799) + NOTE: https://github.com/stefanberger/libtpms/commit/32c159ab53db703749a8f90430cdc7b20b00975e +CVE-2021-28650 (autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOM ...) + [experimental] - gnome-autoar 0.3.1-1 + - gnome-autoar 0.4.0-1 (bug #985391) + [bullseye] - gnome-autoar <no-dsa> (Minor issue) + [buster] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied) + [stretch] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied) + NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/12 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4 + NOTE: Issue exists because of an incomplete fix for CVE-2020-36241. + NOTE: Two followup/regression patches: + NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/135053d5d3a0320891cf2e2ad4684b648bb46fc8 + NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/b9590ab77b70e74e9deffd2af6c32908dc3c5aaf +CVE-2021-28649 (An incorrect permission vulnerability in the product installer for Tre ...) + NOT-FOR-US: Trend Micro +CVE-2021-28648 (Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vu ...) + NOT-FOR-US: Trend Micro +CVE-2021-28647 (Trend Micro Password Manager version 5 (Consumer) is vulnerable to a D ...) + NOT-FOR-US: Trend Micro +CVE-2021-28646 (An insecure file permissions vulnerability in Trend Micro Apex One, Ap ...) + NOT-FOR-US: Trend Micro +CVE-2021-28645 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...) + NOT-FOR-US: Trend Micro +CVE-2021-3445 (A flaw was found in libdnf's signature verification functionality in v ...) + - libdnf 0.55.2-6 (bug #986802) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932079 + NOTE: https://github.com/rpm-software-management/libdnf/commit/930f2582f91077b3f338b84cf9567559d52713de +CVE-2021-28644 + RESERVED +CVE-2021-28643 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-28642 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-28641 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-28640 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-28639 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-28638 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-28637 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-28636 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-28635 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-28634 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-28633 (Adobe Creative Cloud Desktop Application (installer) version 2.4 (and ...) + NOT-FOR-US: Adobe +CVE-2021-28632 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28631 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28630 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-28629 (Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based ...) + NOT-FOR-US: Adobe +CVE-2021-28628 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...) + NOT-FOR-US: Adobe +CVE-2021-28627 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...) + NOT-FOR-US: Adobe +CVE-2021-28626 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...) + NOT-FOR-US: Adobe +CVE-2021-28625 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...) + NOT-FOR-US: Adobe +CVE-2021-28624 (Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based ...) + NOT-FOR-US: Adobe +CVE-2021-28623 (Adobe Premiere Elements version 5.2 (and earlier) is affected by an in ...) + NOT-FOR-US: Adobe +CVE-2021-28622 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-28621 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-28620 (Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based ...) + NOT-FOR-US: Adobe +CVE-2021-28619 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-28618 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-28617 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-28616 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...) + NOT-FOR-US: Adobe +CVE-2021-28615 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...) + NOT-FOR-US: Adobe +CVE-2021-28614 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...) + NOT-FOR-US: Adobe +CVE-2021-28613 (Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is ...) + NOT-FOR-US: Adobe +CVE-2021-28612 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...) + NOT-FOR-US: Adobe +CVE-2021-28611 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...) + NOT-FOR-US: Adobe +CVE-2021-28610 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...) + NOT-FOR-US: Adobe +CVE-2021-28609 (Adobe After Effects version 18.2 (and earlier) is affected by an Out-o ...) + NOT-FOR-US: Adobe +CVE-2021-28608 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...) + NOT-FOR-US: Adobe +CVE-2021-28607 (Adobe After Effects version 18.2 (and earlier) is affected by a heap c ...) + NOT-FOR-US: Adobe +CVE-2021-28606 (Adobe After Effects version 18.2 (and earlier) is affected by a Stack- ...) + NOT-FOR-US: Adobe +CVE-2021-28605 (Adobe After Effects version 18.2 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-28604 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...) + NOT-FOR-US: Adobe +CVE-2021-28603 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...) + NOT-FOR-US: Adobe +CVE-2021-28602 (Adobe After Effects version 18.2 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-28601 (Adobe After Effects version 18.2 (and earlier) is affected by a Null p ...) + NOT-FOR-US: Adobe +CVE-2021-28600 (Adobe After Effects version 18.2 (and earlier) is affected by an Out-o ...) + NOT-FOR-US: Adobe +CVE-2021-28599 + RESERVED +CVE-2021-28598 + RESERVED +CVE-2021-28597 (Adobe Photoshop Elements version 5.2 (and earlier) is affected by an i ...) + NOT-FOR-US: Adobe +CVE-2021-28596 (Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earl ...) + NOT-FOR-US: Adobe +CVE-2021-28595 (Adobe Dimension version 3.4 (and earlier) is affected by an Uncontroll ...) + NOT-FOR-US: Adobe +CVE-2021-28594 (Adobe Creative Cloud Desktop Application (installer) version 2.4 (and ...) + NOT-FOR-US: Adobe +CVE-2021-28593 (Adobe Illustrator version 25.2.3 (and earlier) is affected by a Use Af ...) + NOT-FOR-US: Adobe +CVE-2021-28592 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-o ...) + NOT-FOR-US: Adobe +CVE-2021-28591 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-o ...) + NOT-FOR-US: Adobe +CVE-2021-28590 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...) + NOT-FOR-US: Adobe +CVE-2021-28589 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...) + NOT-FOR-US: Adobe +CVE-2021-28588 (Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2021-28587 (After Effects versions 18.0 (and earlier) are affected by an out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-28586 (After Effects version 18.0 (and earlier) are affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-28585 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-28584 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-28583 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-28582 + RESERVED +CVE-2021-28581 (Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncon ...) + NOT-FOR-US: Adobe +CVE-2021-28580 (Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffe ...) + NOT-FOR-US: Adobe +CVE-2021-28579 (Adobe Connect version 11.2.1 (and earlier) is affected by an Improper ...) + NOT-FOR-US: Adobe +CVE-2021-28578 + RESERVED +CVE-2021-28577 + RESERVED +CVE-2021-28576 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-28575 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-28574 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-28573 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-28572 + RESERVED +CVE-2021-28571 (Adobe After Effects version 18.1 (and earlier) is affected by a potent ...) + NOT-FOR-US: Adobe +CVE-2021-28570 (Adobe After Effects version 18.1 (and earlier) is affected by an Uncon ...) + NOT-FOR-US: Adobe +CVE-2021-28569 (Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-o ...) + NOT-FOR-US: Adobe +CVE-2021-28568 (Adobe Genuine Services version 7.1 (and earlier) is affected by an Ins ...) + NOT-FOR-US: Adobe +CVE-2021-28567 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-28566 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-28565 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28564 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28563 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-28562 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28561 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28560 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28559 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28558 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28557 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28556 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-28555 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28554 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28553 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28552 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28551 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28550 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28549 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2021-28548 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2021-28547 (Adobe Creative Cloud Desktop Application for macOS version 5.3 (and ea ...) + NOT-FOR-US: Adobe +CVE-2021-28546 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28545 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-28544 + RESERVED +CVE-2021-28543 (Varnish varnish-modules before 0.17.1 allows remote attackers to cause ...) + - varnish-modules <not-affected> (Vulnerable code ot present; bug #985947) + NOTE: https://varnish-cache.org/security/VSV00006.html + NOTE: Fixed by: https://github.com/varnish/varnish-modules/commit/2c120e576ebb73bc247790184702ba58dc0afc39 (0.18.0) + NOTE: Fixed by: https://github.com/varnish/varnish-modules/commit/71a1f1383158cc1c1cb3ab2b4d3ff93b044902f5 (0.17.1) + NOTE: Introduced by: https://github.com/varnish/varnish-modules/commit/b4d5927a2fbba31b1213225138f8432572414a24 (0.17.0) +CVE-2021-28542 + RESERVED +CVE-2021-28541 + RESERVED +CVE-2021-28540 + RESERVED +CVE-2021-28539 + RESERVED +CVE-2021-28538 + RESERVED +CVE-2021-28537 + RESERVED +CVE-2021-28536 + RESERVED +CVE-2021-28535 + RESERVED +CVE-2021-28534 + RESERVED +CVE-2021-28533 + RESERVED +CVE-2021-28532 + RESERVED +CVE-2021-28531 + RESERVED +CVE-2021-28530 + RESERVED +CVE-2021-28529 + RESERVED +CVE-2021-28528 + RESERVED +CVE-2021-28527 + RESERVED +CVE-2021-28526 + RESERVED +CVE-2021-28525 + RESERVED +CVE-2021-28524 + RESERVED +CVE-2021-28523 + RESERVED +CVE-2021-28522 + RESERVED +CVE-2021-28521 + RESERVED +CVE-2021-28520 + RESERVED +CVE-2021-28519 + RESERVED +CVE-2021-28518 + RESERVED +CVE-2021-28517 + RESERVED +CVE-2021-28516 + RESERVED +CVE-2021-28515 + RESERVED +CVE-2021-28514 + RESERVED +CVE-2021-28513 + RESERVED +CVE-2021-28512 + RESERVED +CVE-2021-28511 + RESERVED +CVE-2021-28510 + RESERVED +CVE-2021-28509 + RESERVED +CVE-2021-28508 + RESERVED +CVE-2021-28507 (An issue has recently been discovered in Arista EOS where, under certa ...) + NOT-FOR-US: Arista +CVE-2021-28506 (An issue has recently been discovered in Arista EOS where certain gNOI ...) + NOT-FOR-US: Arista +CVE-2021-28505 + RESERVED +CVE-2021-28504 + RESERVED +CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may skip re ...) + NOT-FOR-US: Arista +CVE-2021-28502 + RESERVED +CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the incorrec ...) + NOT-FOR-US: Arista +CVE-2021-28500 (An issue has recently been discovered in Arista EOS where the incorrec ...) + NOT-FOR-US: Arista +CVE-2021-28499 (In Arista's MOS (Metamako Operating System) software which is supporte ...) + NOT-FOR-US: Arista +CVE-2021-28498 (In Arista's MOS (Metamako Operating System) software which is supporte ...) + NOT-FOR-US: Arista +CVE-2021-28497 (In Arista's MOS (Metamako Operating System) software which is supporte ...) + NOT-FOR-US: Arista +CVE-2021-28496 (On systems running Arista EOS and CloudEOS with the affected release v ...) + NOT-FOR-US: Arista +CVE-2021-28495 (In Arista's MOS (Metamako Operating System) software which is supporte ...) + NOT-FOR-US: Arista +CVE-2021-28494 (In Arista's MOS (Metamako Operating System) software which is supporte ...) + NOT-FOR-US: Arista +CVE-2021-28493 (In Arista's MOS (Metamako Operating System) software which is supporte ...) + NOT-FOR-US: Arista +CVE-2021-3444 (The bpf verifier in the Linux kernel did not properly handle mod32 des ...) + {DLA-2785-1} + - linux 5.10.19-1 + [buster] - linux 4.19.208-1 + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/9b00f1b78809309163dda2d044d9e94a3c0248a3 + NOTE: https://www.openwall.com/lists/oss-security/2021/03/23/2 +CVE-2021-28492 (Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, an ...) + NOT-FOR-US: Unisys Stealth +CVE-2021-28491 + RESERVED +CVE-2021-28490 (In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cook ...) + NOT-FOR-US: OWASP CSRFGuard +CVE-2021-28489 + RESERVED +CVE-2021-28488 + RESERVED +CVE-2021-28487 + RESERVED +CVE-2021-28486 + RESERVED +CVE-2021-28485 + RESERVED +CVE-2021-28484 (An issue was discovered in the /api/connector endpoint handler in Yubi ...) + NOT-FOR-US: yubihsm-connector +CVE-2021-3443 (A NULL pointer dereference flaw was found in the way Jasper versions b ...) + - jasper <removed> + NOTE: https://github.com/jasper-software/jasper/issues/269 + NOTE: https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b +CVE-2021-3442 + RESERVED + NOT-FOR-US: Red Hat OpenShift API Management +CVE-2021-28483 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-28482 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-28481 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-28480 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-28479 (Windows CSC Service Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28478 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-28477 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-28476 (Hyper-V Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28475 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-28474 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28473 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-28472 (Visual Studio Code Maven for Java Extension Remote Code Execution Vuln ...) + NOT-FOR-US: Microsoft +CVE-2021-28471 (Remote Development Extension for Visual Studio Code Remote Code Execut ...) + NOT-FOR-US: Microsoft +CVE-2021-28470 (Visual Studio Code GitHub Pull Requests and Issues Extension Remote Co ...) + NOT-FOR-US: Microsoft +CVE-2021-28469 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-28468 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-28467 + RESERVED +CVE-2021-28466 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-28465 (Web Media Extensions Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28464 (VP9 Video Extensions Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28463 + RESERVED +CVE-2021-28462 + RESERVED +CVE-2021-28461 (Dynamics Finance and Operations Cross-site Scripting Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28460 (Azure Sphere Unsigned Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28459 (Azure DevOps Server Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28458 (Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28457 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-28456 (Microsoft Excel Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28455 (Microsoft Jet Red Database Engine and Access Connectivity Engine Remot ...) + NOT-FOR-US: Microsoft +CVE-2021-28454 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-28453 (Microsoft Word Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28452 (Microsoft Outlook Memory Corruption Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28451 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-28450 (Microsoft SharePoint Denial of Service Update ...) + NOT-FOR-US: Microsoft +CVE-2021-28449 (Microsoft Office Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28448 (Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-28447 (Windows Early Launch Antimalware Driver Security Feature Bypass Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-28446 (Windows Portmapping Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28445 (Windows Network File System Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28444 (Windows Hyper-V Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28443 (Windows Console Driver Denial of Service Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-28442 (Windows TCP/IP Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28441 (Windows Hyper-V Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28440 (Windows Installer Elevation of Privilege Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-28439 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...) + NOT-FOR-US: Microsoft +CVE-2021-28438 (Windows Console Driver Denial of Service Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-28437 (Windows Installer Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28436 (Windows Speech Runtime Elevation of Privilege Vulnerability This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2021-28435 (Windows Event Tracing Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28434 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28433 + RESERVED +CVE-2021-28432 + RESERVED +CVE-2021-28431 + RESERVED +CVE-2021-28430 + RESERVED +CVE-2021-28429 + RESERVED +CVE-2021-28428 + RESERVED +CVE-2021-28427 + RESERVED +CVE-2021-28426 + RESERVED +CVE-2021-28425 + RESERVED +CVE-2021-28424 (A stored cross-site scripting (XSS) vulnerability in Teachers Record M ...) + NOT-FOR-US: Teachers Record Management +CVE-2021-28423 (Multiple SQL Injection vulnerabilities in Teachers Record Management S ...) + NOT-FOR-US: Teachers Record Management +CVE-2021-28422 + RESERVED +CVE-2021-28421 + REJECTED +CVE-2021-28420 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...) + NOT-FOR-US: Seo Panel +CVE-2021-28419 (The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnera ...) + NOT-FOR-US: Seo Panel +CVE-2021-28418 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...) + NOT-FOR-US: Seo Panel +CVE-2021-28417 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...) + NOT-FOR-US: Seo Panel +CVE-2021-28416 + RESERVED +CVE-2021-28415 + RESERVED +CVE-2021-28414 + RESERVED +CVE-2021-28413 + RESERVED +CVE-2021-28412 + RESERVED +CVE-2021-28411 + RESERVED +CVE-2021-28410 + RESERVED +CVE-2021-28409 + RESERVED +CVE-2021-28408 + RESERVED +CVE-2021-28407 + RESERVED +CVE-2021-28406 + RESERVED +CVE-2021-28405 + RESERVED +CVE-2021-28404 + RESERVED +CVE-2021-28403 + RESERVED +CVE-2021-28402 + RESERVED +CVE-2021-28401 + RESERVED +CVE-2021-28400 + RESERVED +CVE-2021-28399 (OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid us ...) + NOT-FOR-US: OrangeHRM +CVE-2021-28398 + RESERVED +CVE-2021-28397 + RESERVED +CVE-2021-28396 + RESERVED +CVE-2021-28395 + RESERVED +CVE-2021-28394 + RESERVED +CVE-2021-28393 + RESERVED +CVE-2021-28392 + RESERVED +CVE-2021-28391 + RESERVED +CVE-2021-28390 + RESERVED +CVE-2021-28389 + RESERVED +CVE-2021-28388 + RESERVED +CVE-2021-28387 + RESERVED +CVE-2021-28386 + RESERVED +CVE-2021-28385 + RESERVED +CVE-2021-28384 + RESERVED +CVE-2021-28383 + RESERVED +CVE-2021-28382 (Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on th ...) + NOT-FOR-US: Zoho +CVE-2021-28381 (The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 ...) + NOT-FOR-US: vhs (aka VHS: Fluid ViewHelpers) extension for TYPO3 +CVE-2021-28380 (The aimeos (aka Aimeos shop and e-commerce framework) extension before ...) + NOT-FOR-US: aimeos (aka Aimeos shop and e-commerce framework) extension for TYPO3 +CVE-2021-28379 (web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) thro ...) + NOT-FOR-US: Vesta Control Panel +CVE-2021-28378 (Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue dat ...) + - gitea <removed> +CVE-2021-28377 (ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary fi ...) + NOT-FOR-US: ChronoForums +CVE-2021-28376 (ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary f ...) + NOT-FOR-US: ChronoForums +CVE-2021-28373 (The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03- ...) + - tt-rss <not-affected> (Vulnerable code introduced later) + NOTE: https://community.tt-rss.org/t/check-password-not-called-if-otp-is-enabled-update-asap-if-youre-using-2fa/4502 + NOTE: Introduced by: https://git.tt-rss.org/fox/tt-rss/commit/3fd785654372d493c031d9b541ab33a881023a32 + NOTE: Fixed by: https://git.tt-rss.org/fox/tt-rss/commit/4949e1a59059d9e72ba7a98f783cec312c06c6d2 +CVE-2021-28372 (ThroughTek's Kalay Platform 2.0 network allows an attacker to imperson ...) + NOT-FOR-US: ThroughTek +CVE-2021-28371 + RESERVED +CVE-2021-28370 + RESERVED +CVE-2021-28369 + RESERVED +CVE-2021-28368 + RESERVED +CVE-2021-28367 + RESERVED +CVE-2021-28366 + RESERVED +CVE-2021-28365 + RESERVED +CVE-2021-28364 + RESERVED +CVE-2021-28363 (The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certific ...) + - python-urllib3 1.26.4-1 + [buster] - python-urllib3 <not-affected> (Vulnerable code introduced later) + [stretch] - python-urllib3 <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r + NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0 (1.26.4) + NOTE: Support for HTTPS request via HTTPS proxies only introduced in 1.26.0. + NOTE: In Debian urllib3 does require SSL certificate validation by default (since 1.3-3) + NOTE: with the 02_require-cert-verification.patch patch (Cf. #686872). +CVE-2021-28362 (An issue was discovered in Contiki through 3.0. When sending an ICMPv6 ...) + NOT-FOR-US: Contiki +CVE-2021-28361 (An issue was discovered in Storage Performance Development Kit (SPDK) ...) + NOT-FOR-US: Storage Performance Development Kit +CVE-2021-28360 + RESERVED +CVE-2021-28359 (The "origin" parameter passed to some of the endpoints like '/trigger' ...) + - airflow <itp> (bug #819700) +CVE-2021-28358 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28357 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28356 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28355 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28354 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28353 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28352 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28351 (Windows Speech Runtime Elevation of Privilege Vulnerability This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2021-28350 (Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-28349 (Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-28348 (Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-28347 (Windows Speech Runtime Elevation of Privilege Vulnerability This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2021-28346 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28345 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28344 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28343 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28342 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28341 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28340 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28339 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28338 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28337 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28336 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28335 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28334 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28333 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28332 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28331 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28330 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28329 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28328 (Windows DNS Information Disclosure Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-28327 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-28326 (Windows AppX Deployment Server Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28325 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-28324 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-28323 (Windows DNS Information Disclosure Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-28322 (Diagnostics Hub Standard Collector Service Elevation of Privilege Vuln ...) + NOT-FOR-US: Microsoft +CVE-2021-28321 (Diagnostics Hub Standard Collector Service Elevation of Privilege Vuln ...) + NOT-FOR-US: Microsoft +CVE-2021-28320 (Windows Resource Manager PSM Service Extension Elevation of Privilege ...) + NOT-FOR-US: Microsoft +CVE-2021-28319 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...) + NOT-FOR-US: Microsoft +CVE-2021-28318 (Windows GDI+ Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28317 (Microsoft Windows Codecs Library Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28316 (Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28315 (Windows Media Video Decoder Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-28314 (Windows Hyper-V Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28313 (Diagnostics Hub Standard Collector Service Elevation of Privilege Vuln ...) + NOT-FOR-US: Microsoft +CVE-2021-28312 (Windows NTFS Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-28311 (Windows Application Compatibility Cache Denial of Service Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-28310 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-28309 (Windows Kernel Information Disclosure Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-28308 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...) + NOT-FOR-US: Rust craste fltk +CVE-2021-28307 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...) + NOT-FOR-US: Rust craste fltk +CVE-2021-28306 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...) + NOT-FOR-US: Rust craste fltk +CVE-2021-28305 (An issue was discovered in the diesel crate before 1.4.6 for Rust. The ...) + - rust-diesel <unfixed> (bug #987275) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0037.html +CVE-2021-28304 + RESERVED +CVE-2021-28303 + RESERVED +CVE-2021-28302 (A stack overflow in pupnp before version 1.14.5 can cause the denial o ...) + - pupnp-1.8 <unfixed> (bug #986833) + [bullseye] - pupnp-1.8 <no-dsa> (Minor issue) + [buster] - pupnp-1.8 <no-dsa> (Minor issue) + - libupnp <removed> + [stretch] - libupnp <no-dsa> (Minor issue) + NOTE: https://github.com/pupnp/pupnp/issues/249 +CVE-2021-28301 + RESERVED +CVE-2021-28300 (NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrac ...) + - gpac 1.0.1+dfsg1-4 (bug #987020) + [buster] - gpac <no-dsa> (Minor issue) + [stretch] - gpac <postponed> (Minor issue; can be fixed in next update) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor <no-dsa> (Minor issue) + [buster] - ccextractor <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/1702 + NOTE: https://github.com/gpac/gpac/commit/c4a5109dad73abe25ad12d8d529a728ae98d78ca +CVE-2021-28299 + RESERVED +CVE-2021-28298 + RESERVED +CVE-2021-28297 + RESERVED +CVE-2021-28296 + RESERVED +CVE-2021-28295 (Online Ordering System 1.0 is vulnerable to unauthenticated SQL inject ...) + NOT-FOR-US: Online Ordering System +CVE-2021-28294 (Online Ordering System 1.0 is vulnerable to arbitrary file upload thro ...) + NOT-FOR-US: Online Ordering System +CVE-2021-28293 (Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated ...) + NOT-FOR-US: Seceon aiSIEM +CVE-2021-28292 + RESERVED +CVE-2021-28291 + RESERVED +CVE-2021-28290 + RESERVED +CVE-2021-28289 + RESERVED +CVE-2021-28288 + RESERVED +CVE-2021-28287 + RESERVED +CVE-2021-28286 + RESERVED +CVE-2021-28285 + RESERVED +CVE-2021-28284 + RESERVED +CVE-2021-28283 + RESERVED +CVE-2021-28282 + RESERVED +CVE-2021-28281 + RESERVED +CVE-2021-28280 (CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFu ...) + NOT-FOR-US: PHP-Fusion +CVE-2021-28279 + RESERVED +CVE-2021-28278 + RESERVED +CVE-2021-28277 + RESERVED +CVE-2021-28276 + RESERVED +CVE-2021-28275 + RESERVED +CVE-2021-28274 + RESERVED +CVE-2021-28273 + RESERVED +CVE-2021-28272 + RESERVED +CVE-2021-28271 (Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of ...) + NOT-FOR-US: Soyal Technologies SOYAL 701Server +CVE-2021-28270 + RESERVED +CVE-2021-28269 (Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions ...) + NOT-FOR-US: Soyal Technology 701Client +CVE-2021-28268 + RESERVED +CVE-2021-28267 + RESERVED +CVE-2021-28266 + RESERVED +CVE-2021-28265 + RESERVED +CVE-2021-28264 + RESERVED +CVE-2021-28263 + RESERVED +CVE-2021-28262 + RESERVED +CVE-2021-28261 + RESERVED +CVE-2021-28260 + RESERVED +CVE-2021-28259 + RESERVED +CVE-2021-28258 + RESERVED +CVE-2021-28257 + RESERVED +CVE-2021-28256 + RESERVED +CVE-2021-28255 + RESERVED +CVE-2021-28254 + RESERVED +CVE-2021-28253 + RESERVED +CVE-2021-28252 + RESERVED +CVE-2021-28251 + RESERVED +CVE-2021-28250 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) + NOT-FOR-US: CA eHealth Performance Manager +CVE-2021-28249 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) + NOT-FOR-US: CA eHealth Performance Manager +CVE-2021-28248 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) + NOT-FOR-US: CA eHealth Performance Manager +CVE-2021-28247 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) + NOT-FOR-US: CA eHealth Performance Manager +CVE-2021-28246 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...) + NOT-FOR-US: CA eHealth Performance Manager +CVE-2021-28245 (PbootCMS 3.0.4 contains a SQL injection vulnerability through index.ph ...) + NOT-FOR-US: PbootCMS +CVE-2021-28244 + RESERVED +CVE-2021-28243 + RESERVED +CVE-2021-28242 (SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stab ...) + NOT-FOR-US: b2evolution CMS +CVE-2021-28241 + RESERVED +CVE-2021-28240 + RESERVED +CVE-2021-28239 + RESERVED +CVE-2021-28238 + RESERVED +CVE-2021-28237 (LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via ...) + - libredwg <itp> (bug #595191) +CVE-2021-28236 (LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference ...) + - libredwg <itp> (bug #595191) +CVE-2021-28235 + RESERVED +CVE-2021-28234 + RESERVED +CVE-2021-28233 (Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 v ...) + NOT-FOR-US: ok-file-formats +CVE-2021-28232 + RESERVED +CVE-2021-28231 + RESERVED +CVE-2021-28230 + RESERVED +CVE-2021-28229 + RESERVED +CVE-2021-28228 + RESERVED +CVE-2021-28227 + RESERVED +CVE-2021-28226 + RESERVED +CVE-2021-28225 + RESERVED +CVE-2021-28224 + RESERVED +CVE-2021-28223 + RESERVED +CVE-2021-28222 + RESERVED +CVE-2021-28221 + RESERVED +CVE-2021-28220 + RESERVED +CVE-2021-28219 + RESERVED +CVE-2021-28218 + RESERVED +CVE-2021-28217 + RESERVED +CVE-2021-3441 (A potential security vulnerability has been identified for the HP Offi ...) + NOT-FOR-US: HP +CVE-2021-3440 (HP Print and Scan Doctor, an application within the HP Smart App for W ...) + NOT-FOR-US: HP +CVE-2021-3439 + RESERVED +CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...) + NOT-FOR-US: HP LaserJet products and Samsung product printers +CVE-2021-3437 + RESERVED +CVE-2021-3436 (BT: Possible to overwrite an existing bond during keys distribution ph ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ...) + - edk2 <unfixed> + [bullseye] - edk2 <no-dsa> (Minor issue) + [buster] - edk2 <no-dsa> (Minor issue) + [stretch] - edk2 <no-dsa> (Minor issue) + NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2957 +CVE-2021-28215 + RESERVED +CVE-2021-28214 + RESERVED +CVE-2021-28213 (Example EDK2 encrypted private key in the IpSecDxe.efi present potenti ...) + - edk2 0~20190606.20d2e5a1-2 (bug #989988; unimportant) + NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1866 + NOTE: IpSecDxe code not built. +CVE-2021-28212 + RESERVED +CVE-2021-28211 (A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. ...) + {DLA-2645-1} + - edk2 2020.11-1 + [buster] - edk2 <no-dsa> (Minor issue) + NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1816 + NOTE: https://github.com/tianocore/edk2/pull/1138 + NOTE: https://github.com/tianocore/edk2/commit/e7bd0dd26db7e56aa8ca70132d6ea916ee6f3db0 +CVE-2021-28210 (An unlimited recursion in DxeCore in EDK II. ...) + {DLA-2645-1} + - edk2 2020.11-1 + [buster] - edk2 <no-dsa> (Minor issue) + NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1743 + NOTE: https://github.com/tianocore/edk2/pull/1137 + NOTE: https://github.com/tianocore/edk2/commit/47343af30435302c087027177613412a1a83e919 +CVE-2021-28209 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28208 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28207 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28206 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28205 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28204 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28203 (The Web Set Media Image function in ASUS BMC’s firmware Web mana ...) + NOT-FOR-US: ASUS +CVE-2021-28202 (The Service configuration-2 function in ASUS BMC’s firmware Web ...) + NOT-FOR-US: ASUS +CVE-2021-28201 (The Service configuration-1 function in ASUS BMC’s firmware Web ...) + NOT-FOR-US: ASUS +CVE-2021-28200 (The CD media configuration function in ASUS BMC’s firmware Web m ...) + NOT-FOR-US: ASUS +CVE-2021-28199 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28198 (The Firmware protocol configuration function in ASUS BMC’s firmw ...) + NOT-FOR-US: ASUS +CVE-2021-28197 (The Active Directory configuration function in ASUS BMC’s firmwa ...) + NOT-FOR-US: ASUS +CVE-2021-28196 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28195 (The Radius configuration function in ASUS BMC’s firmware Web man ...) + NOT-FOR-US: ASUS +CVE-2021-28194 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28193 (The SMTP configuration function in ASUS BMC’s firmware Web manag ...) + NOT-FOR-US: ASUS +CVE-2021-28192 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28191 (The Firmware update function in ASUS BMC’s firmware Web manageme ...) + NOT-FOR-US: ASUS +CVE-2021-28190 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28189 (The SMTP configuration function in ASUS BMC’s firmware Web manag ...) + NOT-FOR-US: ASUS +CVE-2021-28188 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28187 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28186 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28185 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28184 (The Active Directory configuration function in ASUS BMC’s firmwa ...) + NOT-FOR-US: ASUS +CVE-2021-28183 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28182 (The Web Service configuration function in ASUS BMC’s firmware We ...) + NOT-FOR-US: ASUS +CVE-2021-28181 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28180 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28179 (The specific function in ASUS BMC’s firmware Web management page ...) + NOT-FOR-US: ASUS +CVE-2021-28178 (The UEFI configuration function in ASUS BMC’s firmware Web manag ...) + NOT-FOR-US: ASUS +CVE-2021-28177 (The LDAP configuration function in ASUS BMC’s firmware Web manag ...) + NOT-FOR-US: ASUS +CVE-2021-28176 (The DNS configuration function in ASUS BMC’s firmware Web manage ...) + NOT-FOR-US: ASUS +CVE-2021-28175 (The Radius configuration function in ASUS BMC’s firmware Web man ...) + NOT-FOR-US: ASUS +CVE-2021-28174 (Mitake smart stock selection system contains a broken authentication v ...) + NOT-FOR-US: Mitake smart stock selection system +CVE-2021-28173 (The file upload function of Vangene deltaFlow E-platform does not perf ...) + NOT-FOR-US: Vangene deltaFlow E-platform +CVE-2021-28172 (There is a Path Traversal vulnerability in the file download function ...) + NOT-FOR-US: Vangene deltaFlow E-platform +CVE-2021-28171 (The Vangene deltaFlow E-platform does not take properly protective mea ...) + NOT-FOR-US: Vangene deltaFlow E-platform +CVE-2021-28170 (In the Jakarta Expression Language implementation 3.0.3 and earlier, a ...) + - jakarta-el-api <unfixed> (unimportant; bug #989259) + NOTE: https://github.com/eclipse-ee4j/el-ri/issues/155 + NOTE: https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/ + NOTE: Only affects the EL reference implementation which isn't built into the binary packages +CVE-2021-28169 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...) + {DSA-4949-1 DLA-2688-1} + - jetty9 9.4.39-2 (bug #989999) + - jetty8 <removed> + - jetty <removed> + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq + NOTE: https://github.com/eclipse/jetty.project/issues/6263 + NOTE: https://github.com/eclipse/jetty.project/commit/1c05b0bcb181c759e98b060bded0b9376976b055 (v9.4.41) +CVE-2021-28168 (Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains ...) + NOT-FOR-US: Eclipse Jersey +CVE-2021-28167 (In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect ...) + NOT-FOR-US: Eclipse OpenJ9 +CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated clien ...) + - mosquitto 2.0.10-1 (bug #986701) + [bullseye] - mosquitto <no-dsa> (Minor issue) + [buster] - mosquitto <not-affected> (Vulnerable code introduced in 2.0) + [stretch] - mosquitto <not-affected> (Vulnerable code introduced in 2.0) + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608 +CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0. ...) + {DSA-4949-1} + - jetty9 9.4.39-1 + [stretch] - jetty9 <ignored> (Minor issue, cpu-spin DoS w/o service outage, no patch for 9.2 while 9.4 refactoring in core SSL code) + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w + NOTE: https://github.com/eclipse/jetty.project/issues/6072 + NOTE: https://github.com/eclipse/jetty.project/pull/6073/commits/af289dcaedcddcc6b23bc73ddc20363c34338412 (jetty-9.4.x) + NOTE: https://github.com/eclipse/jetty.project/pull/6073/commits/705e5e9a6a00fd3a533695bae8915b0295a4f879 (jetty-9.4.x) +CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...) + - jetty9 9.4.39-1 + [buster] - jetty9 <not-affected> (Vulnerable code introduced later) + [stretch] - jetty9 <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 + NOTE: https://github.com/eclipse/jetty.project/commit/e412c8a15b3334b30193f40412c0fbc47e478e83 + NOTE: Introduced by https://github.com/eclipse/jetty.project/commit/20ef71fe5d709a90c2a5698834fff07b9b4e7ad7 (jetty-9.4.37.v20210219) +CVE-2021-28163 (In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...) + - jetty9 9.4.39-1 + [buster] - jetty9 <not-affected> (Vulnerable code was introduced later) + [stretch] - jetty9 <not-affected> (Vulnerable code introduced in 9.4.32 according to upstream advisory, reproducer no-op) + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq + NOTE: https://github.com/eclipse/jetty.project/commit/37fffb1722604da1763d8a096ec5c5fb41ea0633 +CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...) + NOT-FOR-US: Eclipse Theia +CVE-2021-28161 (In Eclipse Theia versions up to and including 1.8.0, in the debug cons ...) + NOT-FOR-US: Eclipse Theia +CVE-2021-28160 (Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected ...) + NOT-FOR-US: Acexy (BoyaMicro) Wireless-N WiFi Repeater +CVE-2021-28159 + RESERVED +CVE-2021-28158 + RESERVED +CVE-2021-28157 (An SQL Injection issue in Devolutions Server before 2021.1 and Devolut ...) + NOT-FOR-US: Devolutions Server +CVE-2021-28156 (HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be ...) + - consul <not-affected> (Only affects Enterprise version) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950492 + NOTE: https://github.com/hashicorp/consul/pull/10030 +CVE-2021-28155 (The Bluetooth Classic implementation on JBL TUNE500BT devices does not ...) + NOT-FOR-US: JBL TUNE500BT +CVE-2021-28154 (** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 all ...) + NOT-FOR-US: Camunda Modeler +CVE-2021-28152 (Hongdian H8922 3.0.5 devices have an undocumented feature that allows ...) + NOT-FOR-US: Hongdian H8922 3.0.5 devices +CVE-2021-28151 (Hongdian H8922 3.0.5 devices allow OS command injection via shell meta ...) + NOT-FOR-US: Hongdian H8922 3.0.5 devices +CVE-2021-28150 (Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read ...) + NOT-FOR-US: Hongdian H8922 3.0.5 devices +CVE-2021-28149 (Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_downl ...) + NOT-FOR-US: Hongdian H8922 3.0.5 devices +CVE-2021-28148 (One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x ...) + - grafana <removed> +CVE-2021-28147 (The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x bef ...) + - grafana <removed> +CVE-2021-28146 (The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an ...) + - grafana <removed> +CVE-2021-28153 (An issue was discovered in GNOME GLib before 2.66.8. When g_file_repla ...) + - glib2.0 2.66.7-2 (bug #984969) + [buster] - glib2.0 2.58.3-2+deb10u3 + [stretch] - glib2.0 <postponed> (Minor issue, directory traversal exploitable in file-roller) + NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2325 +CVE-2021-3435 + RESERVED +CVE-2021-3434 + RESERVED +CVE-2021-3433 + RESERVED +CVE-2021-3432 + RESERVED +CVE-2021-3431 + RESERVED +CVE-2021-3430 + RESERVED +CVE-2021-3429 + RESERVED + {DLA-2601-1} + - cloud-init 20.4.1-2 (bug #985540) + [buster] - cloud-init 20.2-2~deb10u2 + NOTE: https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668 +CVE-2021-3428 [integer overflow in ext4_es_cache_extent] + RESERVED + {DLA-2689-1 DLA-2610-1} + - linux 5.8.7-1 + [buster] - linux 4.19.181-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786 + NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/1 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1173485 +CVE-2021-28145 (Concrete CMS (formerly concrete5) before 8.5.5 allows remote authentic ...) + NOT-FOR-US: Concrete CMS +CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote a ...) + NOT-FOR-US: D-Link +CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated ...) + NOT-FOR-US: D-Link +CVE-2021-28142 (CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." ...) + NOT-FOR-US: CITSmart +CVE-2021-28141 (** DISPUTED ** An issue was discovered in Progress Telerik UI for ASP. ...) + NOT-FOR-US: Telerik +CVE-2021-28140 + RESERVED +CVE-2021-28139 (The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earl ...) + NOT-FOR-US: Espressif +CVE-2021-28138 + RESERVED +CVE-2021-28137 + RESERVED +CVE-2021-28136 (The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earl ...) + NOT-FOR-US: Espressif +CVE-2021-28135 (The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earl ...) + NOT-FOR-US: Espressif +CVE-2021-28134 (Clipper before 1.0.5 allows remote command execution. A remote attacke ...) + NOT-FOR-US: Clipper +CVE-2021-28133 (Zoom through 5.5.4 sometimes allows attackers to read private informat ...) + NOT-FOR-US: Zoom +CVE-2021-3427 + RESERVED +CVE-2021-28132 (LUCY Security Awareness Software through 4.7.x allows unauthenticated ...) + NOT-FOR-US: LUCY Security Awareness Software +CVE-2021-28131 (Impala sessions use a 16 byte secret to verify that the session is not ...) + NOT-FOR-US: Apache Impala +CVE-2021-28130 (Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applicati ...) + NOT-FOR-US: Dr.Web Firewall +CVE-2021-28129 (While working on Apache OpenOffice 4.1.8 a developer discovered that t ...) + NOT-FOR-US: Apache OpenOffice +CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing of one's ...) + NOT-FOR-US: Strapi +CVE-2021-28127 (An issue was discovered in Stormshield SNS through 4.2.1. A brute-forc ...) + NOT-FOR-US: Stormshield SNS +CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1 ...) + NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG) +CVE-2021-28125 (Apache Superset up to and including 1.0.1 allowed for the creation of ...) + NOT-FOR-US: Apache Superset +CVE-2021-28124 (A man-in-the-middle vulnerability in Cohesity DataPlatform support cha ...) + NOT-FOR-US: Cohesity DataPlatform support channel +CVE-2021-28123 (Undocumented Default Cryptographic Key Vulnerability in Cohesity DataP ...) + NOT-FOR-US: Cohesity DataPlatform +CVE-2021-28122 (A request-validation issue was discovered in Open5GS 2.1.3 through 2.2 ...) + NOT-FOR-US: Open5GS +CVE-2021-28121 (Virtual Robots.txt before 1.10 does not block HTML tags in the robots. ...) + NOT-FOR-US: Virtual Robots.txt +CVE-2021-28120 + RESERVED +CVE-2021-28119 (Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command e ...) + NOT-FOR-US: Twinkle Tray +CVE-2021-28118 + RESERVED +CVE-2021-28117 (libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before ...) + - plasma-discover 5.20.5-3 + [buster] - plasma-discover <not-affected> (Vulnerable code introduced later) + [stretch] - plasma-discover <not-affected> (Vulnerable code introduced later) + NOTE: https://kde.org/info/security/advisory-20210310-1.txt + NOTE: Introduced in: https://invent.kde.org/plasma/discover/8bea95730eabb439b0528da01fb1e0cc6fe179b7 + NOTE: Plasma 5.21: https://commits.kde.org/plasma/discover/94478827aab63d2e2321f0ca9ec5553718798e60 + NOTE: Plasma 5.18: https://commits.kde.org/plasma/discover/fcd3b30552bf03a384b1a16f9bb8db029c111356 +CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations, allo ...) + - squid 5.2-1 (bug #986804) + [bullseye] - squid <postponed> (Minor issue) + [buster] - squid <postponed> (Minor issue) + - squid3 <removed> + [stretch] - squid3 <postponed> (Check later when information is public) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-11610/ + NOTE: https://bugs.squid-cache.org/show_bug.cgi?id=5131 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/04/1 + NOTE: Squid4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_12.patch + NOTE: Squid5: http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a73a54cefff6bb83c03de219a73276e42d183d0.patch +CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the com ...) + NOT-FOR-US: MyBB addon +CVE-2021-28114 (Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace co ...) + NOT-FOR-US: Froala WYSIWYG Editor +CVE-2021-28113 (A command injection vulnerability in the cookieDomain and relayDomain ...) + NOT-FOR-US: Okta Access Gateway +CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a deb ...) + NOT-FOR-US: Draeger X-Dock Firmware +CVE-2021-28111 (Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, le ...) + NOT-FOR-US: Draeger X-Dock Firmware +CVE-2021-28110 (/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27. ...) + NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG) +CVE-2021-28109 (TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected C ...) + NOT-FOR-US: TranzWare (POI) FIMI +CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier Authent ...) + {DLA-2625-1} + - courier-authlib 0.71.1-2 (bug #984810) + [buster] - courier-authlib <no-dsa> (Minor issue) + NOTE: Re-introduction of #378571 while migrating from debian/permissions to + NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2. +CVE-2021-3426 (There's a flaw in Python 3's pydoc. A local or adjacent attacker who d ...) + {DLA-2619-1} + [experimental] - python3.9 3.9.3-1 + - python3.9 3.9.7-1 + [bullseye] - python3.9 <no-dsa> (Minor issue) + - python3.7 <removed> + [buster] - python3.7 <no-dsa> (Minor issue) + - python3.5 <removed> + - python2.7 <not-affected> (Vulnerable code not present) + - pypy3 7.3.3+dfsg-4 + [buster] - pypy3 <no-dsa> (Minor issue) + NOTE: https://bugs.python.org/issue42988 + NOTE: https://github.com/python/cpython/commit/9b999479c0022edfc9835a8a1f06e046f3881048 + NOTE: https://python-security.readthedocs.io/vuln/pydoc-getfile.html + NOTE: https://github.com/python/cpython/pull/24337 + NOTE: https://github.com/python/cpython/pull/24285 +CVE-2021-3425 (A flaw was found in the AMQ Broker that discloses JDBC encrypted usern ...) + NOT-FOR-US: Red Hat AMQ Broker +CVE-2021-28108 + RESERVED +CVE-2021-28107 + RESERVED +CVE-2021-28106 + RESERVED +CVE-2021-28105 + RESERVED +CVE-2021-28104 + RESERVED +CVE-2021-28103 + RESERVED +CVE-2021-28102 + RESERVED +CVE-2021-28101 + RESERVED +CVE-2021-28100 (Priam uses File.createTempFile, which gives the permissions on that fi ...) + NOT-FOR-US: Priam +CVE-2021-28099 (In Netflix OSS Hollow, since the Files.exists(parent) is run before cr ...) + NOT-FOR-US: Hollow +CVE-2021-28098 (An issue was discovered in Forescout CounterACT before 8.1.4. A local ...) + NOT-FOR-US: Forescout CounterACT +CVE-2021-28097 + RESERVED +CVE-2021-28096 (An issue was discovered in Stormshield SNS before 4.2.3 (when the prox ...) + NOT-FOR-US: Stormshield SNS +CVE-2021-28095 (OX Documents before 7.10.5-rev5 has Incorrect Access Control for docum ...) + NOT-FOR-US: OX Documents +CVE-2021-28094 (OX Documents before 7.10.5-rev7 has Incorrect Access Control for conve ...) + NOT-FOR-US: OX Documents +CVE-2021-28093 (OX Documents before 7.10.5-rev5 has Incorrect Access Control of conver ...) + NOT-FOR-US: OX Documents +CVE-2021-28092 (The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expr ...) + NOT-FOR-US: Node is-svg +CVE-2021-3424 (A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 ...) + NOT-FOR-US: Keycloak +CVE-2021-28091 (Lasso all versions prior to 2.7.0 has improper verification of a crypt ...) + {DSA-4926-1 DLA-2684-1} + - lasso 2.6.1-3 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1940089 + NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html + NOTE: https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html + NOTE: https://git.entrouvert.org/lasso.git/commit/?id=ea7e5efe9741e1b1787a58af16cb15b40c23be5a +CVE-2021-28090 (Tor before 0.4.5.7 allows a remote attacker to cause Tor directory aut ...) + {DSA-4871-1} + - tor 0.4.5.7-1 + [stretch] - tor <end-of-life> (See DSA 4644) + NOTE: https://blog.torproject.org/node/2009 + NOTE: https://bugs.torproject.org/tpo/core/tor/40316 +CVE-2021-28089 (Tor before 0.4.5.7 allows a remote participant in the Tor directory pr ...) + {DSA-4871-1} + - tor 0.4.5.7-1 + [stretch] - tor <end-of-life> (See DSA 4644) + NOTE: https://blog.torproject.org/node/2009 + NOTE: https://bugs.torproject.org/tpo/core/tor/40286 +CVE-2021-21381 (Flatpak is a system for building, distributing, and running sandboxed ...) + {DSA-4868-1} + - flatpak 1.10.1-4 (bug #984859) + [stretch] - flatpak <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/flatpak/flatpak/issues/4146 + NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp +CVE-2021-28088 (Cross-site scripting (XSS) in modules/content/admin/content.php in Imp ...) + NOT-FOR-US: ImpressCMS +CVE-2021-28087 + RESERVED +CVE-2021-28086 + RESERVED +CVE-2021-28085 + RESERVED +CVE-2021-28084 + RESERVED +CVE-2021-28083 + RESERVED +CVE-2021-28082 + RESERVED +CVE-2021-28081 + RESERVED +CVE-2021-28080 + RESERVED +CVE-2021-28079 (Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnera ...) + NOT-FOR-US: Jamovi +CVE-2021-28078 + RESERVED +CVE-2021-28077 + RESERVED +CVE-2021-28076 + RESERVED +CVE-2021-28075 (iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulner ...) + NOT-FOR-US: iKuaiOS +CVE-2021-28074 + RESERVED +CVE-2021-28073 + RESERVED +CVE-2021-28072 + RESERVED +CVE-2021-28071 + RESERVED +CVE-2021-28070 (Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0 ...) + NOT-FOR-US: PopojiCMS +CVE-2021-28069 + RESERVED +CVE-2021-28068 + RESERVED +CVE-2021-28067 + RESERVED +CVE-2021-28066 + RESERVED +CVE-2021-28065 + RESERVED +CVE-2021-28064 + RESERVED +CVE-2021-28063 + RESERVED +CVE-2021-28062 + RESERVED +CVE-2021-28061 + RESERVED +CVE-2021-28060 (A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4 ...) + NOT-FOR-US: Group Office +CVE-2021-28059 + RESERVED +CVE-2021-28058 + RESERVED +CVE-2021-28057 + RESERVED +CVE-2021-28056 + RESERVED +CVE-2021-28055 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...) + - centreon-web <itp> (bug #913903) +CVE-2021-28054 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...) + - centreon-web <itp> (bug #913903) +CVE-2021-28053 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...) + - centreon-web <itp> (bug #913903) +CVE-2021-28052 + RESERVED +CVE-2021-28051 + RESERVED +CVE-2021-28050 + RESERVED +CVE-2021-28049 + RESERVED +CVE-2021-28048 (An overly permissive CORS policy in Devolutions Server before 2021.1 a ...) + NOT-FOR-US: Devolutions Server +CVE-2021-28047 (Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Re ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2021-28046 + RESERVED +CVE-2021-28045 + RESERVED +CVE-2021-28044 + RESERVED +CVE-2021-28043 + RESERVED +CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...) + NOT-FOR-US: Deutsche Post Mailoptimizer +CVE-2021-3423 (Uncontrolled Search Path Element vulnerability in the openssl componen ...) + NOT-FOR-US: Bitdefender +CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...) + - openssh 1:8.4p1-5 (bug #984940) + [buster] - openssh <not-affected> (Vulnerable code introduced later) + [stretch] - openssh <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/03/03/1 + NOTE: https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db + NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig +CVE-2021-28040 (An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vuln ...) + - ossec-hids <itp> (bug #361954) +CVE-2021-28037 (An issue was discovered in the internment crate before 0.4.2 for Rust. ...) + NOT-FOR-US: Rust crate internment +CVE-2021-28036 (An issue was discovered in the quinn crate before 0.7.0 for Rust. It m ...) + NOT-FOR-US: Rust crate quinn +CVE-2021-28035 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust. ...) + NOT-FOR-US: Rust crate stack_dst +CVE-2021-28034 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust. ...) + NOT-FOR-US: Rust crate stack_dst +CVE-2021-28033 (An issue was discovered in the byte_struct crate before 0.6.1 for Rust ...) + NOT-FOR-US: Rust crate byte_struct +CVE-2021-28032 (An issue was discovered in the nano_arena crate before 0.5.2 for Rust. ...) + NOT-FOR-US: Rust crate nano_arena +CVE-2021-28031 (An issue was discovered in the scratchpad crate before 1.3.1 for Rust. ...) + NOT-FOR-US: Rust crate scratchpad +CVE-2021-28030 (An issue was discovered in the truetype crate before 0.30.1 for Rust. ...) + NOT-FOR-US: Rust crate truetype +CVE-2021-28029 (An issue was discovered in the toodee crate before 0.3.0 for Rust. The ...) + NOT-FOR-US: Rust crate toodee +CVE-2021-28028 (An issue was discovered in the toodee crate before 0.3.0 for Rust. Row ...) + NOT-FOR-US: Rust crate toodee +CVE-2021-28027 (An issue was discovered in the bam crate before 0.1.3 for Rust. There ...) + NOT-FOR-US: Rust crate bam +CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff ...) + - jpeg-xl <itp> (bug #948862) +CVE-2021-28025 + RESERVED +CVE-2021-28024 (Unauthorized system access in the login form in ServiceTonic Helpdesk ...) + NOT-FOR-US: ServiceTonic +CVE-2021-28023 (Arbitrary file upload in Service import feature in ServiceTonic Helpde ...) + NOT-FOR-US: ServiceTonic +CVE-2021-28022 (Blind SQL injection in the login form in ServiceTonic Helpdesk softwar ...) + NOT-FOR-US: ServiceTonic +CVE-2021-28021 (Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...) + - libstb <undetermined> + NOTE: https://github.com/nothings/stb/issues/1108 + NOTE: https://github.com/nothings/stb/commit/86b7570cfba845e8209c6aec2d15e487bb1d8bb4 + TODO: check libstb itself, and various packages embedd a copy +CVE-2021-28020 + RESERVED +CVE-2021-28019 + RESERVED +CVE-2021-28018 + RESERVED +CVE-2021-28017 + RESERVED +CVE-2021-28016 + RESERVED +CVE-2021-28015 + RESERVED +CVE-2021-28014 + RESERVED +CVE-2021-28013 + RESERVED +CVE-2021-28012 + RESERVED +CVE-2021-28011 + RESERVED +CVE-2021-28010 + RESERVED +CVE-2021-28009 + RESERVED +CVE-2021-28008 + RESERVED +CVE-2021-28007 (Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in ...) + NOT-FOR-US: Web Based Quiz System +CVE-2021-28006 (Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in ...) + NOT-FOR-US: Web Based Quiz System +CVE-2021-28005 + RESERVED +CVE-2021-28004 + RESERVED +CVE-2021-28003 + RESERVED +CVE-2021-28002 (A persistent cross-site scripting vulnerability was discovered in the ...) + NOT-FOR-US: Textpattern CMS +CVE-2021-28001 (A cross-site scripting vulnerability was discovered in the Comments pa ...) + NOT-FOR-US: Textpattern CMS +CVE-2021-28000 (A persistent cross-site scripting vulnerability was discovered in Loca ...) + NOT-FOR-US: Local Services Search Engine Management System Project +CVE-2021-27999 (A SQL injection vulnerability was discovered in the editid parameter i ...) + NOT-FOR-US: Local Services Search Engine Management System Project +CVE-2021-27998 + RESERVED +CVE-2021-27997 + RESERVED +CVE-2021-27996 + RESERVED +CVE-2021-27995 + RESERVED +CVE-2021-27994 + RESERVED +CVE-2021-27993 + RESERVED +CVE-2021-27992 + RESERVED +CVE-2021-27991 + RESERVED +CVE-2021-27990 (Appspace 6.2.4 is vulnerable to a broken authentication mechanism wher ...) + NOT-FOR-US: Appspace +CVE-2021-27989 (Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in m ...) + NOT-FOR-US: Appspace +CVE-2021-27988 + RESERVED +CVE-2021-27987 + RESERVED +CVE-2021-27986 + RESERVED +CVE-2021-27985 + RESERVED +CVE-2021-27984 (In Pluck-4.7.15 admin background a remote command execution vulnerabil ...) + NOT-FOR-US: Pluck CMS +CVE-2021-27983 (Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 ...) + NOT-FOR-US: MaxSite CMS +CVE-2021-27982 + RESERVED +CVE-2021-27981 + RESERVED +CVE-2021-27980 + RESERVED +CVE-2021-27979 + RESERVED +CVE-2021-27978 + RESERVED +CVE-2021-27977 + RESERVED +CVE-2021-27976 + RESERVED +CVE-2021-27975 + RESERVED +CVE-2021-27974 + RESERVED +CVE-2021-27973 (SQL injection exists in Piwigo before 11.4.0 via the language paramete ...) + - piwigo <removed> +CVE-2021-27972 + RESERVED +CVE-2021-27971 (Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injec ...) + NOT-FOR-US: Alps Alpine Touchpad Driver +CVE-2021-27970 + RESERVED +CVE-2021-27969 (Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "wi ...) + NOT-FOR-US: Dolphin CMS +CVE-2021-27968 + RESERVED +CVE-2021-27967 + RESERVED +CVE-2021-27966 + RESERVED +CVE-2021-27965 (The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2 ...) + NOT-FOR-US: MSI Dragon Center +CVE-2021-27964 (SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File U ...) + NOT-FOR-US: SonLogger +CVE-2021-27963 (SonLogger before 6.4.1 is affected by user creation with any user perm ...) + NOT-FOR-US: SonLogger +CVE-2021-27962 (Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4. ...) + - grafana <removed> +CVE-2021-27961 + RESERVED +CVE-2021-27960 + RESERVED +CVE-2021-27959 + RESERVED +CVE-2021-27958 + RESERVED +CVE-2021-27957 + RESERVED +CVE-2021-27956 (Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-27955 + RESERVED +CVE-2021-27954 (A heap-based buffer overflow vulnerability exists on the ecobee3 lite ...) + NOT-FOR-US: ecobee3 +CVE-2021-27953 (A NULL pointer dereference vulnerability exists on the ecobee3 lite 4. ...) + NOT-FOR-US: ecobee3 +CVE-2021-27952 (Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.20 ...) + NOT-FOR-US: ecobee3 +CVE-2021-27951 + RESERVED +CVE-2021-27950 (A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through ...) + NOT-FOR-US: Sita AzurCMS +CVE-2021-27949 (Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom mo ...) + NOT-FOR-US: MyBB +CVE-2021-27948 (SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (is ...) + NOT-FOR-US: MyBB +CVE-2021-27947 (SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum f ...) + NOT-FOR-US: MyBB +CVE-2021-27946 (SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. ...) + NOT-FOR-US: MyBB +CVE-2021-27945 (The Squirro Insights Engine was affected by a Reflected Cross-Site Scr ...) + NOT-FOR-US: Squirro Insights Engine +CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as u ...) + - linux 5.10.24-1 (unimportant) + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://xenbits.xen.org/xsa/advisory-369.html +CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as used wi ...) + {DLA-2610-1 DLA-2586-1} + - linux 5.10.24-1 + [buster] - linux 4.19.181-1 + NOTE: https://xenbits.xen.org/xsa/advisory-367.html +CVE-2021-3422 + RESERVED +CVE-2021-3421 (A flaw was found in the RPM package in the read functionality. This fl ...) + - rpm 4.16.1.2+dfsg1-1 (bug #985308) + [buster] - rpm <no-dsa> (Minor issue) + [stretch] - rpm <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927747 +CVE-2021-27944 (Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E ...) + NOT-FOR-US: Vizio +CVE-2021-27943 (The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 ...) + NOT-FOR-US: Vizio +CVE-2021-27942 (Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a thre ...) + NOT-FOR-US: Vizio +CVE-2021-27941 (Unconstrained Web access to the device's private encryption key in the ...) + NOT-FOR-US: eWeLink mobile application +CVE-2021-27940 (resources/public/js/orchestrator.js in openark orchestrator before 3.2 ...) + NOT-FOR-US: openark +CVE-2021-27939 + RESERVED +CVE-2021-27938 (A vulnerability has been identified in the Silverstripe CMS 3 and 4 ve ...) + NOT-FOR-US: Silverstripe CMS +CVE-2021-27937 + RESERVED +CVE-2021-27936 + RESERVED +CVE-2021-27935 (An issue was discovered in AdGuard before 0.105.2. An attacker able to ...) + NOT-FOR-US: AdGuard +CVE-2021-27934 + RESERVED +CVE-2021-27933 (pfSense 2.5.0 allows XSS via the services_wol_edit.php Description fie ...) + NOT-FOR-US: pfSense +CVE-2021-27932 + RESERVED +CVE-2021-27931 (LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthent ...) + NOT-FOR-US: LumisXP (aka Lumis Experience Platform) +CVE-2021-27930 (Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which ...) + NOT-FOR-US: IrisNext +CVE-2021-27929 + RESERVED +CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 before 10 ...) + {DLA-2605-1} + - mariadb-10.5 1:10.5.9-1 + - mariadb-10.3 <removed> + [buster] - mariadb-10.3 1:10.3.29-0+deb10u1 + - mariadb-10.1 <removed> + NOTE: https://jira.mariadb.org/browse/MDEV-25179 + NOTE: Fixed in MariaDB: 10.5.9, 10.4.18, 10.3.28, 10.2.27 +CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5 ...) + - zabbix 1:5.0.8+dfsg-1 + [buster] - zabbix <no-dsa> (Minor issue) + [stretch] - zabbix <not-affected> (Vulnerable code introduced later) + NOTE: https://support.zabbix.com/browse/ZBX-18942 + NOTE: CControllerAuthenticationUpdate introduced by authentication revamp in https://support.zabbix.com/browse/ZBXNEXT-4573 (4.0) +CVE-2021-27926 + RESERVED +CVE-2021-27925 (An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6. ...) + NOT-FOR-US: Couchbase Server +CVE-2021-27924 (An issue was discovered in Couchbase Server 6.x through 6.6.1. The Cou ...) + NOT-FOR-US: Couchbase Server +CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) + - pillow 8.1.2-1 + [buster] - pillow <ignored> (Minor issue) + [stretch] - pillow <ignored> (Minor issue, risk of regression, _decompression_bomb_check only warned, see CVE-2019-16865) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html + NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973 +CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) + - pillow 8.1.2-1 + [buster] - pillow <ignored> (Minor issue) + [stretch] - pillow <ignored> (Minor issue, risk of regression, _decompression_bomb_check only warned, see CVE-2019-16865) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html + NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973 +CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) + - pillow 8.1.2-1 + [buster] - pillow <ignored> (Minor issue) + [stretch] - pillow <not-affected> (Vulnerable code introduced later) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html + NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973 + NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/adaa70357662a11cd4b7c0beddaad4e92164c5d9 (5.1.0) +CVE-2021-27920 + RESERVED +CVE-2021-27919 (archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a den ...) + - golang-1.16 1.16.3-1 + - golang-1.15 <not-affected> (Only affects 1.16) + NOTE: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw + NOTE: https://github.com/golang/go/issues/44916 +CVE-2021-27918 (encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infin ...) + - golang-1.16 1.16.3-1 + - golang-1.15 1.15.9-1 + - golang-1.11 <removed> + - golang-1.8 <removed> + [stretch] - golang-1.8 <postponed> (Minor issue, DoS) + - golang-1.7 <removed> + [stretch] - golang-1.7 <postponed> (Minor issue, DoS) + NOTE: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw + NOTE: https://github.com/golang/go/issues/44913 +CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper overfl ...) + - newlib <unfixed> (bug #984446) + [bullseye] - newlib <no-dsa> (Minor issue) + [buster] - newlib <no-dsa> (Minor issue) + [stretch] - newlib <no-dsa> (Minor issue) + - picolibc 1.5-1 + - libnewlib-nano <removed> (bug #984424) + [buster] - libnewlib-nano <no-dsa> (Minor issue) + NOTE: Fix in picolibc: https://keithp.com/cgit/picolibc.git/commit/newlib/libc/stdlib/mallocr.c?id=aa106b29a6a8a1b0df9e334704292cbc32f2d44e + NOTE: https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e +CVE-2021-27917 + RESERVED +CVE-2021-27916 + RESERVED +CVE-2021-27915 + RESERVED +CVE-2021-27914 + RESERVED +CVE-2021-27913 (The function mt_rand is used to generate session tokens, this function ...) + NOT-FOR-US: Mautic +CVE-2021-27912 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS ...) + NOT-FOR-US: Mautic +CVE-2021-27911 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS ...) + NOT-FOR-US: Mautic +CVE-2021-27910 (Insufficient sanitization / filtering allows for arbitrary JavaScript ...) + NOT-FOR-US: Mautic +CVE-2021-27909 (For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerabilit ...) + NOT-FOR-US: Mautic +CVE-2021-27908 (In all versions prior to Mautic 3.3.2, secret parameters such as datab ...) + NOT-FOR-US: Mautic +CVE-2021-27907 (Apache Superset up to and including 0.38.0 allowed the creation of a M ...) + NOT-FOR-US: Apache Superset +CVE-2021-27906 (A carefully crafted PDF file can trigger an OutOfMemory-Exception whil ...) + - libpdfbox2-java 2.0.23-1 (bug #986008) + [buster] - libpdfbox2-java <no-dsa> (Minor issue) + - libpdfbox-java <not-affected> (Only affects 2.x) + NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/10 + NOTE: https://issues.apache.org/jira/browse/PDFBOX-5112 + NOTE: https://github.com/apache/pdfbox/commit/8c47be1011c11dc47300faecffd8ab32fba3646f +CVE-2021-27905 (The ReplicationHandler (normally registered at "/replication" under a ...) + - lucene-solr 3.6.2+dfsg-23 + [buster] - lucene-solr <ignored> (Minor issue) + [stretch] - lucene-solr <postponed> (Minor issue; can be fixed in next update) + NOTE: https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E + NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version +CVE-2021-27904 (An issue was discovered in app/Model/SharingGroupServer.php in MISP 2. ...) + NOT-FOR-US: MISP +CVE-2021-27903 (An issue was discovered in Craft CMS before 3.6.7. In some circumstanc ...) + NOT-FOR-US: Craft CMS +CVE-2021-27902 (An issue was discovered in Craft CMS before 3.6.0. In some circumstanc ...) + NOT-FOR-US: Craft CMS +CVE-2021-27901 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) + NOT-FOR-US: LG mobile devices +CVE-2021-27900 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) + NOT-FOR-US: Proofpoint Insider Threat Management Server +CVE-2021-27899 (The Proofpoint Insider Threat Management Agents (formerly ObserveIT Ag ...) + NOT-FOR-US: Proofpoint Insider Threat Management Agents +CVE-2021-27898 + RESERVED +CVE-2021-27897 + RESERVED +CVE-2021-27896 + RESERVED +CVE-2021-27895 + RESERVED +CVE-2021-27894 + RESERVED +CVE-2021-27893 (SSH Tectia Client and Server before 6.4.19 on Windows allow local priv ...) + NOT-FOR-US: SSH Tectia Client and Server +CVE-2021-27892 (SSH Tectia Client and Server before 6.4.19 on Windows allow local priv ...) + NOT-FOR-US: SSH Tectia Client and Server +CVE-2021-27891 (SSH Tectia Client and Server before 6.4.19 on Windows have weak key ge ...) + NOT-FOR-US: SSH Tectia Client and Server +CVE-2021-27890 (SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties ...) + NOT-FOR-US: MyBB +CVE-2021-27889 (Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nes ...) + NOT-FOR-US: MyBB +CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off ...) + NOT-FOR-US: ZendTo +CVE-2021-27887 (Cross-site Scripting (XSS) vulnerability in the main dashboard of Elli ...) + NOT-FOR-US: Ellipse APM +CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command injection in ...) + NOT-FOR-US: rakibtg Docker Dashboard +CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protect ...) + NOT-FOR-US: e107 +CVE-2021-27884 (Weak JSON Web Token (JWT) signing secret generation in YMFE YApi throu ...) + NOT-FOR-US: YMFE YApi +CVE-2021-27883 + RESERVED +CVE-2021-27882 + RESERVED +CVE-2021-27881 + RESERVED +CVE-2021-27880 + RESERVED +CVE-2021-27879 + RESERVED +CVE-2021-27878 (An issue was discovered in Veritas Backup Exec before 21.2. The commun ...) + NOT-FOR-US: Veritas +CVE-2021-27877 (An issue was discovered in Veritas Backup Exec before 21.2. It support ...) + NOT-FOR-US: Veritas +CVE-2021-27876 (An issue was discovered in Veritas Backup Exec before 21.2. The commun ...) + NOT-FOR-US: Veritas +CVE-2021-3419 + REJECTED +CVE-2021-3418 (If certificates that signed grub are installed into db, grub can be bo ...) + - grub2 <not-affected> (Vulnerability specific to distributions using shim_lock) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1933757 +CVE-2021-27875 + RESERVED +CVE-2021-27874 + RESERVED +CVE-2021-27873 + RESERVED +CVE-2021-27872 + RESERVED +CVE-2021-27871 + RESERVED +CVE-2021-27870 + RESERVED +CVE-2021-27869 + RESERVED +CVE-2021-27868 + RESERVED +CVE-2021-27867 + RESERVED +CVE-2021-27866 + RESERVED +CVE-2021-27865 + RESERVED +CVE-2021-27864 + RESERVED +CVE-2021-27863 + RESERVED +CVE-2021-27862 + RESERVED +CVE-2021-27861 + RESERVED +CVE-2021-27860 (A vulnerability in the web management interface of FatPipe WARP, IPVPN ...) + NOT-FOR-US: FatPipe +CVE-2021-27859 (A missing authorization vulnerability in the web management interface ...) + NOT-FOR-US: FatPipe +CVE-2021-27858 (A missing authorization vulnerability in the web management interface ...) + NOT-FOR-US: FatPipe +CVE-2021-27857 (A missing authorization vulnerability in the web management interface ...) + NOT-FOR-US: FatPipe +CVE-2021-27856 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 ...) + NOT-FOR-US: FatPipe +CVE-2021-27855 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 ...) + NOT-FOR-US: FatPipe +CVE-2021-27854 + RESERVED +CVE-2021-27853 + RESERVED +CVE-2021-27852 (Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of ...) + NOT-FOR-US: Checkbox Survey +CVE-2021-27850 (A critical unauthenticated remote code execution vulnerability was fou ...) + NOT-FOR-US: Apache Tapestry +CVE-2021-27849 + RESERVED +CVE-2021-27848 + RESERVED +CVE-2021-27847 (Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_ ...) + - vips 8.8.3-1 + [buster] - vips <no-dsa> (Minor issue) + [stretch] - vips <no-dsa> (Minor issue) + NOTE: https://github.com/libvips/libvips/issues/1236 + NOTE: https://github.com/libvips/libvips/commit/2fb81b8ed6a4a6b2385f3efbb0412f24f80163c4 (v8.8.0-rc1) + NOTE: https://github.com/libvips/libvips/commit/65a259a0258b2036b168cdeff6e9db434471225a (v8.8.0-rc1) +CVE-2021-27846 + RESERVED +CVE-2021-27845 (A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2 ...) + - jasper <removed> + NOTE: https://github.com/jasper-software/jasper/issues/194 +CVE-2021-27844 + RESERVED +CVE-2021-27843 + RESERVED +CVE-2021-27842 + RESERVED +CVE-2021-27841 + RESERVED +CVE-2021-27840 + RESERVED +CVE-2021-27839 (A CSV injection vulnerability found in Online Invoicing System (OIS) 4 ...) + NOT-FOR-US: Online Invoicing System (OIS) +CVE-2021-27838 + RESERVED +CVE-2021-27837 + RESERVED +CVE-2021-27836 (An issue was discoverered in in function xls_getWorkSheet in xls.c in ...) + - r-cran-readxl <unfixed> (unimportant) + NOTE: https://github.com/libxls/libxls/issues/94 + NOTE: Negligible security impact +CVE-2021-27835 + RESERVED +CVE-2021-27834 + RESERVED +CVE-2021-27833 + RESERVED +CVE-2021-27832 + RESERVED +CVE-2021-27831 + RESERVED +CVE-2021-27830 + RESERVED +CVE-2021-27829 + RESERVED +CVE-2021-27828 (SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify o ...) + NOT-FOR-US: In4Suite ERP +CVE-2021-27827 + RESERVED +CVE-2021-27826 + RESERVED +CVE-2021-27825 + RESERVED +CVE-2021-27824 + RESERVED +CVE-2021-27823 (An information disclosure vulnerability was discovered in /index.class ...) + NOT-FOR-US: NetWave +CVE-2021-27822 (A persistent cross site scripting (XSS) vulnerability in the Add Categ ...) + NOT-FOR-US: Vehicle Parking Management System +CVE-2021-27821 (The Web Interface for OpenWRT LuCI version 19.07 and lower has been di ...) + NOT-FOR-US: OpenWRT LuCI +CVE-2021-27820 + RESERVED +CVE-2021-27819 + RESERVED +CVE-2021-27818 + RESERVED +CVE-2021-27817 (A remote command execution vulnerability in shopxo 1.9.3 allows an att ...) + NOT-FOR-US: shopxo +CVE-2021-27816 + RESERVED +CVE-2021-27815 (NULL Pointer Deference in the exif command line tool, when printing ou ...) + - exif <unfixed> (unimportant) + NOTE: https://github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c + NOTE: https://github.com/libexif/exif/issues/4 +CVE-2021-27814 + RESERVED +CVE-2021-27813 + RESERVED +CVE-2021-27812 + RESERVED +CVE-2021-27811 (A code injection vulnerability has been discovered in the Upgrade func ...) + NOT-FOR-US: QibosoftX1 +CVE-2021-27810 + RESERVED +CVE-2021-27809 + RESERVED +CVE-2021-27808 + RESERVED +CVE-2021-27807 (A carefully crafted PDF file can trigger an infinite loop while loadin ...) + - libpdfbox2-java 2.0.23-1 (bug #986006) + [buster] - libpdfbox2-java <no-dsa> (Minor issue) + - libpdfbox-java <not-affected> (Only affects 2.x) + NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/9 +CVE-2021-27806 + RESERVED +CVE-2021-27805 + RESERVED +CVE-2021-27804 (JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. ...) + - jpeg-xl <itp> (bug #948862) +CVE-2021-27802 + REJECTED +CVE-2021-27801 + RESERVED +CVE-2021-27800 + RESERVED +CVE-2021-27799 (ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 ...) + - zint 2.9.1-1.1 (bug #983610) + NOTE: https://sourceforge.net/p/zint/tickets/218/ + NOTE: https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/ +CVE-2021-27798 + RESERVED +CVE-2021-27797 (Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all v ...) + NOT-FOR-US: Brocade +CVE-2021-27796 (A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS ...) + NOT-FOR-US: Brocade +CVE-2021-27795 + RESERVED +CVE-2021-27794 (A vulnerability in the authentication mechanism of Brocade Fabric OS v ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2021-27793 (ntermittent authorization failure in aaa tacacs+ with Brocade Fabric O ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2021-27792 (The request handling functions in web management interface of Brocade ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2021-27791 (The function that is used to parse the Authentication header in Brocad ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2021-27790 (The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9 ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2021-27789 + RESERVED +CVE-2021-27788 + RESERVED +CVE-2021-27787 + RESERVED +CVE-2021-27786 + RESERVED +CVE-2021-27785 + RESERVED +CVE-2021-27784 + RESERVED +CVE-2021-27783 + RESERVED +CVE-2021-27782 + RESERVED +CVE-2021-27781 + RESERVED +CVE-2021-27780 + RESERVED +CVE-2021-27779 + RESERVED +CVE-2021-27778 + RESERVED +CVE-2021-27777 + RESERVED +CVE-2021-27776 + RESERVED +CVE-2021-27775 + RESERVED +CVE-2021-27774 + RESERVED +CVE-2021-27773 + RESERVED +CVE-2021-27772 + RESERVED +CVE-2021-27771 + RESERVED +CVE-2021-27770 + RESERVED +CVE-2021-27769 + RESERVED +CVE-2021-27768 + RESERVED +CVE-2021-27767 + RESERVED +CVE-2021-27766 + RESERVED +CVE-2021-27765 + RESERVED +CVE-2021-27764 + RESERVED +CVE-2021-27763 + RESERVED +CVE-2021-27762 + RESERVED +CVE-2021-27761 + RESERVED +CVE-2021-27760 + RESERVED +CVE-2021-27759 + RESERVED +CVE-2021-27758 + RESERVED +CVE-2021-27757 + RESERVED +CVE-2021-27756 + RESERVED +CVE-2021-27755 ("Sametime Android potential path traversal vulnerability when using Fi ...) + NOT-FOR-US: HCL +CVE-2021-27754 + RESERVED +CVE-2021-27753 ("Sametime Android PathTraversal Vulnerability" ...) + NOT-FOR-US: HCL +CVE-2021-27752 + RESERVED +CVE-2021-27751 + RESERVED +CVE-2021-27750 + RESERVED +CVE-2021-27749 + RESERVED +CVE-2021-27748 + RESERVED +CVE-2021-27747 + RESERVED +CVE-2021-27746 ("HCL Connections Security Update for Reflected Cross-Site Scripting (X ...) + NOT-FOR-US: HCL +CVE-2021-27745 + RESERVED +CVE-2021-27744 + RESERVED +CVE-2021-27743 + RESERVED +CVE-2021-27742 + RESERVED +CVE-2021-27741 (" Security vulnerability in HCL Commerce Management Center allowing XM ...) + NOT-FOR-US: HCL +CVE-2021-27740 + RESERVED +CVE-2021-27739 + RESERVED +CVE-2021-27738 (All request mappings in `StreamingCoordinatorController.java` handling ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2021-27737 (Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on th ...) + - trafficserver <not-affected> (Only affects 9.x) +CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant b ...) + {DSA-4898-1 DLA-2581-1} + - wpa 2:2.9.0-21 + NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3 + NOTE: https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt + NOTE: https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch +CVE-2021-3417 (An internal product security audit of LXCO, prior to version 1.2.2, di ...) + NOT-FOR-US: Lenovo +CVE-2021-3416 (A potential stack overflow via infinite loop issue was found in variou ...) + {DLA-2623-1} + - qemu 1:5.2+dfsg-9 (bug #984448) + [buster] - qemu <postponed> (Minor issue) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07484.html + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e73adfbeec9d4e008630c814759052ed945c3fed + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=331d2ac9ea307c990dc86e6493e8f0c48d14bb33 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1caff0340f49c93d535c6558a5138d20d475315c + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=705df5466c98f3efdd2b68d3b31dad86858acad7 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=37cee01784ff0df13e5209517e1b3594a5e792d1 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=26194a58f4eb83c5bdf4061a1628508084450ba1 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5311fb805a4403bba024e83886fa0e7572265de4 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8c92060d3c0248bd4d515719a35922cd2391b9b4 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8c552542b81e56ff532dd27ec6e5328954bdda73 +CVE-2021-27736 (FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a for ...) + NOT-FOR-US: fusionauth-samlv2 +CVE-2021-27735 + RESERVED +CVE-2021-27734 (Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSe ...) + NOT-FOR-US: Hirschmann HiOS +CVE-2021-27733 (In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via ...) + NOT-FOR-US: JetBrains +CVE-2021-27732 + RESERVED +CVE-2021-27731 (Accellion FTA 9_12_432 and earlier is affected by stored XSS via a cra ...) + NOT-FOR-US: Accellion FTA +CVE-2021-27730 (Accellion FTA 9_12_432 and earlier is affected by argument injection v ...) + NOT-FOR-US: Accellion FTA +CVE-2021-27729 + RESERVED +CVE-2021-27728 + RESERVED +CVE-2021-27727 + RESERVED +CVE-2021-27726 + RESERVED +CVE-2021-27725 + RESERVED +CVE-2021-27724 + RESERVED +CVE-2021-27723 + REJECTED +CVE-2021-27722 (An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The progr ...) + NOT-FOR-US: Nsasoft US LLC SpotAuditor +CVE-2021-27721 + RESERVED +CVE-2021-27720 + RESERVED +CVE-2021-27719 + RESERVED +CVE-2021-27718 + RESERVED +CVE-2021-27717 + RESERVED +CVE-2021-27716 + RESERVED +CVE-2021-27715 + RESERVED +CVE-2021-27714 + RESERVED +CVE-2021-27713 + RESERVED +CVE-2021-27712 + RESERVED +CVE-2021-27711 + RESERVED +CVE-2021-27710 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...) + NOT-FOR-US: TOTOLINK X5000R router +CVE-2021-27709 + RESERVED +CVE-2021-27708 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...) + NOT-FOR-US: TOTOLINK X5000R router +CVE-2021-27707 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...) + NOT-FOR-US: Tenda routers +CVE-2021-27706 (Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.1 ...) + NOT-FOR-US: Tenda routers +CVE-2021-27705 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...) + NOT-FOR-US: Tenda routers +CVE-2021-27704 + RESERVED +CVE-2021-27703 + RESERVED +CVE-2021-27702 + RESERVED +CVE-2021-27701 + RESERVED +CVE-2021-27700 + RESERVED +CVE-2021-27699 + RESERVED +CVE-2021-27698 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/g ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2021-27697 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gn ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2021-27696 + RESERVED +CVE-2021-27695 (Multiple stored cross-site scripting (XSS) vulnerabilities in openMAIN ...) + NOT-FOR-US: openMAINT +CVE-2021-27694 + RESERVED +CVE-2021-27693 + RESERVED +CVE-2021-27692 (Command Injection in Tenda G1 and G3 routers with firmware versions v1 ...) + NOT-FOR-US: Tenda +CVE-2021-27691 (Command Injection in Tenda G0 routers with firmware versions v15.11.0. ...) + NOT-FOR-US: Tenda +CVE-2021-27690 + RESERVED +CVE-2021-27689 + RESERVED +CVE-2021-27688 + RESERVED +CVE-2021-27687 + RESERVED +CVE-2021-27686 + RESERVED +CVE-2021-27685 + RESERVED +CVE-2021-27684 + RESERVED +CVE-2021-27683 + RESERVED +CVE-2021-27682 + RESERVED +CVE-2021-27681 + RESERVED +CVE-2021-27680 + RESERVED +CVE-2021-27679 (Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS ...) + NOT-FOR-US: Batflat CMS +CVE-2021-27678 (Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1. ...) + NOT-FOR-US: Batflat CMS +CVE-2021-27677 (Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1 ...) + NOT-FOR-US: Batflat CMS +CVE-2021-27676 (Centreon version 20.10.2 is affected by a cross-site scripting (XSS) v ...) + - centreon-web <itp> (bug #913903) +CVE-2021-27675 + RESERVED +CVE-2021-27674 + RESERVED +CVE-2021-27673 (Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of ...) + NOT-FOR-US: Tribal Systems Zenario CMS +CVE-2021-27672 (SQL Injection in the "admin_boxes.ajax.php" component of Tribal System ...) + NOT-FOR-US: Tribal Systems Zenario CMS +CVE-2021-27671 (An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS ...) + NOT-FOR-US: comrak rust crate +CVE-2021-27670 (Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url ...) + NOT-FOR-US: Appspace +CVE-2021-27669 + RESERVED +CVE-2021-27668 (HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of lic ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-27667 + RESERVED +CVE-2021-27666 + RESERVED + NOT-FOR-US: Android +CVE-2021-27665 (An unauthenticated remote user could exploit a potential integer overf ...) + NOT-FOR-US: Johnson Controls +CVE-2021-27664 (Under certain configurations an unauthenticated remote user could be g ...) + NOT-FOR-US: exacqVision +CVE-2021-27663 (A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM ...) + NOT-FOR-US: Johnson Controls +CVE-2021-27662 (The KT-1 door controller is susceptible to replay or man-in-the-middle ...) + NOT-FOR-US: KT-1 door controller +CVE-2021-27661 (Successful exploitation of this vulnerability could give an authentica ...) + NOT-FOR-US: Facility Explorer SNC Series Supervisory Controller +CVE-2021-27660 (An insecure client auto update feature in C-CURE 9000 can allow remote ...) + NOT-FOR-US: C-CURE 9000 +CVE-2021-27659 (exacqVision Web Service 21.03 does not sufficiently validate, filter, ...) + NOT-FOR-US: exacqVision Web Service +CVE-2021-27658 (exacqVision Enterprise Manager 20.12 does not sufficiently validate, f ...) + NOT-FOR-US: exacqVision Enterprise Manager +CVE-2021-27657 (Successful exploitation of this vulnerability could give an authentica ...) + NOT-FOR-US: Johnson Controls Metasys +CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior could a ...) + NOT-FOR-US: exacqVision Web Service +CVE-2021-27655 + RESERVED +CVE-2021-27654 (Forgotten password reset functionality for local accounts can be used ...) + NOT-FOR-US: Pega +CVE-2021-27653 (Misconfiguration of the Pega Chat Access Group portal in Pega platform ...) + NOT-FOR-US: Pega +CVE-2021-27652 + RESERVED +CVE-2021-27651 (In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset f ...) + NOT-FOR-US: Pega +CVE-2021-3415 + RESERVED +CVE-2021-27650 + RESERVED +CVE-2021-27649 (Use after free vulnerability in file transfer protocol component in Sy ...) + NOT-FOR-US: Synology +CVE-2021-27648 (Externally controlled reference to a resource in another sphere in qua ...) + NOT-FOR-US: Synology +CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synolo ...) + NOT-FOR-US: Synology +CVE-2021-27646 (Use After Free vulnerability in iscsi_snapshot_comm_core in Synology D ...) + NOT-FOR-US: Synology +CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka glibc o ...) + - glibc 2.31-10 (bug #983479) + [buster] - glibc <no-dsa> (Minor issue) + [stretch] - glibc <no-dsa> (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27462 + NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=745664bd798ec8fd50438605948eea594179fba1 (glibc-2.29) + NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673 + NOTE: Introducing commit present in Debian since 2.28-1 with addition of + NOTE: https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919 +CVE-2021-27644 (In Apache DolphinScheduler before 1.3.6 versions, authorized users can ...) + NOT-FOR-US: Apache DolphinScheduler +CVE-2021-27643 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-27642 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-27641 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-27640 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-27639 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-27638 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-27637 (Under certain conditions SAP Enable Now (SAP Workforce Performance Bui ...) + NOT-FOR-US: SAP +CVE-2021-27636 + RESERVED +CVE-2021-27635 (SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, al ...) + NOT-FOR-US: SAP +CVE-2021-27634 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...) + NOT-FOR-US: SAP +CVE-2021-27633 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...) + NOT-FOR-US: SAP +CVE-2021-27632 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...) + NOT-FOR-US: SAP +CVE-2021-27631 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...) + NOT-FOR-US: SAP +CVE-2021-27630 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...) + NOT-FOR-US: SAP +CVE-2021-27629 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...) + NOT-FOR-US: SAP +CVE-2021-27628 (SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - K ...) + NOT-FOR-US: SAP +CVE-2021-27627 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) + NOT-FOR-US: SAP +CVE-2021-27626 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) + NOT-FOR-US: SAP +CVE-2021-27625 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) + NOT-FOR-US: SAP +CVE-2021-27624 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) + NOT-FOR-US: SAP +CVE-2021-27623 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) + NOT-FOR-US: SAP +CVE-2021-27622 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) + NOT-FOR-US: SAP +CVE-2021-27621 (Information Disclosure vulnerability in UserAdmin application in SAP N ...) + NOT-FOR-US: SAP +CVE-2021-27620 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...) + NOT-FOR-US: SAP +CVE-2021-27619 (SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2 ...) + NOT-FOR-US: SAP +CVE-2021-27618 (The Integration Builder Framework of SAP Process Integration versions ...) + NOT-FOR-US: SAP +CVE-2021-27617 (The Integration Builder Framework of SAP Process Integration versions ...) + NOT-FOR-US: SAP +CVE-2021-27616 (Under certain conditions, SAP Business One Hana Chef Cookbook, version ...) + NOT-FOR-US: SAP +CVE-2021-27615 (SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does n ...) + NOT-FOR-US: SAP +CVE-2021-27614 (SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9 ...) + NOT-FOR-US: SAP +CVE-2021-27613 (Under certain conditions, SAP Business One Chef cookbook, version - 9. ...) + NOT-FOR-US: SAP +CVE-2021-27612 (In specific situations SAP GUI for Windows until and including 7.60 PL ...) + NOT-FOR-US: SAP +CVE-2021-27611 (SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a hig ...) + NOT-FOR-US: SAP +CVE-2021-27610 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, ...) + NOT-FOR-US: SAP +CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary authoriz ...) + NOT-FOR-US: SAP +CVE-2021-27608 (An unquoted service path in SAPSetup, version - 9.0, could lead to pri ...) + NOT-FOR-US: SAPSetup +CVE-2021-27607 (SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - K ...) + NOT-FOR-US: SAP +CVE-2021-27606 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...) + NOT-FOR-US: SAP +CVE-2021-27605 (SAP's HCM Travel Management Fiori Apps V2, version - 608, does not per ...) + NOT-FOR-US: SAP +CVE-2021-27604 (In order to prevent XML External Entity vulnerability in SAP NetWeaver ...) + NOT-FOR-US: SAP +CVE-2021-27603 (An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABA ...) + NOT-FOR-US: SAP +CVE-2021-27602 (SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice appl ...) + NOT-FOR-US: SAP +CVE-2021-27601 (SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a ...) + NOT-FOR-US: SAP +CVE-2021-27600 (SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15. ...) + NOT-FOR-US: SAP +CVE-2021-27599 (SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Int ...) + NOT-FOR-US: SAP +CVE-2021-27598 (SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions ...) + NOT-FOR-US: SAP +CVE-2021-27597 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...) + NOT-FOR-US: SAP +CVE-2021-27596 (When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) fil ...) + NOT-FOR-US: SAP +CVE-2021-27595 (When a user opens manipulated Portable Document Format (.PDF) files re ...) + NOT-FOR-US: SAP +CVE-2021-27594 (When a user opens manipulated Windows Bitmap (.BMP) files received fro ...) + NOT-FOR-US: SAP +CVE-2021-27593 (When a user opens manipulated Graphics Interchange Format (.GIF) files ...) + NOT-FOR-US: SAP +CVE-2021-27592 (When a user opens manipulated Universal 3D (.U3D) files received from ...) + NOT-FOR-US: SAP +CVE-2021-27591 (When a user opens manipulated Portable Document Format (.PDF) format f ...) + NOT-FOR-US: SAP +CVE-2021-27590 (When a user opens manipulated Tag Image File Format (.TIFF) format fil ...) + NOT-FOR-US: SAP +CVE-2021-27589 (When a user opens manipulated Scalable Vector Graphics (.SVG) format f ...) + NOT-FOR-US: SAP +CVE-2021-27588 (When a user opens manipulated HPGL format files received from untruste ...) + NOT-FOR-US: SAP +CVE-2021-27587 (When a user opens manipulated Jupiter Tessellation (.JT) format files ...) + NOT-FOR-US: SAP +CVE-2021-27586 (When a user opens manipulated Interchange File Format (.IFF) format fi ...) + NOT-FOR-US: SAP +CVE-2021-27585 (When a user opens manipulated Computer Graphics Metafile (.CGM) format ...) + NOT-FOR-US: SAP +CVE-2021-27584 (When a user opens manipulated PhotoShop Document (.PSD) format files r ...) + NOT-FOR-US: SAP +CVE-2021-27583 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...) + NOT-FOR-US: Directus +CVE-2021-27582 (org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Co ...) + NOT-FOR-US: OpenID Connect server implementation for MITREid Connect +CVE-2021-27581 (The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL inject ...) + NOT-FOR-US: Kentico CMS +CVE-2021-27580 + RESERVED +CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on ...) + NOT-FOR-US: Snow Inventory Agent +CVE-2021-27578 (Cross Site Scripting vulnerability in markdown interpreter of Apache Z ...) + NOT-FOR-US: Apache Zeppelin +CVE-2021-27577 (Incorrect handling of url fragment vulnerability of Apache Traffic Ser ...) + {DSA-4957-1} + - trafficserver 8.1.1+ds-1.1 (bug #990303) + NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) + NOTE: https://github.com/apache/trafficserver/commit/2b13eb33794574e62249997b4ba654d943a10f2d (master) + NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) +CVE-2021-27576 (If was found that the NetTest web service can be used to overload the ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2021-27575 + RESERVED +CVE-2021-27574 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses ...) + NOT-FOR-US: Emote Remote Mouse +CVE-2021-27573 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote ...) + NOT-FOR-US: Emote Remote Mouse +CVE-2021-27572 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authent ...) + NOT-FOR-US: Emote Remote Mouse +CVE-2021-27571 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attacke ...) + NOT-FOR-US: Emote Remote Mouse +CVE-2021-27570 (An issue was discovered in Emote Remote Mouse through 3.015. Attackers ...) + NOT-FOR-US: Emote Remote Mouse +CVE-2021-27569 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attacke ...) + NOT-FOR-US: Emote Remote Mouse +CVE-2021-27568 (An issue was discovered in netplex json-smart-v1 through 2015-10-23 an ...) + NOT-FOR-US: netplex +CVE-2021-27567 + RESERVED +CVE-2021-27566 + RESERVED +CVE-2021-3414 + RESERVED + NOT-FOR-US: Red Hat Satellite +CVE-2021-27565 (The web server in InterNiche NicheStack through 4.0.1 allows remote at ...) + NOT-FOR-US: InterNiche NicheStack +CVE-2021-27564 (A stored XSS issue exists in Appspace 6.2.4. After a user is authentic ...) + NOT-FOR-US: Appspace +CVE-2021-27563 + RESERVED +CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may trigger a syst ...) + NOT-FOR-US: Arm Trusted Firmware M +CVE-2021-27561 (Yealink Device Management (DM) 3.6.0.20 allows command injection as ro ...) + NOT-FOR-US: Yealink Device Management +CVE-2021-27560 + RESERVED +CVE-2021-27559 (The Contact page in Monica 2.19.1 allows stored XSS via the Nickname f ...) + NOT-FOR-US: Monica +CVE-2021-27558 (A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows re ...) + NOT-FOR-US: EasyCorp ZenTao +CVE-2021-27557 (A cross-site request forgery (CSRF) vulnerability in the Cron job tab ...) + NOT-FOR-US: EasyCorp ZenTao +CVE-2021-27556 (The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (wh ...) + NOT-FOR-US: EasyCorp ZenTao +CVE-2021-27555 + RESERVED +CVE-2021-27554 + RESERVED +CVE-2021-27553 + RESERVED +CVE-2021-27552 + RESERVED +CVE-2021-27551 + RESERVED +CVE-2021-27550 (Polaris Office v9.102.66 is affected by a divide-by-zero error in Pola ...) + NOT-FOR-US: Polaris Office +CVE-2021-27549 (** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipb ...) + NOT-FOR-US: Genymotion Desktop +CVE-2021-27548 + RESERVED +CVE-2021-27547 + RESERVED +CVE-2021-27546 + RESERVED +CVE-2021-27545 (SQL Injection in the "add-services.php" component of PHPGurukul Beauty ...) + NOT-FOR-US: PHPGurukul Beauty Parlour Management System +CVE-2021-27544 (Cross Site Scripting (XSS) in the "add-services.php" component of PHPG ...) + NOT-FOR-US: PHPGurukul Beauty Parlour Management System +CVE-2021-27543 + RESERVED +CVE-2021-27542 + RESERVED +CVE-2021-27541 + RESERVED +CVE-2021-27540 + RESERVED +CVE-2021-27539 + RESERVED +CVE-2021-27538 + RESERVED +CVE-2021-27537 + RESERVED +CVE-2021-27536 + RESERVED +CVE-2021-27535 + RESERVED +CVE-2021-27534 + RESERVED +CVE-2021-27533 + RESERVED +CVE-2021-27532 + RESERVED +CVE-2021-27531 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...) + NOT-FOR-US: DynPG +CVE-2021-27530 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...) + NOT-FOR-US: DynPG +CVE-2021-27529 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...) + NOT-FOR-US: DynPG +CVE-2021-27528 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...) + NOT-FOR-US: DynPG +CVE-2021-27527 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...) + NOT-FOR-US: DynPG +CVE-2021-27526 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...) + NOT-FOR-US: DynPG +CVE-2021-27525 + RESERVED +CVE-2021-27524 + RESERVED +CVE-2021-27523 + RESERVED +CVE-2021-27522 (Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability ...) + NOT-FOR-US: Learnsite +CVE-2021-27521 + RESERVED +CVE-2021-27520 (A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote att ...) + NOT-FOR-US: FUDForum +CVE-2021-27519 (A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote att ...) + NOT-FOR-US: FUDForum +CVE-2021-27518 + RESERVED +CVE-2021-27517 (Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary Jav ...) + NOT-FOR-US: Foxit +CVE-2021-27516 (URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash ...) + NOT-FOR-US: urijs +CVE-2021-27515 (url-parse before 1.5.0 mishandles certain uses of backslash such as ht ...) + - node-url-parse 1.5.1-1 (bug #985110) + [buster] - node-url-parse <no-dsa> (Minor issue) + [stretch] - node-url-parse <no-dsa> (Minor issue) + NOTE: https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0 (1.5.0) + NOTE: https://github.com/unshiftio/url-parse/pull/197 +CVE-2021-27514 (EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for th ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2021-27513 (The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authentica ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2021-27512 + RESERVED +CVE-2021-27511 + RESERVED +CVE-2021-27510 + RESERVED +CVE-2021-27509 (In Visualware MyConnection Server before 11.0b build 5382, each publis ...) + NOT-FOR-US: Visualware MyConnection Server +CVE-2021-27508 + RESERVED +CVE-2021-27507 + RESERVED +CVE-2021-27506 (The ClamAV Engine (version 0.103.1 and below) component embedded in St ...) + NOT-FOR-US: Stormshield Network Security (SNS) +CVE-2021-27505 + RESERVED +CVE-2021-27504 + RESERVED +CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...) + NOT-FOR-US: Ypsomed +CVE-2021-27502 + RESERVED +CVE-2021-27501 + RESERVED +CVE-2021-27500 + RESERVED +CVE-2021-27499 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...) + NOT-FOR-US: Ypsomed +CVE-2021-27498 + RESERVED +CVE-2021-27497 + RESERVED +CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...) + NOT-FOR-US: Datakit +CVE-2021-27495 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...) + NOT-FOR-US: Ypsomed +CVE-2021-27494 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...) + NOT-FOR-US: Datakit +CVE-2021-27493 + RESERVED +CVE-2021-27492 (When opening a specially crafted 3DXML file, the application containin ...) + NOT-FOR-US: Datakit +CVE-2021-27491 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...) + NOT-FOR-US: Ypsomed +CVE-2021-27490 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...) + NOT-FOR-US: Datakit +CVE-2021-27489 (ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allo ...) + NOT-FOR-US: ZOLL Defibrillator Dashboard +CVE-2021-27488 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...) + NOT-FOR-US: Datakit +CVE-2021-27487 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products co ...) + NOT-FOR-US: ZOLL Defibrillator Dashboard +CVE-2021-27486 (FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to ...) + NOT-FOR-US: Fatek Automation WinProladder +CVE-2021-27485 (ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows us ...) + NOT-FOR-US: ZOLL Defibrillator Dashboard +CVE-2021-27484 + RESERVED +CVE-2021-27483 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products con ...) + NOT-FOR-US: ZOLL Defibrillator Dashboard +CVE-2021-27482 + RESERVED +CVE-2021-27481 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products ut ...) + NOT-FOR-US: ZOLL Defibrillator Dashboard +CVE-2021-27480 (Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnera ...) + NOT-FOR-US: Delta Industrial Automation COMMGR +CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product̵ ...) + NOT-FOR-US: ZOLL Defibrillator Dashboard +CVE-2021-27478 + RESERVED +CVE-2021-27477 (When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus ...) + NOT-FOR-US: JTEKT +CVE-2021-27476 + RESERVED +CVE-2021-27475 + RESERVED +CVE-2021-27474 + RESERVED +CVE-2021-27473 + RESERVED +CVE-2021-27472 + RESERVED +CVE-2021-27471 + RESERVED +CVE-2021-27470 + RESERVED +CVE-2021-27469 + RESERVED +CVE-2021-27468 + RESERVED +CVE-2021-27467 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) + NOT-FOR-US: Emerson +CVE-2021-27466 + RESERVED +CVE-2021-27465 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) + NOT-FOR-US: Emerson +CVE-2021-27464 + RESERVED +CVE-2021-27463 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) + NOT-FOR-US: Emerson +CVE-2021-27462 + RESERVED +CVE-2021-27461 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) + NOT-FOR-US: Emerson +CVE-2021-27460 + RESERVED +CVE-2021-27459 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) + NOT-FOR-US: Emerson +CVE-2021-27458 (If Ethernet communication of the JTEKT Corporation TOYOPUC product ser ...) + NOT-FOR-US: JTEKT Corporation TOYOPUC +CVE-2021-27457 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...) + NOT-FOR-US: Emerson +CVE-2021-27456 + RESERVED +CVE-2021-27455 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable ...) + NOT-FOR-US: Delta Electronics +CVE-2021-27454 (The software performs an operation at a privilege level higher than th ...) + NOT-FOR-US: GE +CVE-2021-27453 (Mesa Labs AmegaView Versions 3.0 uses default cookies that could be se ...) + NOT-FOR-US: Mesa Labs +CVE-2021-27452 (The software contains a hard-coded password that could allow an attack ...) + NOT-FOR-US: GE +CVE-2021-27451 (Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generat ...) + NOT-FOR-US: Mesa Labs +CVE-2021-27450 (SSH server configuration file does not implement some best practices. ...) + NOT-FOR-US: GE +CVE-2021-27449 (Mesa Labs AmegaView Versions 3.0 and prior has a command injection vul ...) + NOT-FOR-US: Mesa Labs +CVE-2021-27448 (A miscommunication in the file system allows adversaries with access t ...) + NOT-FOR-US: GE +CVE-2021-27447 (Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, ...) + NOT-FOR-US: Mesa Labs +CVE-2021-27446 + RESERVED +CVE-2021-27445 (Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissio ...) + NOT-FOR-US: Mesa Labs +CVE-2021-27444 + RESERVED +CVE-2021-27443 + RESERVED +CVE-2021-27442 + RESERVED +CVE-2021-27441 + RESERVED +CVE-2021-27440 (The software contains a hard-coded password it uses for its own inboun ...) + NOT-FOR-US: GE +CVE-2021-27439 + RESERVED +CVE-2021-27438 (The software contains a hard-coded password it uses for its own inboun ...) + NOT-FOR-US: GE +CVE-2021-27437 (The affected product allows attackers to obtain sensitive information ...) + NOT-FOR-US: WISE-PaaS +CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scr ...) + NOT-FOR-US: WebAccess/SCADA +CVE-2021-27435 + RESERVED +CVE-2021-27434 (Products with Unified Automation .NET based OPC UA Client/Server SDK B ...) + NOT-FOR-US: Unified Automation .NET +CVE-2021-27433 + RESERVED +CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC U ...) + NOT-FOR-US: OPC Foundation UA .NET +CVE-2021-27431 + RESERVED +CVE-2021-27430 + RESERVED +CVE-2021-27429 + RESERVED +CVE-2021-27428 + RESERVED +CVE-2021-27427 + RESERVED +CVE-2021-27426 + RESERVED +CVE-2021-27425 + RESERVED +CVE-2021-27424 + RESERVED +CVE-2021-27423 + RESERVED +CVE-2021-27422 + RESERVED +CVE-2021-27421 + RESERVED +CVE-2021-27420 + RESERVED +CVE-2021-27419 + RESERVED +CVE-2021-27418 + RESERVED +CVE-2021-27417 + RESERVED +CVE-2021-27416 + RESERVED +CVE-2021-27415 + RESERVED +CVE-2021-27414 + RESERVED +CVE-2021-27413 (Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0 ...) + NOT-FOR-US: Omron CX-One +CVE-2021-27412 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable ...) + NOT-FOR-US: Delta Electronics +CVE-2021-27411 + RESERVED +CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write, which ma ...) + NOT-FOR-US: Welch Allyn +CVE-2021-27409 + RESERVED +CVE-2021-27408 (The affected product is vulnerable to an out-of-bounds read, which can ...) + NOT-FOR-US: Welch Allyn +CVE-2021-27407 + RESERVED +CVE-2021-27406 + RESERVED +CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...) + NOT-FOR-US: Node scrapbox-parser +CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...) + NOT-FOR-US: Askey devices +CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-b ...) + NOT-FOR-US: Askey devices +CVE-2021-27402 (The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an u ...) + NOT-FOR-US: Mitel +CVE-2021-27401 (The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 coul ...) + NOT-FOR-US: Mitel +CVE-2021-27400 (HashiCorp Vault and Vault Enterprise Cassandra integrations (storage b ...) + NOT-FOR-US: HashiCorp Vault and Vault Enterprise +CVE-2021-3413 (A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm ...) + NOT-FOR-US: Red Hat Satellite +CVE-2021-3412 (It was found that all versions of 3Scale developer portal lacked brute ...) + NOT-FOR-US: Red Hat 3scale API Management +CVE-2021-27399 (A vulnerability has been identified in Simcenter Femap 2020.2 (All ver ...) + NOT-FOR-US: Simcenter (Siemens) +CVE-2021-27398 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Tecnomatix Plant Simulation +CVE-2021-27397 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Tecnomatix Plant Simulation +CVE-2021-27396 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Tecnomatix Plant Simulation +CVE-2021-27395 (A vulnerability has been identified in SIMATIC Process Historian 2013 ...) + NOT-FOR-US: Siemens +CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Mendix Applications (Siemens) +CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...) + NOT-FOR-US: Nucleus (Siemens) +CVE-2021-27392 (A vulnerability has been identified in Siveillance Video Open Network ...) + NOT-FOR-US: Siveillance +CVE-2021-27391 (A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) ...) + NOT-FOR-US: Siemens +CVE-2021-27390 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) + NOT-FOR-US: Siemens +CVE-2021-27389 (A vulnerability has been identified in Opcenter Quality (All versions ...) + NOT-FOR-US: Opcenter Quality +CVE-2021-27388 (SINAMICS medium voltage routable products are affected by a vulnerabil ...) + NOT-FOR-US: Siemens +CVE-2021-27387 (A vulnerability has been identified in Simcenter Femap 2020.2 (All ver ...) + NOT-FOR-US: Simcenter (Siemens) +CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) + NOT-FOR-US: Siemens +CVE-2021-27385 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) + NOT-FOR-US: Siemens +CVE-2021-27384 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) + NOT-FOR-US: Siemens +CVE-2021-27383 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) + NOT-FOR-US: Siemens +CVE-2021-27382 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...) + NOT-FOR-US: Solid Edge (Siemens) +CVE-2021-27381 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) + NOT-FOR-US: Solid Edge SE2020 +CVE-2021-27380 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...) + NOT-FOR-US: Solid Edge SE2020 +CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM ...) + {DSA-4888-1} + - xen 4.14.0+80-gd101b417b7-1 + [stretch] - xen <not-affected> (Incomplete fix for CVE-2020-15565 not applied) + NOTE: https://xenbits.xen.org/xsa/advisory-366.html + NOTE: Mark first version in 4.14.x which landed in unstable as fixed, though + NOTE: the issue more precisely only affects Xen versions up to 4.11 with version + NOTE: containing broken backport for XSA-321 / CVE-2020-15565 +CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2 for Rust. ...) + - rust-rand-core <not-affected> (0.5.1 not affected, see #985087) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0023.html +CVE-2021-27377 (An issue was discovered in the yottadb crate before 1.2.0 for Rust. Fo ...) + NOT-FOR-US: Rust crate yottadb +CVE-2021-27376 (An issue was discovered in the nb-connect crate before 1.0.3 for Rust. ...) + NOT-FOR-US: Rust crate nb-connect +CVE-2021-27375 (Traefik before 2.4.5 allows the loading of IFRAME elements from other ...) + NOT-FOR-US: Traefik +CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before p ...) + NOT-FOR-US: VertiGIS WebOffice +CVE-2021-27373 + RESERVED +CVE-2021-27372 (Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may ...) + NOT-FOR-US: Realtek xPON RTL9601D SDK +CVE-2021-27371 (The Contact page in Monica 2.19.1 allows stored XSS via the Descriptio ...) + NOT-FOR-US: Monica +CVE-2021-27370 (The Contact page in Monica 2.19.1 allows stored XSS via the Last Name ...) + NOT-FOR-US: Monica +CVE-2021-27369 (The Contact page in Monica 2.19.1 allows stored XSS via the Middle Nam ...) + NOT-FOR-US: Monica +CVE-2021-27368 (The Contact page in Monica 2.19.1 allows stored XSS via the First Name ...) + NOT-FOR-US: Monica +CVE-2021-27367 (Controller/Backend/FileEditController.php and Controller/Backend/Filem ...) + NOT-FOR-US: Bolt CMS +CVE-2021-27366 + RESERVED +CVE-2021-27365 (An issue was discovered in the Linux kernel through 5.11.3. Certain iS ...) + {DLA-2610-1 DLA-2586-1} + - linux 5.10.24-1 + [buster] - linux 4.19.181-1 + NOTE: https://git.kernel.org/linus/ec98ea7070e94cc25a422ec97d1421e28d97b7ee + NOTE: https://git.kernel.org/linus/f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5 +CVE-2021-27364 (An issue was discovered in the Linux kernel through 5.11.3. drivers/sc ...) + {DLA-2610-1 DLA-2586-1} + - linux 5.10.24-1 + [buster] - linux 4.19.181-1 + NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa +CVE-2021-27363 (An issue was discovered in the Linux kernel through 5.11.3. A kernel p ...) + {DLA-2610-1 DLA-2586-1} + - linux 5.10.24-1 + [buster] - linux 4.19.181-1 + NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa +CVE-2021-27362 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Vio ...) + NOT-FOR-US: WPG plugin for IrfanView +CVE-2021-27361 + RESERVED +CVE-2021-27360 + RESERVED +CVE-2021-27359 + RESERVED +CVE-2021-27358 (The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unaut ...) + - grafana <removed> +CVE-2021-27357 (RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/g ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2021-27356 + RESERVED +CVE-2021-27355 + RESERVED +CVE-2021-27354 + RESERVED +CVE-2021-27353 + RESERVED +CVE-2021-27352 (An open redirect vulnerability in Ilch CMS version 2.1.42 allows attac ...) + NOT-FOR-US: Ilch CMS +CVE-2021-27351 (The Terminate Session feature in the Telegram application through 7.2. ...) + - telegram-desktop 2.6.1-1 + [buster] - telegram-desktop <not-affected> (Vulnerable code not present) + NOTE: https://0ffsecninja.github.io/Telegram:CVE-2021-2735.html + NOTE: Probably fixed earlier than 2.6.1, but marking that fixed in absence of further details + NOTE: (maintainer reached out to upstream for confirmation that 2.6.1 is fixed and buster + NOTE: not affected) +CVE-2021-27350 + RESERVED +CVE-2021-27349 (Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a diffe ...) + NOT-FOR-US: WooCommerce +CVE-2021-27348 + RESERVED +CVE-2021-27347 (Use after free in lzma_decompress_buf function in stream.c in Irzip 0. ...) + - lrzip <unfixed> (unimportant; bug #990583) + NOTE: https://github.com/ckolivas/lrzip/issues/165 + NOTE: Crash in CLI tool, no security impact +CVE-2021-27346 + RESERVED +CVE-2021-27345 (A null pointer dereference was discovered in ucompthread in stream.c i ...) + - lrzip <unfixed> (unimportant) + NOTE: https://github.com/ckolivas/lrzip/issues/164 + NOTE: Crash in CLI tool, no security impact +CVE-2021-27344 + RESERVED +CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...) + NOT-FOR-US: SerenityOS +CVE-2021-27342 (An authentication brute-force protection mechanism bypass in telnetd i ...) + NOT-FOR-US: D-Link +CVE-2021-27341 (OpenSIS Community Edition version <= 7.6 is affected by a local fil ...) + NOT-FOR-US: OpenSIS +CVE-2021-27340 (OpenSIS Community Edition version <= 7.6 is affected by a reflected ...) + NOT-FOR-US: OpenSIS +CVE-2021-27339 + RESERVED +CVE-2021-27338 (Faraday Edge before 3.7 allows XSS via the network/create/ page and it ...) + NOT-FOR-US: Faraday Edge +CVE-2021-27337 + RESERVED +CVE-2021-27336 + RESERVED +CVE-2021-27335 (KollectApps before 4.8.16c is affected by insecure Java deserializatio ...) + NOT-FOR-US: KollectApps +CVE-2021-27334 + RESERVED +CVE-2021-27333 + RESERVED +CVE-2021-27332 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...) + NOT-FOR-US: CASAP Automated Enrollment System +CVE-2021-27331 + RESERVED +CVE-2021-27330 (Triconsole Datepicker Calendar <3.77 is affected by cross-site scri ...) + NOT-FOR-US: Triconsole Datepicker Calendar +CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or ...) + NOT-FOR-US: Friendica +CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Trave ...) + NOT-FOR-US: Yeastar NeoGate TG400 91.3.0.3 devices +CVE-2021-27327 + RESERVED +CVE-2021-27326 + RESERVED +CVE-2021-27325 + RESERVED +CVE-2021-27324 + RESERVED +CVE-2021-27323 + RESERVED +CVE-2021-27322 + RESERVED +CVE-2021-27321 + RESERVED +CVE-2021-27320 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...) + NOT-FOR-US: Doctor Appointment System +CVE-2021-27319 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...) + NOT-FOR-US: Doctor Appointment System +CVE-2021-27318 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...) + NOT-FOR-US: Doctor Appointment System +CVE-2021-27317 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...) + NOT-FOR-US: Doctor Appointment System +CVE-2021-27316 (Blind SQL injection in contactus.php in doctor appointment system 1.0 ...) + NOT-FOR-US: Doctor Appointment System +CVE-2021-27315 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...) + NOT-FOR-US: Doctor Appointment System +CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allows an ...) + NOT-FOR-US: doctor appointment system +CVE-2021-27313 + RESERVED +CVE-2021-27312 + RESERVED +CVE-2021-27311 + RESERVED +CVE-2021-27310 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "langua ...) + NOT-FOR-US: Clansphere CMS +CVE-2021-27309 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module ...) + NOT-FOR-US: Clansphere CMS +CVE-2021-27308 (A cross-site scripting (XSS) vulnerability in the admin login panel in ...) + NOT-FOR-US: 4images +CVE-2021-27307 + RESERVED +CVE-2021-27306 (An improper access control vulnerability in the JWT plugin in Kong Gat ...) + NOT-FOR-US: Kong Gateway +CVE-2021-27305 + RESERVED +CVE-2021-27304 + RESERVED +CVE-2021-27303 + RESERVED +CVE-2021-27302 + RESERVED +CVE-2021-27301 + RESERVED +CVE-2021-27300 + RESERVED +CVE-2021-27299 + RESERVED +CVE-2021-27298 + RESERVED +CVE-2021-27297 + RESERVED +CVE-2021-27296 + RESERVED +CVE-2021-27295 + RESERVED +CVE-2021-27294 + RESERVED +CVE-2021-27293 (RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is ...) + NOT-FOR-US: RestSharp +CVE-2021-27292 (ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression ...) + - node-ua-parser-js 0.7.24+ds-1 (bug #985568) + [buster] - node-ua-parser-js <no-dsa> (Minor issue) + NOTE: https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76 + NOTE: https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566 +CVE-2021-27291 (In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming ...) + {DSA-4889-1 DSA-4878-1 DLA-2648-1 DLA-2600-1} + - pygments 2.7.1+dfsg-2.1 (bug #985574) + - mediawiki 1:1.35.2-1 + NOTE: https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce + NOTE: https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14 +CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expre ...) + - node-ssri 8.0.1-1 (bug #985841) + [buster] - node-ssri <no-dsa> (Minor issue) + NOTE: https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf + NOTE: https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2 (v8.0.1) +CVE-2021-27289 + RESERVED +CVE-2021-27288 (Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attack ...) + NOT-FOR-US: X2Engine X2CRM +CVE-2021-27287 + RESERVED +CVE-2021-27286 + RESERVED +CVE-2021-27285 + RESERVED +CVE-2021-27284 + RESERVED +CVE-2021-27283 + RESERVED +CVE-2021-27282 + RESERVED +CVE-2021-27281 + RESERVED +CVE-2021-27280 + RESERVED +CVE-2021-27279 (MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCo ...) + NOT-FOR-US: MyBB +CVE-2021-27278 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-27277 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: SolarWinds +CVE-2021-27276 (This vulnerability allows remote attackers to delete arbitrary files o ...) + NOT-FOR-US: Netgear +CVE-2021-27275 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Netgear +CVE-2021-27274 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Netgear +CVE-2021-27273 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Netgear +CVE-2021-27272 (This vulnerability allows remote attackers to delete arbitrary files o ...) + NOT-FOR-US: Netgear +CVE-2021-27271 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2021-27270 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2021-27269 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2021-27268 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2021-27267 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2021-27266 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2021-27265 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2021-27264 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2021-27263 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2021-27262 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2021-27261 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2021-27260 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-27259 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-27258 (This vulnerability allows remote attackers to execute escalate privile ...) + NOT-FOR-US: SolarWinds +CVE-2021-27257 (This vulnerability allows network-adjacent attackers to compromise the ...) + NOT-FOR-US: Netgear +CVE-2021-27256 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2021-27255 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Netgear +CVE-2021-27254 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: Netgear +CVE-2021-27253 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2021-27252 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2021-27251 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2021-27250 (This vulnerability allows network-adjacent attackers to disclose sensi ...) + NOT-FOR-US: D-Link +CVE-2021-27249 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-27248 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-27247 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: WeChat +CVE-2021-27246 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: TP-Link +CVE-2021-27245 (This vulnerability allows a firewall bypass on affected installations ...) + NOT-FOR-US: TP-Link +CVE-2021-27244 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels +CVE-2021-27243 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2021-27242 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2021-27241 (This vulnerability allows local attackers to delete arbitrary director ...) + NOT-FOR-US: Avast +CVE-2021-27240 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: SolarWinds +CVE-2021-27239 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2021-27238 + RESERVED +CVE-2021-27237 (The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) ...) + NOT-FOR-US: BlackCat CMS +CVE-2021-27236 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfil ...) + NOT-FOR-US: Mutare Voice (EVM) +CVE-2021-27235 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...) + NOT-FOR-US: Mutare Voice (EVM) +CVE-2021-27234 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The we ...) + NOT-FOR-US: Mutare Voice (EVM) +CVE-2021-27233 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...) + NOT-FOR-US: Mutare Voice (EVM) +CVE-2021-27232 (The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.1 ...) + NOT-FOR-US: Pelco Digital Sentry Server +CVE-2021-27231 (Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, ...) + NOT-FOR-US: Hestia Control Panel +CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Inj ...) + NOT-FOR-US: ExpressionEngine +CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim navigates ...) + {DLA-2562-1} + - mumble 1.3.4-1 (bug #982904) + [buster] - mumble 1.3.0~git20190125.440b173+dfsg-2+deb10u1 + NOTE: https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648 + NOTE: https://github.com/mumble-voip/mumble/pull/4733 +CVE-2021-27228 (An issue was discovered in Shinobi through ocean version 1. lib/auth.j ...) + NOT-FOR-US: Shinobi +CVE-2021-27227 + RESERVED +CVE-2021-27226 + RESERVED +CVE-2021-27225 (In Dataiku DSS before 8.0.6, insufficient access control in the Jupyte ...) + NOT-FOR-US: Dataiku DSS +CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write ...) + NOT-FOR-US: WPG plugin for IrfanView +CVE-2021-27223 + RESERVED +CVE-2021-27222 (In the "Time in Status" app before 4.13.0 for Jira, remote authenticat ...) + NOT-FOR-US: "Time in Status" app +CVE-2021-27221 (** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ft ...) + NOT-FOR-US: MikroTik RouterOS +CVE-2021-27220 (An issue was discovered in PRTG Network Monitor before 21.1.66.1623. B ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of Yubico y ...) + NOT-FOR-US: YubiHSM 2 SDK +CVE-2021-27216 (Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By lev ...) + - exim4 4.94.2-1 + [buster] - exim4 <not-affected> (Vulnerable code introduced later) + [stretch] - exim4 <not-affected> (Vulnerable code introduced later) + NOTE: Introduced by: https://git.exim.org/exim.git/commit/01446a56c76aa5ac3213a86f8992a2371a8301f3 (exim-4_94_RC0) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 +CVE-2021-27215 (An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x thro ...) + NOT-FOR-US: genua genugate +CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the ProductConfi ...) + NOT-FOR-US: Zoho ManageEngine ADSelfService Plus +CVE-2021-27213 (config.py in pystemon before 2021-02-13 allows code execution via YAML ...) + NOT-FOR-US: pystemon +CVE-2021-27212 (In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion ...) + {DSA-4860-1 DLA-2574-1} + - openldap 2.4.57+dfsg-2 + NOTE: https://bugs.openldap.org/show_bug.cgi?id=9454 + NOTE: trunk: https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0 + NOTE: REL_ENG 2.4.x: https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30 +CVE-2021-27211 (steghide 0.5.1 relies on a certain 32-bit seed value, which makes it e ...) + - steghide <unfixed> (bug #983267) + [bullseye] - steghide <no-dsa> (Minor issue) + [buster] - steghide <no-dsa> (Minor issue) + [stretch] - steghide <postponed> (Minor issue; can be fixed in next DLA) + NOTE: https://github.com/b4shfire/stegcrack +CVE-2021-27210 (TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retri ...) + NOT-FOR-US: TP-Link +CVE-2021-27209 (In the management interface on TP-Link Archer C5v 1.7_181221 devices, ...) + NOT-FOR-US: TP-Link +CVE-2021-27208 (When booting a Zync-7000 SOC device from nand flash memory, the nand d ...) + NOT-FOR-US: Zync-7000 SOC device +CVE-2021-27207 + RESERVED +CVE-2021-27206 + RESERVED +CVE-2021-3411 (A flaw was found in the Linux kernel in versions prior to 5.10. A viol ...) + - linux 5.9.15-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) +CVE-2021-3410 (A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in c ...) + {DLA-2584-1} + - libcaca 0.99.beta19-2.2 (bug #983686) + [buster] - libcaca <no-dsa> (Minor issue) + NOTE: https://github.com/cacalabs/libcaca/issues/52 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928437 + NOTE: https://github.com/cacalabs/libcaca/commit/46b4ea7cea72d6b3ffe65d33e604b1774dcc2bbd + NOTE: https://github.com/cacalabs/libcaca/commit/e4968ba6e93e9fd35429eb16895c785c51072015 +CVE-2021-27205 (Telegram before 7.4 (212543) Stable on macOS stores the local copy of ...) + NOT-FOR-US: Telegram for MacOS +CVE-2021-27204 (Telegram before 7.4 (212543) Stable on macOS stores the local passcode ...) + NOT-FOR-US: Telegram for MacOS +CVE-2021-27203 (In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for ...) + NOT-FOR-US: Dekart Private Disk +CVE-2021-27202 + RESERVED +CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in session file] + - spip 3.2.9-1 + [buster] - spip 3.2.4-1+deb10u4 + [stretch] - spip 3.1.4-4~deb9u4+deb9u1 +CVE-2021-27201 (Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated ...) + NOT-FOR-US: Endian Firewall Community (aka EFW) +CVE-2021-27200 (In WoWonder 3.0.4, remote attackers can take over any account due to t ...) + NOT-FOR-US: WoWonder +CVE-2021-27199 + RESERVED +CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server before v11.1 ...) + NOT-FOR-US: Visualware MyConnection Server +CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...) + NOT-FOR-US: Pelco Digital Sentry Server +CVE-2021-27196 (Improper Input Validation vulnerability in Hitachi ABB Power Grids Rel ...) + NOT-FOR-US: Hitachi +CVE-2021-27195 (Improper Authorization vulnerability in Netop Vision Pro up to and inc ...) + NOT-FOR-US: Netop Vision Pro +CVE-2021-27194 (Cleartext transmission of sensitive information in Netop Vision Pro up ...) + NOT-FOR-US: Netop Vision Pro +CVE-2021-27193 (Incorrect default permissions vulnerability in the API of Netop Vision ...) + NOT-FOR-US: Netop Vision Pro +CVE-2021-27192 (Local privilege escalation vulnerability in Windows clients of Netop V ...) + NOT-FOR-US: Netop Vision Pro +CVE-2021-27191 (The get-ip-range package before 4.0.0 for Node.js is vulnerable to den ...) + NOT-FOR-US: Node get-ip-range +CVE-2021-3408 + RESERVED + NOTE: Red Hat duplicate for CVE-2021-20233 +CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEE ...) + NOT-FOR-US: PEEL Shopping cart +CVE-2021-27189 (The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certifica ...) + NOT-FOR-US: CIRA Canadian Shield app +CVE-2021-27188 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 al ...) + NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator +CVE-2021-27187 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 st ...) + NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator +CVE-2021-27186 (Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc re ...) + NOT-FOR-US: Fluent Bit +CVE-2021-27185 (The samba-client package before 4.0.0 for Node.js allows command injec ...) + NOT-FOR-US: Node samba-client +CVE-2021-27184 (Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity v ...) + NOT-FOR-US: Pelco Digital Sentry Server +CVE-2021-27183 (An issue was discovered in MDaemon before 20.0.4. Administrators can u ...) + NOT-FOR-US: MDaemon +CVE-2021-27182 (An issue was discovered in MDaemon before 20.0.4. There is an IFRAME i ...) + NOT-FOR-US: MDaemon +CVE-2021-27181 (An issue was discovered in MDaemon before 20.0.4. Remote Administratio ...) + NOT-FOR-US: MDaemon +CVE-2021-27180 (An issue was discovered in MDaemon before 20.0.4. There is Reflected X ...) + NOT-FOR-US: MDaemon +CVE-2021-27179 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27178 (An issue was discovered on FiberHome HG6245D devices through RP2613. S ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27177 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27176 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27175 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27174 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27173 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27172 (An issue was discovered on FiberHome HG6245D devices through RP2613. A ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27171 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27170 (An issue was discovered on FiberHome HG6245D devices through RP2613. B ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27169 (An issue was discovered on FiberHome AN5506-04-FA devices with firmwar ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27168 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27167 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27166 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27165 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27164 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27163 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27162 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27161 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27160 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27159 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27158 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27157 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27156 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27155 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27154 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27153 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27152 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27151 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27150 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27149 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27148 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27147 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27146 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27145 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27144 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27143 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27142 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27141 (An issue was discovered on FiberHome HG6245D devices through RP2613. C ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27140 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27139 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...) + NOT-FOR-US: FiberHome devices +CVE-2021-27138 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of uni ...) + [experimental] - u-boot 2021.04~rc3+dfsg-1 + - u-boot 2021.07+dfsg-2 (bug #983269) + [bullseye] - u-boot <no-dsa> (Minor issue) + [buster] - u-boot <no-dsa> (Minor issue) + [stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA) + NOTE: https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917 + NOTE: https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4 + NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0 +CVE-2021-27137 + RESERVED +CVE-2021-27136 + RESERVED +CVE-2021-27134 + RESERVED +CVE-2021-27133 + RESERVED +CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for H ...) + NOT-FOR-US: SerComm AG Combo VD625 AGSOT_2.1.0 devices +CVE-2021-27131 + RESERVED +CVE-2021-27130 (Online Reviewer System 1.0 contains a SQL injection vulnerability thro ...) + NOT-FOR-US: Online Reviewer System +CVE-2021-27129 (CASAP Automated Enrollment System version 1.0 contains a cross-site sc ...) + NOT-FOR-US: CASAP Automated Enrollment System +CVE-2021-27128 + RESERVED +CVE-2021-27127 + RESERVED +CVE-2021-27126 + RESERVED +CVE-2021-27125 + RESERVED +CVE-2021-27124 (SQL injection in the expertise parameter in search_result.php in Docto ...) + NOT-FOR-US: Doctor Appointment System +CVE-2021-27123 + RESERVED +CVE-2021-27122 + RESERVED +CVE-2021-27121 + RESERVED +CVE-2021-27120 + RESERVED +CVE-2021-27119 + RESERVED +CVE-2021-27118 + RESERVED +CVE-2021-27117 + RESERVED +CVE-2021-27116 + RESERVED +CVE-2021-27115 + RESERVED +CVE-2021-27114 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within ...) + NOT-FOR-US: D-Link +CVE-2021-27113 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...) + NOT-FOR-US: D-Link +CVE-2021-27112 (LightCMS v1.3.5 contains a remote code execution vulnerability in /app ...) + NOT-FOR-US: LightCMS +CVE-2021-27111 + RESERVED +CVE-2021-27110 + RESERVED +CVE-2021-27109 + RESERVED +CVE-2021-27108 + RESERVED +CVE-2021-27107 + RESERVED +CVE-2021-27106 + RESERVED +CVE-2021-27105 + RESERVED +CVE-2021-3407 (A flaw was found in mupdf 1.18.0. Double free of object during lineari ...) + {DLA-2589-1} + - mupdf 1.17.0+ds1-1.3 (bug #983684) + [buster] - mupdf 1.14.0+ds1-4+deb10u3 + NOTE: http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703366 (not public yet) +CVE-2021-3406 (A flaw was found in keylime 5.8.1 and older. The issue in the Keylime ...) + NOT-FOR-US: Keylime + NOTE: https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m +CVE-2021-3405 (A flaw was found in libebml before 1.4.2. A heap overflow bug exists i ...) + {DLA-2629-1} + - libebml 1.4.2-1 (bug #982597) + [buster] - libebml <no-dsa> (Minor issue) + NOTE: https://github.com/Matroska-Org/libebml/issues/74 +CVE-2021-27104 (Accellion FTA 9_12_370 and earlier is affected by OS command execution ...) + NOT-FOR-US: Accellion FTA +CVE-2021-27103 (Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted P ...) + NOT-FOR-US: Accellion FTA +CVE-2021-27102 (Accellion FTA 9_12_411 and earlier is affected by OS command execution ...) + NOT-FOR-US: Accellion FTA +CVE-2021-27101 (Accellion FTA 9_12_370 and earlier is affected by SQL injection via a ...) + NOT-FOR-US: Accellion FTA +CVE-2021-27100 + RESERVED +CVE-2021-27099 (In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the ...) + NOT-FOR-US: SPIRE (SPIFFE Runtime Environment) +CVE-2021-27098 (In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 ...) + NOT-FOR-US: SPIRE (SPIFFE Runtime Environment) +CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified ...) + [experimental] - u-boot 2021.04~rc3+dfsg-1 + - u-boot 2021.07+dfsg-2 (bug #983270) + [bullseye] - u-boot <no-dsa> (Minor issue) + [buster] - u-boot <no-dsa> (Minor issue) + [stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA) + NOTE: https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01 + NOTE: https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b + NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0 +CVE-2021-27096 (NTFS Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27095 (Windows Media Video Decoder Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-27094 (Windows Early Launch Antimalware Driver Security Feature Bypass Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-27093 (Windows Kernel Information Disclosure Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-27092 (Azure AD Web Sign-in Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27091 (RPC Endpoint Mapper Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27090 (Windows Secure Kernel Mode Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27089 (Microsoft Internet Messaging API Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27088 (Windows Event Tracing Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27087 + RESERVED +CVE-2021-27086 (Windows Services and Controller App Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-27085 (Internet Explorer Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27084 (Visual Studio Code Java Extension Pack Remote Code Execution Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-27083 (Remote Development Extension for Visual Studio Code Remote Code Execut ...) + NOT-FOR-US: Microsoft +CVE-2021-27082 (Quantum Development Kit for Visual Studio Code Remote Code Execution V ...) + NOT-FOR-US: Microsoft +CVE-2021-27081 (Visual Studio Code ESLint Extension Remote Code Execution Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-27080 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-27079 (Windows Media Photo Codec Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27078 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-27077 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-27076 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27075 (Azure Virtual Machine Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27074 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-27073 + RESERVED +CVE-2021-27072 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-27071 + RESERVED +CVE-2021-27070 (Windows 10 Update Assistant Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27069 + RESERVED +CVE-2021-27068 (Visual Studio Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27067 (Azure DevOps Server and Team Foundation Server Information Disclosure ...) + NOT-FOR-US: Microsoft +CVE-2021-27066 (Windows Admin Center Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27065 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-27064 (Visual Studio Installer Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27063 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-27062 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-27061 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-27060 (Visual Studio Code Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27059 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2021-27058 (Microsoft Office ClickToRun Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27057 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2021-27056 (Microsoft PowerPoint Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27055 (Microsoft Visio Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27054 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-27053 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-27052 (Microsoft SharePoint Server Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-27051 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-27050 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-27049 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-27048 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-27047 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-27046 (A Memory Corruption vulnerability for PDF files in Autodesk Navisworks ...) + NOT-FOR-US: Autodesk +CVE-2021-27045 (A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021 ...) + NOT-FOR-US: Autodesk +CVE-2021-27044 (A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review versio ...) + NOT-FOR-US: Autodesk +CVE-2021-27043 (An Arbitrary Address Write issue in the Autodesk DWG application can a ...) + NOT-FOR-US: Autodesk +CVE-2021-27042 (A maliciously crafted DWG file can be used to write beyond the allocat ...) + NOT-FOR-US: Autodesk +CVE-2021-27041 (A maliciously crafted DWG file can be used to write beyond the allocat ...) + NOT-FOR-US: Autodesk +CVE-2021-27040 (A maliciously crafted DWG file can be forced to read beyond allocated ...) + NOT-FOR-US: Autodesk +CVE-2021-27039 (A maliciously crafted TIFF file in Autodesk Design Review 2018, 2017, ...) + NOT-FOR-US: Autodesk +CVE-2021-27038 (A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2 ...) + NOT-FOR-US: Autodesk +CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2 ...) + NOT-FOR-US: Autodesk +CVE-2021-27036 (A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design R ...) + NOT-FOR-US: Autodesk +CVE-2021-27035 (A maliciously crafted TIFF, PICT, TGA, or DWF files in Autodesk Design ...) + NOT-FOR-US: Autodesk +CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT, PCX, RCL ...) + NOT-FOR-US: Autodesk +CVE-2021-27033 (A Double Free vulnerability allows remote attackers to execute arbitra ...) + NOT-FOR-US: Autodesk +CVE-2021-27032 (Autodesk Licensing Installer was found to be vulnerable to privilege e ...) + NOT-FOR-US: Autodesk +CVE-2021-27031 (A user may be tricked into opening a malicious FBX file which may expl ...) + NOT-FOR-US: Autodesk +CVE-2021-27030 (A user may be tricked into opening a malicious FBX file which may expl ...) + NOT-FOR-US: Autodesk +CVE-2021-27029 (The user may be tricked into opening a malicious FBX file which may ex ...) + NOT-FOR-US: Autodesk +CVE-2021-27028 (A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 ...) + NOT-FOR-US: Autodesk +CVE-2021-27027 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5 ...) + NOT-FOR-US: Autodesk +CVE-2021-27026 (A flaw was divered in Puppet Enterprise and other Puppet products wher ...) + NOT-FOR-US: Puppet Enterprise +CVE-2021-27025 (A flaw was discovered in Puppet Agent where the agent may silently ign ...) + - puppet <unfixed> + [bullseye] - puppet <ignored> (Minor issue, too intrusive to backport) + [buster] - puppet <ignored> (Minor issue, too intrusive to backport) + [stretch] - puppet <ignored> (Minor issue, too intrusive to backport) + NOTE: https://puppet.com/security/cve/cve-2021-27025 + NOTE: https://github.com/puppetlabs/puppet/commit/da8b73edca174309a9bef5f62cd276933fe733e8 (6.25.1) + NOTE: Limited impact, needs a malformed custom type provider +CVE-2021-27024 (A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD ...) + NOT-FOR-US: Continuous Delivery for Puppet Enterprise +CVE-2021-27023 (A flaw was discovered in Puppet Agent and Puppet Server that may resul ...) + - puppet <unfixed> + [bullseye] - puppet <ignored> (Minor issue) + [buster] - puppet <ignored> (Minor issue) + [stretch] - puppet <ignored> (Minor issue) + NOTE: https://puppet.com/security/cve/cve-2021-27023 + NOTE: https://github.com/puppetlabs/puppet/commit/e90023a8b54a58073d71dae655d7636e2c9bcc61 (6.25.1) + NOTE: Marginal/unclear security implications, the redirects are fully under control of + NOTE: the puppet masters and the advisory states this CVE would be similar to CVE-2018-1000007, + NOTE: but CVE is for curl, which obviously has different scope being a library. Plus, all + NOTE: reasonably secure installations use client auth on the agents + NOTE: Previous client code in lib/puppet/network/http/connection.rb also vulnerable +CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a task with ...) + - puppet <not-affected> (Only affects Puppet Enterprise) + NOTE: https://puppet.com/security/cve/CVE-2021-27022/ +CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an escalation ...) + - puppetdb <unfixed> (bug #990419) + [buster] - puppetdb <no-dsa> (Minor issue) + NOTE: https://puppet.com/security/cve/cve-2021-27021/ + NOTE: https://github.com/puppetlabs/puppetdb/commit/c146e624d230f7410fb648d58ae28c0e3cd457a2 + NOTE: https://github.com/puppetlabs/puppetdb/commit/f8dc81678cf347739838e42cc1c426d96406c266 + NOTE: https://github.com/puppetlabs/puppetdb/commit/72bd137511487643a3a6236ad9e72a5dd4a6fadb + NOTE: https://puppet.com/docs/puppetdb/6/release_notes/release_notes_latest.html#puppetdb-6170 +CVE-2021-27020 (Puppet Enterprise presented a security risk by not sanitizing user inp ...) + - puppet <not-affected> (Only affects Puppet Enterprise) +CVE-2021-27019 (PuppetDB logging included potentially sensitive system information. ...) + - puppetdb <unfixed> + [buster] - puppetdb <no-dsa> (Minor issue) + NOTE: https://puppet.com/security/cve/CVE-2021-27019/ +CVE-2021-27018 (The mechanism which performs certificate validation was discovered to ...) + NOT-FOR-US: Puppet Remediate +CVE-2021-27017 + RESERVED + - puppet <not-affected> (Specific to the Puppet 7.x stack) + NOTE: https://puppet.com/security/cve/CVE-2021-27017/ +CVE-2021-27016 + RESERVED +CVE-2021-27015 + RESERVED +CVE-2021-27014 + RESERVED +CVE-2021-27013 + RESERVED +CVE-2021-27012 + RESERVED +CVE-2021-27011 + RESERVED +CVE-2021-27010 + RESERVED +CVE-2021-27009 + RESERVED +CVE-2021-27008 + RESERVED +CVE-2021-27007 (NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway i ...) + NOT-FOR-US: NetApp Virtual Desktop Service +CVE-2021-27006 (StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11. ...) + NOT-FOR-US: StorageGRID +CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, ...) + NOT-FOR-US: Clustered Data ONTAP +CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and ...) + NOT-FOR-US: NetAPP +CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 a ...) + NOT-FOR-US: Clustered Data ONTAP (NetApp) +CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...) + NOT-FOR-US: NetApp Cloud Manager +CVE-2021-27001 (Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8 ...) + NOT-FOR-US: Clustered Data ONTAP +CVE-2021-27000 + RESERVED +CVE-2021-26999 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive information ...) + NOT-FOR-US: NetApp Cloud Manager +CVE-2021-26998 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive information ...) + NOT-FOR-US: NetApp Cloud Manager +CVE-2021-26997 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) + NOT-FOR-US: E-Series SANtricity OS Controller Software +CVE-2021-26996 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) + NOT-FOR-US: E-Series SANtricity OS Controller Software +CVE-2021-26995 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) + NOT-FOR-US: E-Series SANtricity OS Controller Software +CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptibl ...) + NOT-FOR-US: Clustered Data ONTAP (NetApp) +CVE-2021-26993 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...) + NOT-FOR-US: E-Series SANtricity OS Controller Software +CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...) + NOT-FOR-US: Cloud Manager (NetApp) +CVE-2021-26991 (Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin ...) + NOT-FOR-US: Cloud Manager (NetApp) +CVE-2021-26990 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...) + NOT-FOR-US: Cloud Manager (NetApp) +CVE-2021-26989 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 a ...) + NOT-FOR-US: Clustered Data ONTAP +CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 a ...) + NOT-FOR-US: Clustered Data ONTAP +CVE-2021-26987 (Element Plug-in for vCenter Server incorporates SpringBoot Framework. ...) + NOT-FOR-US: Element Plug-in for vCenter Server +CVE-2021-26986 + RESERVED +CVE-2021-26985 + RESERVED +CVE-2021-26984 + RESERVED +CVE-2021-26983 + RESERVED +CVE-2021-26982 + RESERVED +CVE-2021-26981 + RESERVED +CVE-2021-26980 + RESERVED +CVE-2021-26979 + RESERVED +CVE-2021-26978 + RESERVED +CVE-2021-26977 + RESERVED +CVE-2021-26976 + RESERVED +CVE-2021-26975 + RESERVED +CVE-2021-26974 + RESERVED +CVE-2021-26973 + RESERVED +CVE-2021-26972 + RESERVED +CVE-2021-26971 (A remote authenticated arbitrary command execution vulnerability was d ...) + NOT-FOR-US: Aruba +CVE-2021-26970 (A remote authenticated arbitrary command execution vulnerability was d ...) + NOT-FOR-US: Aruba +CVE-2021-26969 (A remote authenticated authenticated xml external entity (xxe) vulnera ...) + NOT-FOR-US: Aruba +CVE-2021-26968 (A remote authenticated stored cross-site scripting (xss) vulnerability ...) + NOT-FOR-US: Aruba +CVE-2021-26967 (A remote reflected cross-site scripting (xss) vulnerability was discov ...) + NOT-FOR-US: Aruba +CVE-2021-26966 (A remote authenticated sql injection vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-26965 (A remote authenticated sql injection vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-26964 (A remote authentication restriction bypass vulnerability was discovere ...) + NOT-FOR-US: Aruba +CVE-2021-26963 (A remote authenticated arbitrary command execution vulnerability was d ...) + NOT-FOR-US: Aruba +CVE-2021-26962 (A remote authenticated arbitrary command execution vulnerability was d ...) + NOT-FOR-US: Aruba +CVE-2021-26961 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...) + NOT-FOR-US: Aruba +CVE-2021-26960 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...) + NOT-FOR-US: Aruba +CVE-2021-26959 + REJECTED +CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) + - rust-xcb <unfixed> + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html +CVE-2021-26957 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) + - rust-xcb <unfixed> + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html +CVE-2021-26956 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) + - rust-xcb <unfixed> + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html +CVE-2021-26955 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) + - rust-xcb <unfixed> + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html +CVE-2021-26954 (An issue was discovered in the qwutils crate before 0.3.1 for Rust. Wh ...) + NOT-FOR-US: Rust crate qwutils +CVE-2021-26953 (An issue was discovered in the postscript crate before 0.14.0 for Rust ...) + NOT-FOR-US: Rust crate postscript +CVE-2021-26952 (An issue was discovered in the ms3d crate before 0.1.3 for Rust. It mi ...) + NOT-FOR-US: Rust crate ms3d +CVE-2021-26951 (An issue was discovered in the calamine crate before 0.17.0 for Rust. ...) + NOT-FOR-US: Rust crate calamine +CVE-2021-26944 + RESERVED +CVE-2021-26943 (The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with t ...) + NOT-FOR-US: UX360CA BIOS +CVE-2021-26942 + RESERVED +CVE-2021-26941 + RESERVED +CVE-2021-26940 + REJECTED +CVE-2021-26939 (** DISPUTED ** An information disclosure issue exists in henriquedorna ...) + NOT-FOR-US: henriquedornas +CVE-2021-26938 (** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.17 via ...) + NOT-FOR-US: henriquedornas +CVE-2021-27135 (xterm before Patch #366 allows remote attackers to execute arbitrary c ...) + {DLA-2558-1} + - xterm 366-1 (bug #982439) + [buster] - xterm 344-1+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/7 + NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_366 + NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c +CVE-2021-26937 (encoding.c in GNU Screen through 4.8.0 allows remote attackers to caus ...) + {DSA-4861-1 DLA-2570-1} + - screen 4.8.0-5 (bug #982435) + NOTE: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html + NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/3 + NOTE: https://savannah.gnu.org/bugs/?60030 + NOTE: First patch applied in -4, but revised patch applied in -5 which fixed regressions +CVE-2021-23219 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) + NOT-FOR-US: NVIDIA +CVE-2021-23217 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) + NOT-FOR-US: NVIDIA +CVE-2021-23201 (NVIDIA GPU and Tegra hardware contain a vulnerability in an internal m ...) + NOT-FOR-US: NVIDIA +CVE-2021-3404 (In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote att ...) + - libytnef 1.9.3-3 (bug #982596) + [buster] - libytnef <no-dsa> (Minor issue) + [stretch] - libytnef <no-dsa> (Minor issue) + NOTE: https://github.com/Yeraze/ytnef/issues/86 + NOTE: https://github.com/Yeraze/ytnef/pull/88 + NOTE: https://github.com/Yeraze/ytnef/commit/f9ff4a203b8c155d51a208cadadb62f224fba715 +CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows ...) + - libytnef 1.9.3-3 (bug #982594) + [buster] - libytnef <no-dsa> (Minor issue) + [stretch] - libytnef <no-dsa> (Minor issue) + NOTE: https://github.com/Yeraze/ytnef/issues/85 + NOTE: https://github.com/Yeraze/ytnef/pull/87 + NOTE: https://github.com/Yeraze/ytnef/commit/f2380a53fb84d370eaf6e6c3473062c54c57fac7 +CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when ...) + NOT-FOR-US: ReplaySorcery +CVE-2021-26935 (In WoWonder < 3.1, remote attackers can gain access to the database ...) + NOT-FOR-US: WoWonder +CVE-2021-26934 (An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...) + - linux <unfixed> (unimportant) + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://xenbits.xen.org/xsa/advisory-363.html + NOTE: Driver never was meant to be supported and the patch in src:xen will only + NOTE: update SUPPORT.md to explicitly document the fact. +CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is ...) + {DSA-4888-1} + - xen 4.14.1+11-gb0b734a8b3-1 + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-364.html +CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ...) + {DLA-2610-1 DLA-2586-1} + - linux 5.10.19-1 + [buster] - linux 4.19.177-1 + NOTE: https://xenbits.xen.org/xsa/advisory-361.html +CVE-2021-26931 (An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as ...) + {DLA-2610-1 DLA-2586-1} + - linux 5.10.19-1 + [buster] - linux 4.19.177-1 + NOTE: https://xenbits.xen.org/xsa/advisory-362.html +CVE-2021-26930 (An issue was discovered in the Linux kernel 3.11 through 5.10.16, as u ...) + {DLA-2610-1 DLA-2586-1} + - linux 5.10.19-1 + [buster] - linux 4.19.177-1 + NOTE: https://xenbits.xen.org/xsa/advisory-365.html +CVE-2021-26929 (An XSS issue was discovered in Horde Groupware Webmail Edition through ...) + {DLA-2564-1} + - php-horde-text-filter 2.3.7-1 (bug #982769) + [buster] - php-horde-text-filter 2.3.5-3+deb10u2 + NOTE: https://lists.horde.org/archives/announce/2021/001298.html + NOTE: https://github.com/horde/Text_Filter/commit/c26f938854c36b981558a3b1b9b2f81403cff60e (master) + NOTE: https://github.com/horde/Text_Filter/commit/a2f67da064d7a91440b7a2448e56a6387ab94c67 (v2.3.7) + NOTE: https://www.alexbirnberg.com/horde-xss.html +CVE-2021-26928 (** DISPUTED ** BIRD through 2.0.7 does not provide functionality for p ...) + NOT-FOR-US: Disputed BIRD issue +CVE-2021-26927 (A flaw was found in jasper before 2.0.25. A null pointer dereference i ...) + - jasper <removed> + NOTE: https://github.com/jasper-software/jasper/issues/265 + NOTE: https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b +CVE-2021-26926 (A flaw was found in jasper before 2.0.25. An out of bounds read issue ...) + - jasper <removed> + NOTE: https://github.com/jasper-software/jasper/issues/264 + NOTE: https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b +CVE-2021-26925 (Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets ...) + - roundcube 1.4.11+dfsg.1-1 + [buster] - roundcube <not-affected> (Vulnerable code introduced later) + [stretch] - roundcube <not-affected> (Vulnerable code introduced later) + NOTE: https://roundcube.net/news/2021/02/08/security-update-1.4.11 + NOTE: https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596 +CVE-2021-26924 (An issue was discovered in Argo CD before 1.8.4. Browser XSS protectio ...) + NOT-FOR-US: Argo CD +CVE-2021-26923 (An issue was discovered in Argo CD before 1.8.4. Accessing the endpoin ...) + NOT-FOR-US: Argo CD +CVE-2021-26922 + RESERVED +CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens cont ...) + NOT-FOR-US: Argo CD +CVE-2021-26920 (In the Druid ingestion system, the InputSource is used for reading dat ...) + - druid <itp> (bug #825797) +CVE-2021-26919 (Apache Druid allows users to read data from other database systems usi ...) + - druid <itp> (bug #825797) +CVE-2021-26918 (** DISPUTED ** The ProBot bot through 2021-02-08 for Discord might all ...) + NOT-FOR-US: ProBot bot +CVE-2021-26917 (** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write ...) + NOT-FOR-US: PyBitmessage +CVE-2021-26916 (In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon comp ...) + NOT-FOR-US: nopCommerce +CVE-2021-26915 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...) + NOT-FOR-US: NetMotion Mobility +CVE-2021-26914 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...) + NOT-FOR-US: NetMotion Mobility +CVE-2021-26913 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...) + NOT-FOR-US: NetMotion Mobility +CVE-2021-26912 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...) + NOT-FOR-US: NetMotion Mobility +CVE-2021-26911 (core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL ...) + NOT-FOR-US: Canary Mail +CVE-2021-26909 (Automox Agent prior to version 31 uses an insufficiently protected S3 ...) + NOT-FOR-US: Automox Agent +CVE-2021-26908 (Automox Agent prior to version 31 logs potentially sensitive informati ...) + NOT-FOR-US: Automox Agent +CVE-2021-26907 + RESERVED +CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...) + - asterisk 1:16.16.1~dfsg-1 (bug #983159) + [buster] - asterisk <postponed> (Minor issue) + [stretch] - asterisk <no-dsa> (Minor issue) + NOTE: https://downloads.asterisk.org/pub/security/AST-2021-005.html + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29196 +CVE-2021-3402 (An integer overflow and several buffer overflow reads in libyara/modul ...) + - yara 4.0.4-1 + [buster] - yara <no-dsa> (Minor issue) + [stretch] - yara <postponed> (Minor issue; can be fixed with next DLA) + NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/2 + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/ +CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...) + NOT-FOR-US: 1Password SCIM Bridge +CVE-2021-26904 (LMA ISIDA Retriever 5.2 allows SQL Injection. ...) + NOT-FOR-US: LMA ISIDA Retriever +CVE-2021-26903 (LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. ...) + NOT-FOR-US: LMA ISIDA Retriever +CVE-2021-26902 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-26901 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-26900 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-26899 (Windows UPnP Device Host Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26898 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-26897 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-26896 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-26895 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-26894 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-26893 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-26892 (Windows Extensible Firmware Interface Security Feature Bypass Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2021-26891 (Windows Container Execution Agent Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26890 (Application Virtualization Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26889 (Windows Update Stack Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26888 + RESERVED +CVE-2021-26887 (Microsoft Windows Folder Redirection Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2021-26886 (User Profile Service Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26885 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-26884 (Windows Media Photo Codec Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26883 + RESERVED +CVE-2021-26882 (Remote Access API Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26881 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26880 (Storage Spaces Controller Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26879 (Windows NAT Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26878 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-26877 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-26876 (OpenType Font Parsing Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26875 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-26874 (Windows Overlay Filter Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26873 (Windows User Profile Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26872 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-26871 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-26870 (Windows Projected File System Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26869 (Windows ActiveX Installer Service Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26868 (Windows Graphics Component Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26867 (Windows Hyper-V Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26866 (Windows Update Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26865 (Windows Container Execution Agent Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26864 (Windows Virtual Registry Provider Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26863 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-26862 (Windows Installer Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26861 (Windows Graphics Component Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26860 (Windows App-V Overlay Filter Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26859 (Microsoft Power BI Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26858 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-26857 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-26856 + RESERVED +CVE-2021-26855 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-26854 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-26853 + RESERVED +CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended access re ...) + {DSA-4849-1 DLA-2554-1} + - firejail 0.9.64.4-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/02/08/5 + NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b + NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt + NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/ +CVE-2021-24032 (Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for ...) + {DSA-4859-1} + - libzstd 1.4.8+dfsg-2 (bug #982519) + [stretch] - libzstd <not-affected> (Incomplete fix for CVE-2021-24031 not applied) + NOTE: https://github.com/facebook/zstd/issues/2491 +CVE-2021-24031 (In the Zstandard command-line utility prior to v1.4.1, output files we ...) + {DSA-4850-1 DLA-2573-1} + - libzstd 1.4.8+dfsg-1 (bug #981404) + NOTE: https://github.com/facebook/zstd/issues/1630 +CVE-2021-26852 + RESERVED +CVE-2021-26851 + RESERVED +CVE-2021-26850 + RESERVED +CVE-2021-26849 + RESERVED +CVE-2021-26848 + RESERVED +CVE-2021-26847 + RESERVED +CVE-2021-26846 + RESERVED +CVE-2021-26845 (Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS al ...) + NOT-FOR-US: Hitachi +CVE-2021-26844 (A cross-site scripting (XSS) vulnerability in Power Admin PA Server Mo ...) + NOT-FOR-US: Power Admin PA Server Monitor +CVE-2021-26843 (An issue was discovered in sthttpd through 2.27.1. On systems where th ...) + - thttpd <removed> +CVE-2021-21299 (hyper is an open-source HTTP library for Rust (crates.io). In hyper fr ...) + - rust-hyper <unfixed> (bug #988729) + NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0020.html +CVE-2021-27218 (An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before ...) + - glib2.0 2.66.7-1 (bug #982779) + [buster] - glib2.0 2.58.3-2+deb10u3 + [stretch] - glib2.0 <postponed> (fix along with CVE-2021-27219) + NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942 + NOTE: Test case depends on CVE-2021-27219 fix +CVE-2021-27219 (An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before ...) + - glib2.0 2.66.6-1 (bug #982778) + [buster] - glib2.0 2.58.3-2+deb10u3 + [stretch] - glib2.0 <postponed> (requires fixing vulnerable rdeps, follow buster strategy) + NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2319 + NOTE: Fix introduces new API 'g_memdup2' + NOTE: Fix backport in 2.66.7 adds 'g_memdup2' for internal use but does not allow fixing reverse-dependencies using vulnerable 'g_memdup' +CVE-2021-26842 + RESERVED +CVE-2021-26841 + RESERVED +CVE-2021-26840 + RESERVED +CVE-2021-26839 + RESERVED +CVE-2021-26838 + RESERVED +CVE-2021-26837 + RESERVED +CVE-2021-26836 + RESERVED +CVE-2021-26835 (No filtering of cross-site scripting (XSS) payloads in the markdown-ed ...) + NOT-FOR-US: Zettlr +CVE-2021-26834 (A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An a ...) + NOT-FOR-US: Znote +CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills ...) + NOT-FOR-US: TimelyBills App Budget, Expense tracker & Bills +CVE-2021-26832 (Cross Site Scripting (XSS) in the "Reset Password" page form of Priori ...) + NOT-FOR-US: Priority Enterprise Management System +CVE-2021-26831 + RESERVED +CVE-2021-26830 (SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote att ...) + NOT-FOR-US: Tribalsystems Zenario CMS +CVE-2021-26829 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...) + NOT-FOR-US: OpenPLC ScadaBR +CVE-2021-26828 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...) + NOT-FOR-US: OpenPLC ScadaBR +CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ route ...) + NOT-FOR-US: TP-Link +CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...) + - godot <unfixed> (bug #982593) + [bullseye] - godot <no-dsa> (Minor issue) + [buster] - godot <no-dsa> (Minor issue) + NOTE: https://github.com/godotengine/godot/pull/45701 + NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master) + NOTE: https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 (3.2) +CVE-2021-26825 (An integer overflow issue exists in Godot Engine up to v3.2 that can b ...) + - godot <unfixed> (bug #982593) + [bullseye] - godot <no-dsa> (Minor issue) + [buster] - godot <no-dsa> (Minor issue) + NOTE: https://github.com/godotengine/godot/pull/45701 + NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master) + NOTE: https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 (3.2) +CVE-2021-26824 (DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to impro ...) + NOT-FOR-US: DM FingerTool +CVE-2021-26823 + RESERVED +CVE-2021-26822 (Teachers Record Management System 1.0 is affected by a SQL injection v ...) + NOT-FOR-US: Teachers Record Management System +CVE-2021-26821 + RESERVED +CVE-2021-26820 + RESERVED +CVE-2021-26819 + RESERVED +CVE-2021-26818 + RESERVED +CVE-2021-26817 + RESERVED +CVE-2021-26816 + RESERVED +CVE-2021-26815 + RESERVED +CVE-2021-26814 (Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to e ...) + NOT-FOR-US: Wazuh +CVE-2021-26813 (markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expr ...) + - python-markdown2 2.3.10-1.1 (bug #984668) + [buster] - python-markdown2 <no-dsa> (Minor issue) + NOTE: https://github.com/trentm/python-markdown2/pull/387 + NOTE: https://github.com/trentm/python-markdown2/commit/96dff22341489459c8cb832fdfd066a588ec23bf + NOTE: https://github.com/trentm/python-markdown2/commit/e1954d3a345fc7a4ccc113bd58f7df81ad63b6ec + NOTE: https://github.com/trentm/python-markdown2/commit/c4b4ccb3f9da33f29b013d6d765fd223a8277cfe +CVE-2021-26812 (Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin ...) + NOT-FOR-US: Moodle plugin +CVE-2021-26811 + RESERVED +CVE-2021-26810 (D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnera ...) + NOT-FOR-US: D-link +CVE-2021-26809 (PHPGurukul Car Rental Project version 2.0 suffers from a remote shell ...) + NOT-FOR-US: PHPGurukul Car Rental Project +CVE-2021-26808 + RESERVED +CVE-2021-26807 (GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, l ...) + NOT-FOR-US: GOG Galaxy client +CVE-2021-26806 + RESERVED +CVE-2021-26805 (Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial o ...) + NOT-FOR-US: tsMuxer +CVE-2021-26804 (Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 2 ...) + - centreon-web <itp> (bug #913903) +CVE-2021-26803 + RESERVED +CVE-2021-26802 + RESERVED +CVE-2021-26801 + RESERVED +CVE-2021-26800 (Cross Site Request Forgery (CSRF) vulnerability in Change-password.php ...) + NOT-FOR-US: phpgurukul +CVE-2021-26799 (Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka ...) + NOT-FOR-US: Omeka +CVE-2021-26798 + RESERVED +CVE-2021-26797 (An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.2014 ...) + NOT-FOR-US: Hame SD1 Wi-Fi firmware +CVE-2021-26796 + RESERVED +CVE-2021-26795 (A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX s ...) + NOT-FOR-US: TalariaX sendQuick Alert Plus Server Admin +CVE-2021-26794 (Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows ...) + NOT-FOR-US: FrogCMS SentCMS +CVE-2021-26793 + RESERVED +CVE-2021-26792 + RESERVED +CVE-2021-26791 + RESERVED +CVE-2021-26790 + RESERVED +CVE-2021-26789 + RESERVED +CVE-2021-26788 (Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected b ...) + NOT-FOR-US: Oryx Embedded CycloneTCP +CVE-2021-26787 (A cross site scripting (XSS) vulnerability in Genesys Workforce Manage ...) + NOT-FOR-US: Genesys Workforce Management +CVE-2021-26786 (An issue was discoverered in in customercentric-selling-poland PlayTub ...) + NOT-FOR-US: PlayTube +CVE-2021-26785 + RESERVED +CVE-2021-26784 + RESERVED +CVE-2021-26783 + RESERVED +CVE-2021-26782 + RESERVED +CVE-2021-26781 + RESERVED +CVE-2021-26780 + RESERVED +CVE-2021-26779 + RESERVED +CVE-2021-26778 + RESERVED +CVE-2021-26777 (Buffer overflow vulnerability in function SetFirewall in index.cgi in ...) + NOT-FOR-US: CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare +CVE-2021-26776 (CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerabilit ...) + NOT-FOR-US: CSZ CMS +CVE-2021-26775 + RESERVED +CVE-2021-26774 + RESERVED +CVE-2021-26773 + RESERVED +CVE-2021-26772 + RESERVED +CVE-2021-26771 + RESERVED +CVE-2021-26770 + RESERVED +CVE-2021-26769 + RESERVED +CVE-2021-26768 + RESERVED +CVE-2021-26767 + RESERVED +CVE-2021-26766 + RESERVED +CVE-2021-26765 (SQL injection vulnerability in PHPGurukul Student Record System 4.0 al ...) + NOT-FOR-US: PHPGurukul Student Record System +CVE-2021-26764 (SQL injection vulnerability in PHPGurukul Student Record System v 4.0 ...) + NOT-FOR-US: PHPGurukul Student Record System +CVE-2021-26763 + RESERVED +CVE-2021-26762 (SQL injection vulnerability in PHPGurukul Student Record System 4.0 al ...) + NOT-FOR-US: PHPGurukul Student Record System +CVE-2021-26761 + RESERVED +CVE-2021-26760 + RESERVED +CVE-2021-26759 + RESERVED +CVE-2021-26758 (Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web serve ...) + NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed +CVE-2021-26757 + RESERVED +CVE-2021-26756 + RESERVED +CVE-2021-26755 + RESERVED +CVE-2021-26754 (wpDataTables before 3.4.1 mishandles order direction for server-side t ...) + NOT-FOR-US: wpDataTables WordPress plugin +CVE-2021-26753 (NeDi 1.9C allows an authenticated user to inject PHP code in the Syste ...) + NOT-FOR-US: NeDi +CVE-2021-26752 (NeDi 1.9C allows an authenticated user to execute operating system com ...) + NOT-FOR-US: NeDi +CVE-2021-26751 (NeDi 1.9C allows an authenticated user to perform a SQL Injection in t ...) + NOT-FOR-US: NeDi +CVE-2021-26750 (DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Pa ...) + NOT-FOR-US: Panda Agent +CVE-2021-26749 + RESERVED +CVE-2021-26748 + RESERVED +CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metach ...) + NOT-FOR-US: Netis devices +CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= U ...) + NOT-FOR-US: Chamilo +CVE-2021-26745 + RESERVED +CVE-2021-26744 + RESERVED +CVE-2021-26743 + RESERVED +CVE-2021-26742 + RESERVED +CVE-2021-26741 + RESERVED +CVE-2021-26740 (Arbitrary file upload vulnerability sysupload.php in millken doyocms 2 ...) + NOT-FOR-US: doyocms +CVE-2021-26739 (SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows ...) + NOT-FOR-US: doyocms +CVE-2021-26738 + RESERVED +CVE-2021-26737 + RESERVED +CVE-2021-26736 + RESERVED +CVE-2021-26735 + RESERVED +CVE-2021-26734 + RESERVED +CVE-2021-26733 + RESERVED +CVE-2021-26732 + RESERVED +CVE-2021-26731 + RESERVED +CVE-2021-26730 + RESERVED +CVE-2021-26729 + RESERVED +CVE-2021-26728 + RESERVED +CVE-2021-26727 + RESERVED +CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA service l ...) + NOT-FOR-US: Valmet +CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...) + NOT-FOR-US: Nozomi Networks Guardian +CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...) + NOT-FOR-US: Nozomi Networks Guardian +CVE-2021-26723 (Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. ...) + NOT-FOR-US: Jenzabar +CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because ...) + NOT-FOR-US: LinkedIn Oncall +CVE-2021-26721 + RESERVED +CVE-2021-26720 (avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is ...) + - avahi 0.8-4 + [buster] - avahi 0.7-4+deb10u1 + [stretch] - avahi <postponed> (fix in next DLA - removal of .sh script) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/15/2 + NOTE: Fixed by removing the avahi-daemon-check-dns.sh script. +CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-enterprise ...) + NOT-FOR-US: gradle-enterprise-test-distribution-agent +CVE-2021-26718 (KIS for macOS in some use cases was vulnerable to AV bypass that poten ...) + NOT-FOR-US: KIS for macOS +CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x ...) + - asterisk 1:16.16.1~dfsg-1 (bug #983157) + [buster] - asterisk <not-affected> (Introduced in 16.15.0) + [stretch] - asterisk <not-affected> (Introduced in 16.15.0) + NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html +CVE-2021-26716 (Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS ...) + NOT-FOR-US: Emoncms +CVE-2021-26715 (The OpenID Connect server implementation for MITREid Connect through 1 ...) + NOT-FOR-US: MITREid Connect +CVE-2021-26714 (The Enterprise License Manager portal in Mitel MiContact Center Enterp ...) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1930888#c3 +CVE-2021-26713 (A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asteris ...) + - asterisk <not-affected> (Only affects 16.16.0 onwards) + NOTE: https://downloads.asterisk.org/pub/security/AST-2021-004.html +CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 1 ...) + - asterisk <not-affected> (Only affects 16.16) + NOTE: https://downloads.asterisk.org/pub/security/AST-2021-003.html +CVE-2021-26711 (A frame-injection issue in the online help in Redwood Report2Web 4.3.4 ...) + NOT-FOR-US: Redwood Report2Web +CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in Redwood Repor ...) + NOT-FOR-US: Redwood Report2Web +CVE-2021-26709 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_ ...) + NOT-FOR-US: D-Link +CVE-2021-26707 (The merge-deep library before 3.0.3 for Node.js can be tricked into ov ...) + NOT-FOR-US: Node deep-merge +CVE-2021-26706 (An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x an ...) + NOT-FOR-US: Micrium +CVE-2021-26705 (An issue was discovered in SquareBox CatDV Server through 9.2. An atta ...) + NOT-FOR-US: SquareBox CatDV Server +CVE-2021-26704 (EPrints 3.4.2 allows remote attackers to execute arbitrary commands vi ...) + NOT-FOR-US: EPrints +CVE-2021-26703 (EPrints 3.4.2 allows remote attackers to read arbitrary files and poss ...) + NOT-FOR-US: EPrints +CVE-2021-26702 (EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset param ...) + NOT-FOR-US: EPrints +CVE-2021-26701 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...) + NOT-FOR-US: Microsoft +CVE-2021-26700 (Visual Studio Code npm-script Extension Remote Code Execution Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2021-26699 (OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows S ...) + NOT-FOR-US: OX App Suite +CVE-2021-26698 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) + NOT-FOR-US: OX App Suite +CVE-2021-26708 (A local privilege escalation was discovered in the Linux kernel before ...) + - linux 5.10.13-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/5 + NOTE: https://git.kernel.org/linus/c518adafa39f37858697ac9309c6cf1805581446 +CVE-2021-26697 (The lineage endpoint of the deprecated Experimental API was not protec ...) + - airflow <itp> (bug #819700) +CVE-2021-26696 + RESERVED +CVE-2021-26695 + RESERVED +CVE-2021-26694 + RESERVED +CVE-2021-26693 + RESERVED +CVE-2021-26692 + RESERVED +CVE-2021-26691 (In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted Ses ...) + {DSA-4937-1 DLA-2706-1} + [experimental] - apache2 2.4.48-1 + - apache2 2.4.46-6 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691 + NOTE: https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b +CVE-2021-26690 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie ...) + {DSA-4937-1 DLA-2706-1} + [experimental] - apache2 2.4.48-1 + - apache2 2.4.46-6 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690 + NOTE: https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8 +CVE-2021-26249 + RESERVED +CVE-2021-23202 + RESERVED +CVE-2021-23141 + RESERVED +CVE-2021-3401 (Bitcoin Core before 0.19.0 might allow remote attackers to execute arb ...) + - bitcoin 0.20.1~dfsg-1 +CVE-2021-3400 + RESERVED +CVE-2021-26689 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2021-26688 (An issue was discovered on LG Wing mobile devices with Android OS 10 s ...) + NOT-FOR-US: LG Wing mobile devices +CVE-2021-26687 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2021-26686 (A remote authenticated SQL Injection vulnerabilitiy was discovered in ...) + NOT-FOR-US: Aruba +CVE-2021-26685 (A remote authenticated SQL Injection vulnerabilitiy was discovered in ...) + NOT-FOR-US: Aruba +CVE-2021-26684 (A remote authenticated command injection vulnerability was discovered ...) + NOT-FOR-US: Aruba +CVE-2021-26683 (A remote authenticated command injection vulnerability was discovered ...) + NOT-FOR-US: Aruba +CVE-2021-26682 (A remote reflected cross-site scripting (XSS) vulnerability was discov ...) + NOT-FOR-US: Aruba +CVE-2021-26681 (A remote authenticated command Injection vulnerability was discovered ...) + NOT-FOR-US: Aruba +CVE-2021-26680 (A remote authenticated command injection vulnerability was discovered ...) + NOT-FOR-US: Aruba +CVE-2021-26679 (A remote authenticated command injection vulnerability was discovered ...) + NOT-FOR-US: Aruba +CVE-2021-26678 (A remote unauthenticated stored cross-site scripting (XSS) vulnerabili ...) + NOT-FOR-US: Aruba +CVE-2021-26677 (A local authenticated escalation of privilege vulnerability was discov ...) + NOT-FOR-US: Aruba +CVE-2021-3399 + RESERVED +CVE-2021-3398 (Stormshield Network Security (SNS) 3.x has an Integer Overflow in the ...) + NOT-FOR-US: Stormshield Network Security (SNS) +CVE-2021-3397 + RESERVED +CVE-2021-3396 (OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1 ...) + - opennms <itp> (bug #450615) +CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent attacke ...) + {DSA-4847-1 DLA-2552-1} + - connman 1.36-2.1 + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 +CVE-2021-26675 (A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could ...) + {DSA-4847-1 DLA-2552-1} + - connman 1.36-2.1 + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb +CVE-2021-26674 + RESERVED +CVE-2021-26673 + RESERVED +CVE-2021-26672 + RESERVED +CVE-2021-26671 + RESERVED +CVE-2021-26670 + RESERVED +CVE-2021-26669 + RESERVED +CVE-2021-26668 + RESERVED +CVE-2021-26667 + RESERVED +CVE-2021-26666 + RESERVED +CVE-2021-26665 + RESERVED +CVE-2021-26664 + RESERVED +CVE-2021-26663 + RESERVED +CVE-2021-26662 + RESERVED +CVE-2021-26661 + RESERVED +CVE-2021-26660 + RESERVED +CVE-2021-26659 + RESERVED +CVE-2021-26658 + RESERVED +CVE-2021-26657 + RESERVED +CVE-2021-26656 + RESERVED +CVE-2021-26655 + RESERVED +CVE-2021-26654 + RESERVED +CVE-2021-26653 + RESERVED +CVE-2021-26652 + RESERVED +CVE-2021-26651 + RESERVED +CVE-2021-26650 + RESERVED +CVE-2021-26649 + RESERVED +CVE-2021-26648 + RESERVED +CVE-2021-26647 + RESERVED +CVE-2021-26646 + RESERVED +CVE-2021-26645 + RESERVED +CVE-2021-26644 + RESERVED +CVE-2021-26643 + RESERVED +CVE-2021-26642 + RESERVED +CVE-2021-26641 + RESERVED +CVE-2021-26640 + RESERVED +CVE-2021-26639 + RESERVED +CVE-2021-26638 + RESERVED +CVE-2021-26637 + RESERVED +CVE-2021-26636 + RESERVED +CVE-2021-26635 + RESERVED +CVE-2021-26634 + RESERVED +CVE-2021-26633 + RESERVED +CVE-2021-26632 + RESERVED +CVE-2021-26631 + RESERVED +CVE-2021-26630 + RESERVED +CVE-2021-26629 + RESERVED +CVE-2021-26628 + RESERVED +CVE-2021-26627 + RESERVED +CVE-2021-26626 + RESERVED +CVE-2021-26625 + RESERVED +CVE-2021-26624 + RESERVED +CVE-2021-26623 + RESERVED +CVE-2021-26622 + RESERVED +CVE-2021-26621 + RESERVED +CVE-2021-26620 + RESERVED +CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was ...) + NOT-FOR-US: BigFileAgent +CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...) + NOT-FOR-US: ToWord of ToOffice +CVE-2021-26617 + RESERVED +CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...) + NOT-FOR-US: SecuwaySSL client for MacOS +CVE-2021-26615 (ARK library allows attackers to execute remote code via the parameter( ...) + NOT-FOR-US: ARK library +CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...) + NOT-FOR-US: IpTime C200 camera +CVE-2021-26613 (improper input validation vulnerability in nexacro permits copying fil ...) + NOT-FOR-US: Tobesoft Nexacro +CVE-2021-26612 (An improper input validation leading to arbitrary file creation was di ...) + NOT-FOR-US: Tobesoft Nexacro +CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...) + NOT-FOR-US: HejHome GKW-IC052 IP Camera +CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...) + NOT-FOR-US: godomall5 +CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A SQL-Inject ...) + NOT-FOR-US: WordPress plugin +CVE-2021-26608 (An arbitrary file download and execution vulnerability was found in th ...) + NOT-FOR-US: handysoft +CVE-2021-26607 (An Improper input validation in execDefaultBrowser method of NEXACRO17 ...) + NOT-FOR-US: NEXACRO17 +CVE-2021-26606 (A vulnerability in PKI Security Solution of Dream Security could allow ...) + NOT-FOR-US: Dream Security +CVE-2021-26605 (An improper input validation vulnerability in the service of ezPDFRead ...) + NOT-FOR-US: ezPDFReader +CVE-2021-26604 + RESERVED +CVE-2021-26603 (A heap overflow issue was found in ARK library of bandisoft Co., Ltd w ...) + NOT-FOR-US: bandisoft +CVE-2021-26602 + RESERVED +CVE-2021-26601 + RESERVED +CVE-2021-26600 + RESERVED +CVE-2021-26599 + RESERVED +CVE-2021-26598 + RESERVED +CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows r ...) + NOT-FOR-US: Pryaniki +CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.3 ...) + NOT-FOR-US: Millennium Millewin +CVE-2021-3393 (An information leak was discovered in postgresql in versions before 13 ...) + - postgresql-13 13.2-1 + - postgresql-11 <removed> + [buster] - postgresql-11 11.11-0+deb10u1 + NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/ +CVE-2021-3392 (A use-after-free flaw was found in the MegaRAID emulator of QEMU. This ...) + {DLA-2623-1} + - qemu 1:5.2+dfsg-10 (bug #984449) + [buster] - qemu <postponed> (Minor issue) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html + NOTE: https://bugs.launchpad.net/qemu/+bug/1914236 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=3791642c8d60029adf9b00bcb4e34d7d8a1aea4d +CVE-2021-26597 (An issue was discovered in Nokia NetAct 18A. A remote user, authentica ...) + NOT-FOR-US: Nokia NetAct 18A +CVE-2021-26596 (An issue was discovered in Nokia NetAct 18A. A malicious user can chan ...) + NOT-FOR-US: Nokia NetAct 18A +CVE-2021-26595 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...) + NOT-FOR-US: Directus +CVE-2021-26594 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...) + NOT-FOR-US: Directus +CVE-2021-26593 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...) + NOT-FOR-US: Directus +CVE-2021-26592 + RESERVED +CVE-2021-26591 + RESERVED +CVE-2021-26590 + RESERVED +CVE-2021-26589 (A potential security vulnerability has been identified in HPE Superdom ...) + NOT-FOR-US: HPE +CVE-2021-26588 (A potential security vulnerability has been identified in HPE 3PAR Sto ...) + NOT-FOR-US: HPE +CVE-2021-26587 (A potential DOM-based Cross Site Scripting security vulnerability has ...) + NOT-FOR-US: HPE StoreOnce +CVE-2021-26586 (A potential security vulnerability has been identified in the HPE Edge ...) + NOT-FOR-US: HPE +CVE-2021-26585 (A potential vulnerability has been identified in HPE OneView Global Da ...) + NOT-FOR-US: HPE +CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter (OV4VC) cou ...) + NOT-FOR-US: HPE OneView for VMware vCenter (OV4VC) +CVE-2021-26583 (A potential security vulnerability was identified in HPE iLO Amplifier ...) + NOT-FOR-US: HPE +CVE-2021-26582 (A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgf ...) + NOT-FOR-US: HPE +CVE-2021-26581 (A potential security vulnerability has been identified in HPE Superdom ...) + NOT-FOR-US: HPE +CVE-2021-26580 (A potential security vulnerability has been identified in HPE iLO Ampl ...) + NOT-FOR-US: HPE +CVE-2021-26579 (A security vulnerability in HPE Unified Data Management (UDM) could al ...) + NOT-FOR-US: HPE +CVE-2021-26578 (A potential security vulnerability has been identified in HPE Network ...) + NOT-FOR-US: HPE Network Orchestrator (NetO) +CVE-2021-26577 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-26576 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-26575 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-26574 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-26573 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-26572 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-26571 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-26570 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-26569 (Race Condition within a Thread vulnerability in iscsi_snapshot_comm_co ...) + NOT-FOR-US: Synology +CVE-2021-26568 + RESERVED +CVE-2021-26567 (Stack-based buffer overflow vulnerability in frontend/main.c in faad2 ...) + NOT-FOR-US: Synology +CVE-2021-26566 (Insertion of sensitive information into sent data vulnerability in syn ...) + NOT-FOR-US: Synology +CVE-2021-26565 (Cleartext transmission of sensitive information vulnerability in synor ...) + NOT-FOR-US: Synology +CVE-2021-26564 (Cleartext transmission of sensitive information vulnerability in synor ...) + NOT-FOR-US: Synology +CVE-2021-26563 (Incorrect authorization vulnerability in synoagentregisterd in Synolog ...) + NOT-FOR-US: Synology +CVE-2021-26562 (Out-of-bounds write vulnerability in synoagentregisterd in Synology Di ...) + NOT-FOR-US: Synology +CVE-2021-26561 (Stack-based buffer overflow vulnerability in synoagentregisterd in Syn ...) + NOT-FOR-US: Synology +CVE-2021-26560 (Cleartext transmission of sensitive information vulnerability in synoa ...) + NOT-FOR-US: Synology +CVE-2021-26559 (Improper Access Control on Configurations Endpoint for the Stable API ...) + - airflow <itp> (bug #819700) +CVE-2021-26558 (Deserialization of Untrusted Data vulnerability of Apache ShardingSphe ...) + NOT-FOR-US: Apache ShardingSphere-UI +CVE-2021-3391 (MobileIron Mobile@Work through 2021-03-22 allows attackers to distingu ...) + NOT-FOR-US: MobileIron Mobile@Work +CVE-2021-3390 + RESERVED +CVE-2021-3389 + RESERVED +CVE-2021-3388 + RESERVED +CVE-2021-3387 + RESERVED +CVE-2021-26557 (When Octopus Tentacle is installed using a custom folder location, fol ...) + NOT-FOR-US: Octopus Tentacle +CVE-2021-26556 (When Octopus Server is installed using a custom folder location, folde ...) + NOT-FOR-US: Octopus Server +CVE-2021-26555 + RESERVED +CVE-2021-26554 + RESERVED +CVE-2021-26553 + RESERVED +CVE-2021-26552 + RESERVED +CVE-2021-26551 (An issue was discovered in SmartFoxServer 2.17.0. An attacker can exec ...) + NOT-FOR-US: SmartFoxServer +CVE-2021-26550 (An issue was discovered in SmartFoxServer 2.17.0. Cleartext password d ...) + NOT-FOR-US: SmartFoxServer +CVE-2021-26549 (An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to ...) + NOT-FOR-US: SmartFoxServer +CVE-2021-3386 + RESERVED +CVE-2021-3385 + RESERVED +CVE-2021-3384 (A vulnerability in Stormshield Network Security could allow an attacke ...) + NOT-FOR-US: Stormshield Network Security +CVE-2021-3383 + RESERVED +CVE-2021-3382 (Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allo ...) + - gitea <removed> +CVE-2021-3381 + RESERVED +CVE-2021-3380 (Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRM ...) + NOT-FOR-US: ICREM H8 SSRMS +CVE-2021-26548 + RESERVED +CVE-2021-26547 + RESERVED +CVE-2021-26546 + RESERVED +CVE-2021-26545 + RESERVED +CVE-2021-26544 (Livy server version 0.7.0-incubating (only) is vulnerable to a cross s ...) + NOT-FOR-US: Apache Livy +CVE-2021-26543 (The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command i ...) + NOT-FOR-US: git-parse nodejs module +CVE-2021-26542 + RESERVED +CVE-2021-26541 (The gitlog function in src/index.ts in gitlog before 4.0.4 has a comma ...) + NOT-FOR-US: Node gitlog +CVE-2021-26540 (Apostrophe Technologies sanitize-html before 2.3.2 does not properly v ...) + - node-sanitize-html <not-affected> (Fixed before initial upload) +CVE-2021-26539 (Apostrophe Technologies sanitize-html before 2.3.1 does not properly h ...) + - node-sanitize-html <not-affected> (Fixed before initial upload) +CVE-2021-3379 + RESERVED +CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a ...) + NOT-FOR-US: FortiLogger +CVE-2021-3377 (The npm package ansi_up converts ANSI escape codes into HTML. In ansi_ ...) + - node-ansi-up 5.0.0+dfsg-1 (bug #984667) +CVE-2021-3376 (An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allow ...) + NOT-FOR-US: Cuppa CMS +CVE-2021-3375 (ActivePresenter 6.1.6 is affected by a memory corruption vulnerability ...) + NOT-FOR-US: ActivePresenter +CVE-2021-3374 (Directory traversal in RStudio Shiny Server before 1.5.16 allows attac ...) + NOT-FOR-US: RStudio Shiny Server +CVE-2021-3373 + RESERVED +CVE-2021-3372 + RESERVED +CVE-2021-3371 + RESERVED +CVE-2021-3370 (DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vul ...) + NOT-FOR-US: DouPHP +CVE-2021-3369 + RESERVED +CVE-2021-3368 + RESERVED +CVE-2021-3367 + RESERVED +CVE-2021-3366 + RESERVED +CVE-2021-3365 + RESERVED +CVE-2021-3364 + RESERVED +CVE-2021-3363 + RESERVED +CVE-2021-3362 + RESERVED +CVE-2021-3361 + RESERVED +CVE-2021-3360 + RESERVED +CVE-2021-3359 + RESERVED +CVE-2021-3358 + RESERVED +CVE-2021-3357 + RESERVED +CVE-2021-3356 + RESERVED +CVE-2021-3355 (A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to e ...) + NOT-FOR-US: LightCMS +CVE-2021-3354 + RESERVED +CVE-2021-3353 + RESERVED +CVE-2021-3352 (The Software Development Kit in Mitel MiContact Center Business from 8 ...) + NOT-FOR-US: Mitel +CVE-2021-3351 (OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device ...) + NOT-FOR-US: OpenPLC +CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS ...) + NOT-FOR-US: Delete Account plugin for MyBB +CVE-2021-3349 (** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signat ...) + - evolution <unfixed> (unimportant) + NOTE: GNOME Evlolution upstreams claims that the issue should be fixed completely + NOTE: on the GnuPG side, whilst the reporter claims theat GnuPG provides what is + NOTE: needed to adress it on evolution's side. + NOTE: https://dev.gnupg.org/T4735 + NOTE: https://gitlab.gnome.org/GNOME/evolution/-/issues/299 + NOTE: https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html +CVE-2021-26538 + RESERVED +CVE-2021-26537 + RESERVED +CVE-2021-26536 + RESERVED +CVE-2021-26535 + RESERVED +CVE-2021-26534 + RESERVED +CVE-2021-26533 + RESERVED +CVE-2021-26532 + RESERVED +CVE-2021-26531 + RESERVED +CVE-2021-26530 (The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compile ...) + NOT-FOR-US: Cesanta Mongoose + NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 +CVE-2021-26529 (The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7- ...) + NOT-FOR-US: Cesanta Mongoose + NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 +CVE-2021-26528 (The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is ...) + NOT-FOR-US: Cesanta Mongoose + NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 +CVE-2021-26527 + RESERVED +CVE-2021-26526 + RESERVED +CVE-2021-26525 + RESERVED +CVE-2021-26524 + RESERVED +CVE-2021-26523 + RESERVED +CVE-2021-26522 + RESERVED +CVE-2021-26521 + RESERVED +CVE-2021-26520 + RESERVED +CVE-2021-26519 + RESERVED +CVE-2021-26518 + RESERVED +CVE-2021-26517 + RESERVED +CVE-2021-26516 + RESERVED +CVE-2021-26515 + RESERVED +CVE-2021-26514 + RESERVED +CVE-2021-26513 + RESERVED +CVE-2021-26512 + RESERVED +CVE-2021-26511 + RESERVED +CVE-2021-26510 + RESERVED +CVE-2021-26509 + RESERVED +CVE-2021-26508 + RESERVED +CVE-2021-26507 + RESERVED +CVE-2021-26506 + RESERVED +CVE-2021-26505 + RESERVED +CVE-2021-26504 + RESERVED +CVE-2021-26503 + RESERVED +CVE-2021-26502 + RESERVED +CVE-2021-26501 + RESERVED +CVE-2021-26500 + RESERVED +CVE-2021-26499 + RESERVED +CVE-2021-26498 + RESERVED +CVE-2021-26497 + RESERVED +CVE-2021-26496 + RESERVED +CVE-2021-26495 + RESERVED +CVE-2021-26494 + RESERVED +CVE-2021-26493 + RESERVED +CVE-2021-26492 + RESERVED +CVE-2021-26491 + RESERVED +CVE-2021-26490 + RESERVED +CVE-2021-26489 + RESERVED +CVE-2021-26488 + RESERVED +CVE-2021-26487 + RESERVED +CVE-2021-26486 + RESERVED +CVE-2021-26485 + RESERVED +CVE-2021-26484 + RESERVED +CVE-2021-26483 + RESERVED +CVE-2021-26482 + RESERVED +CVE-2021-26481 + RESERVED +CVE-2021-26480 + RESERVED +CVE-2021-26479 + RESERVED +CVE-2021-26478 + RESERVED +CVE-2021-26477 + RESERVED +CVE-2021-26476 (EPrints 3.4.2 allows remote attackers to execute OS commands via craft ...) + NOT-FOR-US: EPrints +CVE-2021-26475 (EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal ...) + NOT-FOR-US: EPrints +CVE-2021-26474 (Various Vembu products allow an attacker to execute a (non-blind) http ...) + NOT-FOR-US: Vembu BDR Suite +CVE-2021-26473 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http ...) + NOT-FOR-US: Vembu BDR Suite +CVE-2021-26472 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed ...) + NOT-FOR-US: Vembu BDR Suite +CVE-2021-26471 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http ...) + NOT-FOR-US: Vembu BDR Suite +CVE-2021-26470 + RESERVED +CVE-2021-26469 + RESERVED +CVE-2021-26468 + RESERVED +CVE-2021-26467 + RESERVED +CVE-2021-26466 + RESERVED +CVE-2021-26465 + RESERVED +CVE-2021-26464 + RESERVED +CVE-2021-26463 + RESERVED +CVE-2021-26462 + RESERVED +CVE-2021-26461 (Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-a ...) + NOT-FOR-US: Apache NuttX +CVE-2021-26460 + RESERVED +CVE-2021-26459 + RESERVED +CVE-2021-26458 + RESERVED +CVE-2021-26457 + RESERVED +CVE-2021-26456 + RESERVED +CVE-2021-26455 + RESERVED +CVE-2021-26454 + RESERVED +CVE-2021-26453 + RESERVED +CVE-2021-26452 + RESERVED +CVE-2021-26451 + RESERVED +CVE-2021-26450 + RESERVED +CVE-2021-26449 + RESERVED +CVE-2021-26448 + RESERVED +CVE-2021-26447 + RESERVED +CVE-2021-26446 + RESERVED +CVE-2021-26445 + RESERVED +CVE-2021-26444 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-26443 (Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2021-26442 (Windows HTTP.sys Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Siemens +CVE-2021-26441 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Siemens +CVE-2021-26440 + RESERVED +CVE-2021-26439 (Microsoft Edge for Android Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26438 + RESERVED +CVE-2021-26437 (Visual Studio Code Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26436 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) + NOT-FOR-US: Microsoft +CVE-2021-26435 (Windows Scripting Engine Memory Corruption Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26434 (Visual Studio Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26433 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) + NOT-FOR-US: Microsoft +CVE-2021-26432 (Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulne ...) + NOT-FOR-US: Microsoft +CVE-2021-26431 (Windows Recovery Environment Agent Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-26430 (Azure Sphere Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26429 (Azure Sphere Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26428 (Azure Sphere Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26427 (Microsoft Exchange Server Remote Code Execution Vulnerability ...) + NOT-FOR-US: Siemens +CVE-2021-26426 (Windows User Account Profile Picture Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-26424 (Windows TCP/IP Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26423 (.NET Core and Visual Studio Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26422 (Skype for Business and Lync Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26421 (Skype for Business and Lync Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26420 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-26419 (Scripting Engine Memory Corruption Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26418 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-26417 (Windows Overlay Filter Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26416 (Windows Hyper-V Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26415 (Windows Installer Elevation of Privilege Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-26414 (Windows DCOM Server Security Feature Bypass ...) + NOT-FOR-US: Microsoft +CVE-2021-26413 (Windows Installer Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26412 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-26411 (Internet Explorer Memory Corruption Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-26410 + RESERVED +CVE-2021-26409 + RESERVED +CVE-2021-26408 + RESERVED +CVE-2021-26407 + RESERVED +CVE-2021-26406 + RESERVED +CVE-2021-26405 + RESERVED +CVE-2021-26404 + RESERVED +CVE-2021-26403 + RESERVED +CVE-2021-26402 + RESERVED +CVE-2021-26401 + RESERVED +CVE-2021-26400 + RESERVED +CVE-2021-26399 + RESERVED +CVE-2021-26398 + RESERVED +CVE-2021-26397 + RESERVED +CVE-2021-26396 + RESERVED +CVE-2021-26395 + RESERVED +CVE-2021-26394 + RESERVED +CVE-2021-26393 + RESERVED +CVE-2021-26392 + RESERVED +CVE-2021-26391 + RESERVED +CVE-2021-26390 + RESERVED +CVE-2021-26389 + RESERVED +CVE-2021-26388 + RESERVED +CVE-2021-26387 + RESERVED +CVE-2021-26386 + RESERVED +CVE-2021-26385 + RESERVED +CVE-2021-26384 + RESERVED +CVE-2021-26383 + RESERVED +CVE-2021-26382 + RESERVED +CVE-2021-26381 + RESERVED +CVE-2021-26380 + RESERVED +CVE-2021-26379 + RESERVED +CVE-2021-26378 + RESERVED +CVE-2021-26377 + RESERVED +CVE-2021-26376 + RESERVED +CVE-2021-26375 + RESERVED +CVE-2021-26374 + RESERVED +CVE-2021-26373 + RESERVED +CVE-2021-26372 + RESERVED +CVE-2021-26371 + RESERVED +CVE-2021-26370 + RESERVED +CVE-2021-26369 + RESERVED +CVE-2021-26368 + RESERVED +CVE-2021-26367 + RESERVED +CVE-2021-26366 + RESERVED +CVE-2021-26365 + RESERVED +CVE-2021-26364 + RESERVED +CVE-2021-26363 + RESERVED +CVE-2021-26362 + RESERVED +CVE-2021-26361 + RESERVED +CVE-2021-26360 + RESERVED +CVE-2021-26359 + RESERVED +CVE-2021-26358 + RESERVED +CVE-2021-26357 + RESERVED +CVE-2021-26356 + RESERVED +CVE-2021-26355 + RESERVED +CVE-2021-26354 + RESERVED +CVE-2021-26353 + RESERVED +CVE-2021-26352 + RESERVED +CVE-2021-26351 + RESERVED +CVE-2021-26350 + RESERVED +CVE-2021-26349 + RESERVED +CVE-2021-26348 + RESERVED +CVE-2021-26347 + RESERVED +CVE-2021-26346 + RESERVED +CVE-2021-26345 + RESERVED +CVE-2021-26344 + RESERVED +CVE-2021-26343 + RESERVED +CVE-2021-26342 + RESERVED +CVE-2021-26341 + RESERVED +CVE-2021-26340 (A malicious hypervisor in conjunction with an unprivileged attacker pr ...) + NOT-FOR-US: AMD +CVE-2021-26339 + RESERVED +CVE-2021-26338 (Improper access controls in System Management Unit (SMU) may allow for ...) + NOT-FOR-US: AMD +CVE-2021-26337 (Insufficient DRAM address validation in System Management Unit (SMU) m ...) + NOT-FOR-US: AMD +CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may cause ...) + NOT-FOR-US: AMD +CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...) + NOT-FOR-US: AMD +CVE-2021-26334 (The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower ...) + NOT-FOR-US: AMD +CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...) + NOT-FOR-US: AMD +CVE-2021-26332 + RESERVED +CVE-2021-26331 (AMD System Management Unit (SMU) contains a potential issue where a ma ...) + NOT-FOR-US: AMD +CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based overflow ...) + NOT-FOR-US: AMD +CVE-2021-26329 (AMD System Management Unit (SMU) may experience an integer overflow wh ...) + NOT-FOR-US: AMD +CVE-2021-26328 + RESERVED +CVE-2021-26327 (Insufficient validation of guest context in the SNP Firmware could lea ...) + NOT-FOR-US: AMD +CVE-2021-26326 (Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss o ...) + NOT-FOR-US: AMD +CVE-2021-26325 (Insufficient input validation in the SNP_GUEST_REQUEST command may lea ...) + NOT-FOR-US: AMD +CVE-2021-26324 + RESERVED +CVE-2021-26323 (Failure to validate SEV Commands while SNP is active may result in a p ...) + NOT-FOR-US: AMD +CVE-2021-26322 (Persistent platform private key may not be protected with a random IV ...) + NOT-FOR-US: AMD +CVE-2021-26321 (Insufficient ID command validation in the SEV Firmware may allow a loc ...) + NOT-FOR-US: AMD +CVE-2021-26320 (Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_S ...) + NOT-FOR-US: AMD +CVE-2021-26319 + RESERVED +CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...) + NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017 + TODO: check details and if mitigation in microcode/kernel exists +CVE-2021-26317 + RESERVED +CVE-2021-26316 + RESERVED +CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads, authent ...) + NOT-FOR-US: AMD +CVE-2021-26314 (Potential floating point value injection in all supported CPU products ...) + NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 + NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in + NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314"). +CVE-2021-26313 (Potential speculative code store bypass in all supported CPU products, ...) + {DSA-4931-1} + - xen 4.14.2+25-gb6a8c4f72d-1 + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-375.html + NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003 +CVE-2021-26312 (PSP protection against improperly configured side channels may lead to ...) + NOT-FOR-US: AMD +CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest a ...) + NOT-FOR-US: AMD +CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...) + NOT-FOR-US: Foris +CVE-2021-3344 (A privilege escalation flaw was found in OpenShift builder. During bui ...) + NOT-FOR-US: OpenShift +CVE-2021-26310 (In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possibl ...) + NOT-FOR-US: TeamCity IntelliJ plugin +CVE-2021-26309 (Information disclosure in the TeamCity plugin for IntelliJ before 2020 ...) + NOT-FOR-US: TeamCity IntelliJ plugin +CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9. ...) + [experimental] - libgcrypt20 1.9.1-1 (bug #981370) + - libgcrypt20 <not-affected> (Only affected 1.9) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2145 + NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html + NOTE: https://dev.gnupg.org/T5275 + NOTE: Introduced by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e76617cbab018dd8f41fd6b4ec6740b5303f7e13 + NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08 +CVE-2021-3348 (nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10 ...) + {DLA-2610-1} + - linux 5.10.13-1 + [buster] - linux 4.19.177-1 + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b98e762e3d71e893b221f871825dc64694cfb258 (5.11-rc6) +CVE-2021-3347 (An issue was discovered in the Linux kernel through 5.10.11. PI futexe ...) + {DSA-4843-1 DLA-2586-1 DLA-2557-1} + - linux 5.10.12-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/1 +CVE-2021-3343 + RESERVED +CVE-2021-3342 (EPrints 3.4.2 allows remote attackers to read arbitrary files and poss ...) + NOT-FOR-US: EPrints +CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of DH2i Dx ...) + NOT-FOR-US: DH2i DxEnterprise and DxOdyssey for Windows +CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of Wikindx be ...) + NOT-FOR-US: Wikindx +CVE-2021-3339 (ModernFlow before 1.3.00.208 does not constrain web-page access to mem ...) + NOT-FOR-US: ModernFlow +CVE-2021-3338 + RESERVED +CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...) + NOT-FOR-US: MyBB +CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not c ...) + - wolfssl 4.6.0-3 + NOTE: https://github.com/wolfSSL/wolfssl/pull/3676 +CVE-2021-26308 (An issue was discovered in the marc crate before 2.0.0 for Rust. A use ...) + NOT-FOR-US: Rust marc +CVE-2021-26307 (An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. ...) + NOT-FOR-US: Rust raw-cpuid +CVE-2021-26306 (An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. ...) + NOT-FOR-US: Rust raw-cpuid +CVE-2021-26305 (An issue was discovered in Deserializer::read_vec in the cdr crate bef ...) + NOT-FOR-US: Rust Deserializer::read_vec +CVE-2021-26304 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...) + NOT-FOR-US: PHPGurukul Daily Expense Tracker System +CVE-2021-26303 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...) + NOT-FOR-US: PHPGurukul Daily Expense Tracker System +CVE-2021-26302 + RESERVED +CVE-2021-26301 + RESERVED +CVE-2021-26300 + RESERVED +CVE-2021-26299 + RESERVED +CVE-2021-3335 + RESERVED +CVE-2021-3334 + RESERVED +CVE-2021-26298 + RESERVED +CVE-2021-26297 + RESERVED +CVE-2021-26296 (In the default configuration, Apache MyFaces Core versions 2.2.0 to 2. ...) + NOT-FOR-US: Apache MyFaces +CVE-2021-26295 (Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthen ...) + NOT-FOR-US: Apache OFBiz +CVE-2021-3333 (Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). W ...) + NOT-FOR-US: Open-AudIT +CVE-2021-3332 (WPS Hide Login 1.6.1 allows remote attackers to bypass a protection me ...) + NOT-FOR-US: WPS Hide Logi +CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrary pro ...) + NOT-FOR-US: WinSCP +CVE-2021-3330 (RCE/DOS: Linked-list corruption leading to large out-of-bounds write w ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-3329 + RESERVED +CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.1 ...) + NOT-FOR-US: Aprelium Abyss Web Server +CVE-2021-3327 (Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_t ...) + NOT-FOR-US: Ovation Dynamic Content +CVE-2021-26294 (An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail ...) + NOT-FOR-US: AfterLogic Aurora +CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail ...) + NOT-FOR-US: AfterLogic Aurora +CVE-2021-26292 + RESERVED +CVE-2021-26291 (Apache Maven will follow repositories that are defined in a dependency ...) + - maven <unfixed> (bug #988155) + [bullseye] - maven <no-dsa> (Minor issue) + [buster] - maven <no-dsa> (Minor issue) + [stretch] - maven <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/04/23/5 + NOTE: https://issues.apache.org/jira/browse/MNG-7118 + NOTE: https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f (3.8.x) + NOTE: https://github.com/apache/maven/commit/67125676eef313e592da6424a9be0c90c5e6bca5 (master) +CVE-2021-26290 + RESERVED +CVE-2021-26289 + RESERVED +CVE-2021-26288 + RESERVED +CVE-2021-26287 + RESERVED +CVE-2021-26286 + RESERVED +CVE-2021-26285 + RESERVED +CVE-2021-26284 + RESERVED +CVE-2021-26283 + RESERVED +CVE-2021-26282 + RESERVED +CVE-2021-26281 + RESERVED +CVE-2021-26280 + RESERVED +CVE-2021-26279 + RESERVED +CVE-2021-26278 + RESERVED +CVE-2021-26277 + RESERVED +CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka C ...) + NOT-FOR-US: GoDaddy node-config-shield +CVE-2021-26275 (** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 ...) + NOT-FOR-US: eslint-fixer +CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenticatio ...) + NOT-FOR-US: Monitorix +CVE-2021-3324 + RESERVED +CVE-2021-3323 (Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zeph ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-3322 (Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zeph ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-3321 (Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions >= v2 ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-3319 (DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addre ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editori ...) + NOT-FOR-US: DzzOffice +CVE-2021-26274 (The Agent in NinjaRMM 5.0.909 has Insecure Permissions. ...) + NOT-FOR-US: NinjaRMM +CVE-2021-26273 (The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. ...) + NOT-FOR-US: NinjaRMM +CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...) + - glibc 2.31-10 (bug #981198) + [buster] - glibc <no-dsa> (Minor issue) + [stretch] - glibc <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2146 + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27256 + NOTE: https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html + NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888 + NOTE: When fixing the issue for older suites make sure to not open up CVE-2021-43396 + NOTE: and make a complete fix. +CVE-2021-3317 (KLog Server through 2.4.1 allows authenticated command injection. asyn ...) + NOT-FOR-US: KLog Server +CVE-2021-3316 + RESERVED +CVE-2021-3315 (In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was ...) + NOT-FOR-US: JetBrains +CVE-2021-3314 (** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and b ...) + NOT-FOR-US: Oracle +CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) ...) + NOT-FOR-US: Plone +CVE-2021-3312 (An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11 ...) + NOT-FOR-US: Alkacon OpenCms +CVE-2021-3311 (An issue was discovered in October through build 471. It reactivates a ...) + NOT-FOR-US: October CMS +CVE-2021-3310 (Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbol ...) + NOT-FOR-US: Western Digital +CVE-2021-3309 (packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process co ...) + NOT-FOR-US: Wekan +CVE-2021-26272 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...) + - ckeditor 4.16.0+dfsg-1 (bug #982587) + [buster] - ckeditor <no-dsa> (Minor issue) + [stretch] - ckeditor <postponed> (Fix along next DLA) + NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 +CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...) + - ckeditor 4.16.0+dfsg-1 (bug #982587) + [buster] - ckeditor <no-dsa> (Minor issue) + [stretch] - ckeditor <postponed> (Fix along next DLA) + NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 +CVE-2021-26270 + RESERVED +CVE-2021-3307 + RESERVED +CVE-2021-3306 + RESERVED +CVE-2021-3305 + RESERVED +CVE-2021-3304 (Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long ...) + NOT-FOR-US: Sagemcom +CVE-2021-3303 + RESERVED +CVE-2021-3302 + RESERVED +CVE-2021-3301 + RESERVED +CVE-2021-3300 + RESERVED +CVE-2021-3299 + RESERVED +CVE-2021-3298 (Collabtive 3.1 allows XSS when an authenticated user enters an XSS pay ...) + - collabtive <removed> +CVE-2021-3297 (On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to ...) + NOT-FOR-US: Zyxel +CVE-2021-3296 + RESERVED +CVE-2021-3295 + RESERVED +CVE-2021-3294 (CASAP Automated Enrollment System 1.0 is affected by cross-site script ...) + NOT-FOR-US: CASAP Automated Enrollment System +CVE-2021-3293 (emlog v5.3.1 has full path disclosure vulnerability in t/index.php, wh ...) + NOT-FOR-US: emlog +CVE-2021-3292 + RESERVED +CVE-2021-3291 (Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by insp ...) + NOT-FOR-US: Zen Cart +CVE-2021-3290 + RESERVED +CVE-2021-3289 + RESERVED +CVE-2021-3288 + RESERVED +CVE-2021-26269 + RESERVED +CVE-2021-26268 + RESERVED +CVE-2021-26267 (cPanel before 92.0.9 allows a MySQL user (who has an old-style passwor ...) + NOT-FOR-US: cPanel +CVE-2021-26266 (cPanel before 92.0.9 allows a Reseller to bypass the suspension lock ( ...) + NOT-FOR-US: cPanel +CVE-2021-26246 + RESERVED +CVE-2021-26245 + RESERVED +CVE-2021-26244 + RESERVED +CVE-2021-26243 + RESERVED +CVE-2021-26242 + RESERVED +CVE-2021-26241 + RESERVED +CVE-2021-26240 + RESERVED +CVE-2021-26239 + RESERVED +CVE-2021-26238 + RESERVED +CVE-2021-26237 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...) + NOT-FOR-US: FastStone Image Viewer +CVE-2021-26236 (FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer ...) + NOT-FOR-US: FastStone Image Viewer +CVE-2021-26235 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...) + NOT-FOR-US: FastStone Image Viewer +CVE-2021-26234 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...) + NOT-FOR-US: FastStone Image Viewer +CVE-2021-26233 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...) + NOT-FOR-US: FastStone Image Viewer +CVE-2021-26232 (SQL injection vulnerability in SourceCodester Simple College Website v ...) + NOT-FOR-US: SourceCodester Simple College Website +CVE-2021-26231 (SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 ...) + NOT-FOR-US: SourceCodester Fantastic Blog CMS +CVE-2021-26230 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...) + NOT-FOR-US: SourceCodester CASAP Automated Enrollment System +CVE-2021-26229 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...) + NOT-FOR-US: SourceCodester CASAP Automated Enrollment System +CVE-2021-26228 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...) + NOT-FOR-US: SourceCodester CASAP Automated Enrollment System +CVE-2021-26227 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...) + NOT-FOR-US: SourceCodester CASAP Automated Enrollment System +CVE-2021-26226 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...) + NOT-FOR-US: SourceCodester CASAP Automated Enrollment System +CVE-2021-26225 + RESERVED +CVE-2021-26224 (Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-B ...) + NOT-FOR-US: SourceCodester Fantastic-Blog-CMS +CVE-2021-26223 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...) + NOT-FOR-US: SourceCodester CASAP Automated Enrollment System +CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...) + - mapcache <unfixed> (bug #989363) + [bullseye] - mapcache <no-dsa> (Minor issue) + [buster] - mapcache <no-dsa> (Minor issue) + [stretch] - mapcache <no-dsa> (Minor issue) + - scilab <unfixed> (bug #989364) + [bullseye] - scilab <no-dsa> (Minor issue) + [buster] - scilab <no-dsa> (Minor issue) + [stretch] - scilab <no-dsa> (Minor issue) + - netcdf <unfixed> (bug #989360) + [bullseye] - netcdf <no-dsa> (Minor issue) + [buster] - netcdf <no-dsa> (Minor issue) + [stretch] - netcdf <not-affected> (vulnerable code not present) + - netcdf-parallel <unfixed> (bug #989361) + [bullseye] - netcdf-parallel <no-dsa> (Minor issue) + [buster] - netcdf-parallel <no-dsa> (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/22/ +CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...) + - mapcache <unfixed> (bug #989363) + [bullseye] - mapcache <no-dsa> (Minor issue) + [buster] - mapcache <no-dsa> (Minor issue) + [stretch] - mapcache <no-dsa> (Minor issue) + - scilab <unfixed> (bug #989364) + [bullseye] - scilab <no-dsa> (Minor issue) + [buster] - scilab <no-dsa> (Minor issue) + [stretch] - scilab <no-dsa> (Minor issue) + - netcdf <unfixed> (bug #989360) + [bullseye] - netcdf <no-dsa> (Minor issue) + [buster] - netcdf <no-dsa> (Minor issue) + [stretch] - netcdf <not-affected> (vulnerable code not present) + - netcdf-parallel <unfixed> (bug #989361) + [bullseye] - netcdf-parallel <no-dsa> (Minor issue) + [buster] - netcdf-parallel <no-dsa> (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/21/ +CVE-2021-26220 (The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to O ...) + - mapcache <unfixed> (bug #989363) + [bullseye] - mapcache <no-dsa> (Minor issue) + [buster] - mapcache <no-dsa> (Minor issue) + [stretch] - mapcache <no-dsa> (Minor issue) + - scilab <unfixed> (bug #989364) + [bullseye] - scilab <no-dsa> (Minor issue) + [buster] - scilab <no-dsa> (Minor issue) + [stretch] - scilab <no-dsa> (Minor issue) + - netcdf <unfixed> (bug #989360) + [bullseye] - netcdf <no-dsa> (Minor issue) + [buster] - netcdf <no-dsa> (Minor issue) + [stretch] - netcdf <not-affected> (vulnerable code not present) + - netcdf-parallel <unfixed> (bug #989361) + [bullseye] - netcdf-parallel <no-dsa> (Minor issue) + [buster] - netcdf-parallel <no-dsa> (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/223/ +CVE-2021-26219 + RESERVED +CVE-2021-26218 + RESERVED +CVE-2021-26217 + RESERVED +CVE-2021-26216 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out. ...) + NOT-FOR-US: SeedDMS +CVE-2021-26215 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out. ...) + NOT-FOR-US: SeedDMS +CVE-2021-26214 + RESERVED +CVE-2021-26213 + RESERVED +CVE-2021-26212 + RESERVED +CVE-2021-26211 + RESERVED +CVE-2021-26210 + RESERVED +CVE-2021-26209 + RESERVED +CVE-2021-26208 + RESERVED +CVE-2021-26207 + RESERVED +CVE-2021-26206 + RESERVED +CVE-2021-26205 + RESERVED +CVE-2021-26204 + RESERVED +CVE-2021-26203 + RESERVED +CVE-2021-26202 + RESERVED +CVE-2021-26201 (The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable ...) + NOT-FOR-US: Login Panel of CASAP Automated Enrollment System +CVE-2021-26200 (The user area for Library System 1.0 is vulnerable to SQL injection wh ...) + NOT-FOR-US: Library System +CVE-2021-26199 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...) + - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4056 +CVE-2021-26198 (An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_ ...) + - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4402 +CVE-2021-26197 (An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_ ...) + - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4403 +CVE-2021-26196 + RESERVED +CVE-2021-26195 (An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-o ...) + - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4442 +CVE-2021-26194 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...) + - iotjs <unfixed> (bug #989991) + [bullseye] - iotjs <no-dsa> (Minor issue) + [buster] - iotjs <no-dsa> (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4445 +CVE-2021-26193 + RESERVED +CVE-2021-26192 + RESERVED +CVE-2021-26191 + RESERVED +CVE-2021-26190 + RESERVED +CVE-2021-26189 + RESERVED +CVE-2021-26188 + RESERVED +CVE-2021-26187 + RESERVED +CVE-2021-26186 + RESERVED +CVE-2021-26185 + RESERVED +CVE-2021-26184 + RESERVED +CVE-2021-26183 + RESERVED +CVE-2021-26182 + RESERVED +CVE-2021-26181 + RESERVED +CVE-2021-26180 + RESERVED +CVE-2021-26179 + RESERVED +CVE-2021-26178 + RESERVED +CVE-2021-26177 + RESERVED +CVE-2021-26176 + RESERVED +CVE-2021-26175 + RESERVED +CVE-2021-26174 + RESERVED +CVE-2021-26173 + RESERVED +CVE-2021-26172 + RESERVED +CVE-2021-26171 + RESERVED +CVE-2021-26170 + RESERVED +CVE-2021-26169 + RESERVED +CVE-2021-26168 + RESERVED +CVE-2021-26167 + RESERVED +CVE-2021-26166 + RESERVED +CVE-2021-26165 + RESERVED +CVE-2021-26164 + RESERVED +CVE-2021-26163 + RESERVED +CVE-2021-26162 + RESERVED +CVE-2021-26161 + RESERVED +CVE-2021-26160 + RESERVED +CVE-2021-26159 + RESERVED +CVE-2021-26158 + RESERVED +CVE-2021-26157 + RESERVED +CVE-2021-26156 + RESERVED +CVE-2021-26155 + RESERVED +CVE-2021-26154 + RESERVED +CVE-2021-26153 + RESERVED +CVE-2021-26152 + RESERVED +CVE-2021-26151 + RESERVED +CVE-2021-26150 + RESERVED +CVE-2021-26149 + RESERVED +CVE-2021-26148 + RESERVED +CVE-2021-26147 + RESERVED +CVE-2021-26146 + RESERVED +CVE-2021-26145 + RESERVED +CVE-2021-26144 + RESERVED +CVE-2021-26143 + RESERVED +CVE-2021-26142 + RESERVED +CVE-2021-26141 + RESERVED +CVE-2021-26140 + RESERVED +CVE-2021-26139 + RESERVED +CVE-2021-26138 + RESERVED +CVE-2021-26137 + RESERVED +CVE-2021-26136 + RESERVED +CVE-2021-26135 + RESERVED +CVE-2021-26134 + RESERVED +CVE-2021-26133 + RESERVED +CVE-2021-26132 + RESERVED +CVE-2021-26131 + RESERVED +CVE-2021-26130 + RESERVED +CVE-2021-26129 + RESERVED +CVE-2021-26128 + RESERVED +CVE-2021-26127 + RESERVED +CVE-2021-26126 + RESERVED +CVE-2021-26125 + RESERVED +CVE-2021-26124 + RESERVED +CVE-2021-23232 + RESERVED +CVE-2021-23230 (A SQL Injection vulnerability in the OPCUA interface of Gallagher Comm ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2021-23224 + RESERVED +CVE-2021-23220 + RESERVED +CVE-2021-23212 + RESERVED +CVE-2021-23211 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2021-23205 (Improper Encoding or Escaping in Gallagher Command Centre Server allow ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2021-23204 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2021-23199 + RESERVED +CVE-2021-23197 (Unquoted service path vulnerability in the Gallagher Controller Servic ...) + NOT-FOR-US: Gallagher Controller Service +CVE-2021-23193 (Improper privilege validation vulnerability in COM Interface of Gallag ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2021-23185 + RESERVED +CVE-2021-23182 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2021-23167 (Improper certificate validation vulnerability in SMTP Client allows ma ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2021-23162 (Improper validation of the cloud certificate chain in Mobile Connect a ...) + NOT-FOR-US: Gallagher +CVE-2021-23155 (Improper validation of the cloud certificate chain in Mobile Client al ...) + NOT-FOR-US: Gallagher +CVE-2021-23146 (An Incomplete Comparison with Missing Factors vulnerability in the Gal ...) + NOT-FOR-US: Gallagher +CVE-2021-23140 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2021-23136 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2021-26123 (LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wiht ...) + NOT-FOR-US: LivingLogic XIST4C +CVE-2021-26122 (LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedb ...) + NOT-FOR-US: LivingLogic XIST4C +CVE-2021-26121 + RESERVED +CVE-2021-26120 (Smarty before 3.1.39 allows code injection via an unexpected function ...) + {DLA-2618-1} + - smarty3 3.1.39-1 + [buster] - smarty3 <no-dsa> (Minor issue) + NOTE: https://github.com/smarty-php/smarty/commit/4f634c0097ab4a8b2adc2a97caacd1676e88f9c8 +CVE-2021-26119 (Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_ ...) + {DLA-2618-1} + - smarty3 3.1.39-1 + [buster] - smarty3 <no-dsa> (Minor issue) + NOTE: https://github.com/smarty-php/smarty/commit/c9272058d972045dda9c99c64a82acb21c93c6ad +CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the creation of adv ...) + NOT-FOR-US: Apache ActiveMQ Artemis +CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use anony ...) + {DLA-2583-1} + - activemq 5.16.1-1 (bug #982590) + [buster] - activemq <no-dsa> (Minor issue) + NOTE: https://issues.apache.org/jira/browse/AMQ-8035 + NOTE: https://www.openwall.com/lists/oss-security/2021/01/27/6 + NOTE: https://gitbox.apache.org/repos/asf?p=activemq.git;h=c9f68f4c64b2687eee283b95538753665d2b229b +CVE-2021-26116 + RESERVED +CVE-2021-26115 + RESERVED +CVE-2021-26114 + RESERVED +CVE-2021-26113 + RESERVED +CVE-2021-26112 + RESERVED +CVE-2021-26111 (A missing release of memory after effective lifetime vulnerability in ...) + NOT-FOR-US: Fortiguard +CVE-2021-26110 (An improper access control vulnerability [CWE-284] in FortiOS autod da ...) + NOT-FOR-US: FortiGuard +CVE-2021-26109 (An integer overflow or wraparound vulnerability in the memory allocato ...) + NOT-FOR-US: FortiGuard +CVE-2021-26108 (A use of hard-coded cryptographic key vulnerability in the SSLVPN of F ...) + NOT-FOR-US: FortiGuard +CVE-2021-26107 (An improper access control vulnerability [CWE-284] in FortiManager ver ...) + NOT-FOR-US: Fortiguard +CVE-2021-26106 (An improper neutralization of special elements used in an OS Command v ...) + NOT-FOR-US: Fortiguard +CVE-2021-26105 + RESERVED +CVE-2021-26104 + RESERVED +CVE-2021-26103 (An insufficient verification of data authenticity vulnerability (CWE-3 ...) + NOT-FOR-US: FortiGuard +CVE-2021-26102 + RESERVED +CVE-2021-26101 + RESERVED +CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption service ...) + NOT-FOR-US: Fortiguard +CVE-2021-26099 (Missing cryptographic steps in the Identity-Based Encryption service o ...) + NOT-FOR-US: FortiMail +CVE-2021-26098 (An instance of small space of random values in the RPC API of FortiSan ...) + NOT-FOR-US: FortiSandbox +CVE-2021-26097 (An improper neutralization of special elements used in an OS Command v ...) + NOT-FOR-US: FortiSandbox +CVE-2021-26096 (Multiple instances of heap-based buffer overflow in the command shell ...) + NOT-FOR-US: FortiSandbox +CVE-2021-26095 (The combination of various cryptographic issues in the session managem ...) + NOT-FOR-US: FortiMail +CVE-2021-26094 + RESERVED +CVE-2021-26093 + RESERVED +CVE-2021-26092 + RESERVED +CVE-2021-26091 + RESERVED +CVE-2021-26090 (A missing release of memory after its effective lifetime vulnerability ...) + NOT-FOR-US: FortiMail +CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and below m ...) + NOT-FOR-US: FortiClient +CVE-2021-26088 (An improper authentication vulnerability in FSSO Collector version 5.0 ...) + NOT-FOR-US: Fortinet +CVE-2021-26087 + RESERVED +CVE-2021-26086 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-26085 (Affected versions of Atlassian Confluence Server allow remote attacker ...) + NOT-FOR-US: Atlassian Confluence +CVE-2021-26084 (In affected versions of Confluence Server and Data Center, an OGNL inj ...) + NOT-FOR-US: Atlassian +CVE-2021-26083 (Export HTML Report in Atlassian Jira Server and Jira Data Center befor ...) + NOT-FOR-US: Atlassian +CVE-2021-26082 (The XML Export in Atlassian Jira Server and Jira Data Center before ve ...) + NOT-FOR-US: Atlassian +CVE-2021-26081 (REST API in Atlassian Jira Server and Jira Data Center before version ...) + NOT-FOR-US: Atlassian +CVE-2021-26080 (EditworkflowScheme.jspa in Jira Server and Jira Data Center before ver ...) + NOT-FOR-US: Atlassian +CVE-2021-26079 (The CardLayoutConfigTable component in Jira Server and Jira Data Cente ...) + NOT-FOR-US: Atlassian +CVE-2021-26078 (The number range searcher component in Jira Server and Jira Data Cente ...) + NOT-FOR-US: Atlassian +CVE-2021-26077 (Broken Authentication in Atlassian Connect Spring Boot (ACSB) in versi ...) + NOT-FOR-US: Atlassian +CVE-2021-26076 (The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira ...) + NOT-FOR-US: Atlassian +CVE-2021-26075 (The Jira importers plugin AttachTemporaryFile rest resource in Jira Se ...) + NOT-FOR-US: Atlassian +CVE-2021-26074 (Broken Authentication in Atlassian Connect Spring Boot (ACSB) from ver ...) + NOT-FOR-US: Atlassian +CVE-2021-26073 (Broken Authentication in Atlassian Connect Express (ACE) from version ...) + NOT-FOR-US: Atlassian +CVE-2021-26072 (The WidgetConnector plugin in Confluence Server and Confluence Data Ce ...) + NOT-FOR-US: Atlassian +CVE-2021-26071 (The SetFeatureEnabled.jspa resource in Jira Server and Data Center bef ...) + NOT-FOR-US: Atlassian +CVE-2021-26070 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-26069 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) + NOT-FOR-US: Atlassian +CVE-2021-26068 (An endpoint in Atlassian Jira Server for Slack plugin from version 0.0 ...) + NOT-FOR-US: Atlassian +CVE-2021-26067 (Affected versions of Atlassian Bamboo allow an unauthenticated remote ...) + NOT-FOR-US: Atlassian +CVE-2021-26066 + REJECTED +CVE-2021-26065 + REJECTED +CVE-2021-26064 + REJECTED +CVE-2021-26063 + REJECTED +CVE-2021-26062 + REJECTED +CVE-2021-26061 + REJECTED +CVE-2021-26060 + REJECTED +CVE-2021-26059 + REJECTED +CVE-2021-26058 + REJECTED +CVE-2021-26057 + REJECTED +CVE-2021-26056 + REJECTED +CVE-2021-26055 + REJECTED +CVE-2021-26054 + REJECTED +CVE-2021-26053 + REJECTED +CVE-2021-26052 + REJECTED +CVE-2021-26051 + REJECTED +CVE-2021-26050 + REJECTED +CVE-2021-26049 + REJECTED +CVE-2021-26048 + REJECTED +CVE-2021-26047 + REJECTED +CVE-2021-26046 + REJECTED +CVE-2021-26045 + REJECTED +CVE-2021-26044 + REJECTED +CVE-2021-26043 + REJECTED +CVE-2021-26042 + REJECTED +CVE-2021-26041 + REJECTED +CVE-2021-26040 (An issue was discovered in Joomla! 4.0.0. The media manager does not c ...) + NOT-FOR-US: Joomla! +CVE-2021-26039 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...) + NOT-FOR-US: Joomla! +CVE-2021-26038 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install actio ...) + NOT-FOR-US: Joomla! +CVE-2021-26037 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions ...) + NOT-FOR-US: Joomla! +CVE-2021-26036 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing valid ...) + NOT-FOR-US: Joomla! +CVE-2021-26035 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...) + NOT-FOR-US: Joomla! +CVE-2021-26034 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...) + NOT-FOR-US: Joomla! +CVE-2021-26033 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...) + NOT-FOR-US: Joomla! +CVE-2021-26032 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was miss ...) + NOT-FOR-US: Joomla! +CVE-2021-26031 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate fi ...) + NOT-FOR-US: Joomla! +CVE-2021-26030 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate es ...) + NOT-FOR-US: Joomla! +CVE-2021-26029 (An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate fi ...) + NOT-FOR-US: Joomla! +CVE-2021-26028 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an ...) + NOT-FOR-US: Joomla! +CVE-2021-26027 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL ...) + NOT-FOR-US: Joomla! +CVE-2021-3287 (Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Rem ...) + NOT-FOR-US: Zoho ManageEngine OpManager +CVE-2021-26026 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...) + NOT-FOR-US: ACDSee Professional 2021 +CVE-2021-26025 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...) + NOT-FOR-US: ACDSee Professional 2021 +CVE-2021-3286 (SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands p ...) + - spotweb <not-affected> (Incomplete fix for CVE-2020-35545 not applied) + NOTE: https://github.com/spotweb/spotweb/issues/653 +CVE-2021-3285 (jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1. ...) + NOT-FOR-US: TI Code Composer Studio IDE +CVE-2021-3284 + RESERVED +CVE-2021-3283 (HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task d ...) + - nomad 0.12.10+dfsg1-1 (bug #981889) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332 +CVE-2021-3282 (HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-3281 (In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, ...) + {DLA-2540-1} + - python-django 2:2.2.18-1 (bug #981562) + [buster] - python-django <no-dsa> (Minor issue) + NOTE: https://www.djangoproject.com/weblog/2021/feb/01/security-releases/ + NOTE: https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23 (master) + NOTE: https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37 (2.2.18) +CVE-2021-26024 (The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable ...) + NOT-FOR-US: Nagios XI +CVE-2021-26023 (The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable ...) + NOT-FOR-US: Nagios XI +CVE-2021-26022 + RESERVED +CVE-2021-26021 + RESERVED +CVE-2021-26020 + RESERVED +CVE-2021-26019 + RESERVED +CVE-2021-26018 + RESERVED +CVE-2021-26017 + RESERVED +CVE-2021-26016 + RESERVED +CVE-2021-26015 + RESERVED +CVE-2021-26014 + RESERVED +CVE-2021-26013 + RESERVED +CVE-2021-26012 + RESERVED +CVE-2021-26011 + RESERVED +CVE-2021-26010 + RESERVED +CVE-2021-26009 + RESERVED +CVE-2021-26008 + RESERVED +CVE-2021-26007 + RESERVED +CVE-2021-26006 + RESERVED +CVE-2021-26005 + RESERVED +CVE-2021-26004 + RESERVED +CVE-2021-26003 + RESERVED +CVE-2021-26002 + RESERVED +CVE-2021-26001 + RESERVED +CVE-2021-26000 + RESERVED +CVE-2021-25999 + RESERVED +CVE-2021-25998 + RESERVED +CVE-2021-25997 + RESERVED +CVE-2021-25996 + RESERVED +CVE-2021-25995 + RESERVED +CVE-2021-25994 (In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Head ...) + NOT-FOR-US: Userfrosting +CVE-2021-25993 (In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected b ...) + NOT-FOR-US: Requarks wiki.js +CVE-2021-25992 (In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a ...) + NOT-FOR-US: Ifme +CVE-2021-25991 (In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper a ...) + NOT-FOR-US: Ifme +CVE-2021-25990 (In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable agai ...) + NOT-FOR-US: Ifme +CVE-2021-25989 (In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable agains ...) + NOT-FOR-US: Ifme +CVE-2021-25988 (In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable agains ...) + NOT-FOR-US: Ifme +CVE-2021-25987 (Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The po ...) + NOT-FOR-US: hexo blog framework +CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cros ...) + NOT-FOR-US: Django-wiki +CVE-2021-25985 (In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improp ...) + NOT-FOR-US: Factor (App Framework & Headless CMS) +CVE-2021-25984 (In Factor (App Framework & Headless CMS) forum plugin, versions v1 ...) + NOT-FOR-US: Factor (App Framework & Headless CMS) +CVE-2021-25983 (In Factor (App Framework & Headless CMS) forum plugin, versions v1 ...) + NOT-FOR-US: Factor (App Framework & Headless CMS) +CVE-2021-25982 (In Factor (App Framework & Headless CMS) forum plugin, versions 1. ...) + NOT-FOR-US: Factor (App Framework & Headless CMS) +CVE-2021-25981 (In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev ve ...) + NOT-FOR-US: Talkyard +CVE-2021-25980 (In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22 ...) + NOT-FOR-US: Talkyard +CVE-2021-25979 (Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insuffi ...) + NOT-FOR-US: Apostrophe CMS +CVE-2021-25978 (Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stor ...) + NOT-FOR-US: Apostrophe CMS +CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...) + NOT-FOR-US: PiranhaCMS +CVE-2021-25976 (In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross- ...) + NOT-FOR-US: PiranhaCMS +CVE-2021-25975 (In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a ...) + NOT-FOR-US: Publify +CVE-2021-25974 (In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A us ...) + NOT-FOR-US: Publify +CVE-2021-25973 (In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Cont ...) + NOT-FOR-US: Publify +CVE-2021-25972 (In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-S ...) + NOT-FOR-US: Camaleon CMS +CVE-2021-25971 (In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught ...) + NOT-FOR-US: Camaleon CMS +CVE-2021-25970 (Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session ...) + NOT-FOR-US: Camaleon CMS +CVE-2021-25969 (In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to ...) + NOT-FOR-US: Camaleon CMS +CVE-2021-25968 (In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a ...) + NOT-FOR-US: OpenCMS +CVE-2021-25967 (In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerab ...) + NOT-FOR-US: CKAN +CVE-2021-25966 (In “Orchard core CMS” application, versions 1.0.0-beta1-33 ...) + NOT-FOR-US: Orchard CMS +CVE-2021-25965 (In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site ...) + NOT-FOR-US: Calibre web +CVE-2021-25964 (In “Calibre-web” application, v0.6.0 to v0.6.12, are vulne ...) + NOT-FOR-US: Calibre web +CVE-2021-25963 (In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cr ...) + NOT-FOR-US: Shuup +CVE-2021-25962 (“Shuup” application in versions 0.4.2 to 2.10.8 is affecte ...) + NOT-FOR-US: Shuup +CVE-2021-25961 (In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7. ...) + NOT-FOR-US: SuiteCRM +CVE-2021-25960 (In “SuiteCRM” application, v7.11.18 through v7.11.19 and v ...) + NOT-FOR-US: SuiteCRM +CVE-2021-25959 (In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected ...) + NOT-FOR-US: OpenCRX +CVE-2021-25958 (In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch ...) + NOT-FOR-US: Apache Ofbiz +CVE-2021-25957 (In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerabl ...) + - dolibarr <removed> + NOTE: https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377 +CVE-2021-25956 (In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 ...) + - dolibarr <removed> + NOTE: https://github.com/Dolibarr/dolibarr/commit/c4cba43bade736ab89e31013a6ccee59a6e077ee +CVE-2021-25955 (In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v1 ...) + - dolibarr <removed> + NOTE: https://github.com/Dolibarr/dolibarr/commit/796b2d201acb9938b903fb2afa297db289ecc93e +CVE-2021-25954 (In “Dolibarr” application, 2.8.1 to 13.0.4 don’t res ...) + - dolibarr <removed> +CVE-2021-25953 (Prototype pollution vulnerability in 'putil-merge' versions1.0.0 throu ...) + NOT-FOR-US: Node putil-merge +CVE-2021-25952 (Prototype pollution vulnerability in ‘just-safe-set’ versi ...) + NOT-FOR-US: AngusC just-safe-set +CVE-2021-25951 (XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to ca ...) + NOT-FOR-US: XML2Dict +CVE-2021-25950 + REJECTED +CVE-2021-25949 (Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows ...) + NOT-FOR-US: Node set-getter +CVE-2021-25948 (Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 thro ...) + NOT-FOR-US: Node expand-hash +CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1 ...) + NOT-FOR-US: Node nestie +CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 throu ...) + NOT-FOR-US: Node nconf-toml +CVE-2021-25945 (Prototype pollution vulnerability in 'js-extend' versions 0.0.1 throug ...) + NOT-FOR-US: Node js-extend +CVE-2021-25944 (Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 th ...) + NOT-FOR-US: Node deep-defaults +CVE-2021-25943 (Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6. ...) + NOT-FOR-US: Node 101 +CVE-2021-25942 + RESERVED +CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.0.0 th ...) + NOT-FOR-US: Node deep-override +CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...) + - arangodb <itp> (bug #761817) +CVE-2021-25939 (In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature whi ...) + - arangodb <itp> (bug #761817) +CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...) + - arangodb <itp> (bug #761817) +CVE-2021-25937 + RESERVED +CVE-2021-25936 + RESERVED +CVE-2021-25935 (In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1 ...) + - opennms <itp> (bug #450615) +CVE-2021-25934 (In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1 ...) + - opennms <itp> (bug #450615) +CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) + - opennms <itp> (bug #450615) +CVE-2021-25932 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) + - opennms <itp> (bug #450615) +CVE-2021-25931 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) + - opennms <itp> (bug #450615) +CVE-2021-25930 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) + - opennms <itp> (bug #450615) +CVE-2021-25929 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) + - opennms <itp> (bug #450615) +CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through ...) + NOT-FOR-US: Node safe-obj +CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 throug ...) + NOT-FOR-US: Node safe-flat +CVE-2021-25926 (In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Re ...) + NOT-FOR-US: SiCKRAGE +CVE-2021-25925 (in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored C ...) + NOT-FOR-US: SiCKRAGE +CVE-2021-25924 (In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Reques ...) + NOT-FOR-US: GoCD +CVE-2021-25923 (In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password ...) + NOT-FOR-US: OpenEMR +CVE-2021-25922 (In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross- ...) + NOT-FOR-US: OpenEMR +CVE-2021-25921 (In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross ...) + NOT-FOR-US: OpenEMR +CVE-2021-25920 (In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Ac ...) + NOT-FOR-US: OpenEMR +CVE-2021-25919 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: OpenEMR +CVE-2021-25918 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: OpenEMR +CVE-2021-25917 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: OpenEMR +CVE-2021-25916 (Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 throu ...) + NOT-FOR-US: Node patchmerge +CVE-2021-25915 (Prototype pollution vulnerability in 'changeset' versions 0.0.1 throug ...) + NOT-FOR-US: changeset +CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider' versions 1.0.0 ...) + NOT-FOR-US: object-collider +CVE-2021-25913 (Prototype pollution vulnerability in 'set-or-get' version 1.0.0 throug ...) + NOT-FOR-US: Node set-or-get +CVE-2021-25912 (Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0. ...) + NOT-FOR-US: Node dotty +CVE-2021-25911 + RESERVED +CVE-2021-25910 (Improper Authentication vulnerability in the cookie parameter of ZIV A ...) + NOT-FOR-US: ZIV AUTOMATION 4CCT-EA6-334126BF +CVE-2021-25909 (ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, al ...) + NOT-FOR-US: ZIV Automation 4CCT-EA6-334126BF +CVE-2021-25908 (An issue was discovered in the fil-ocl crate through 2021-01-04 for Ru ...) + NOT-FOR-US: Rust crate fil-ocl +CVE-2021-25907 (An issue was discovered in the containers crate before 0.9.11 for Rust ...) + NOT-FOR-US: Rust crate containers +CVE-2021-25906 (An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for ...) + NOT-FOR-US: Rust crate basic_dsp_matrix +CVE-2021-25905 (An issue was discovered in the bra crate before 0.1.1 for Rust. It lac ...) + NOT-FOR-US: Rust crate bra +CVE-2021-25904 (An issue was discovered in the av-data crate before 0.3.0 for Rust. A ...) + NOT-FOR-US: Rust crate av-data +CVE-2021-25903 (An issue was discovered in the cache crate through 2021-01-01 for Rust ...) + NOT-FOR-US: Rust crate cache +CVE-2021-25902 (An issue was discovered in the glsl-layout crate before 0.4.0 for Rust ...) + NOT-FOR-US: Rust crate glsl-layout +CVE-2021-25901 (An issue was discovered in the lazy-init crate through 2021-01-17 for ...) + NOT-FOR-US: Rust crate lazy-init +CVE-2021-3280 + RESERVED +CVE-2021-3279 (sz.chat version 4 allows injection of web scripts and HTML in the mess ...) + NOT-FOR-US: sz.chat +CVE-2021-3278 (Local Service Search Engine Management System 1.0 has a vulnerability ...) + NOT-FOR-US: Local Service Search Engine Management System +CVE-2021-3277 (Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbi ...) + NOT-FOR-US: Nagios XI +CVE-2021-3276 + RESERVED +CVE-2021-3275 (Unauthenticated stored cross-site scripting (XSS) exists in multiple T ...) + NOT-FOR-US: TP-Link +CVE-2021-3274 + RESERVED +CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the /nagiosxi/adm ...) + NOT-FOR-US: Nagios XI +CVE-2021-3272 (jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-b ...) + - jasper <removed> + NOTE: https://github.com/jasper-software/jasper/issues/259 +CVE-2021-3271 (PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS ca ...) + NOT-FOR-US: PressBooks +CVE-2021-3270 + RESERVED +CVE-2021-3269 + RESERVED +CVE-2021-3268 + RESERVED +CVE-2021-3267 + RESERVED +CVE-2021-3266 + RESERVED +CVE-2021-3265 + RESERVED +CVE-2021-3264 (SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in p ...) + NOT-FOR-US: cxuucms +CVE-2021-3263 + RESERVED +CVE-2021-3262 + RESERVED +CVE-2021-3261 + RESERVED +CVE-2021-3260 + RESERVED +CVE-2021-3259 + RESERVED +CVE-2021-3258 (Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site ...) + NOT-FOR-US: Question2Answer Q2A Ultimate SEO +CVE-2021-3257 + RESERVED +CVE-2021-3256 (KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the h ...) + NOT-FOR-US: KuaiFanCMS +CVE-2021-3255 + RESERVED +CVE-2021-3254 + RESERVED +CVE-2021-3253 + RESERVED +CVE-2021-3252 (KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect acce ...) + NOT-FOR-US: KACO New Energy XP100U Up to XP-JAVA +CVE-2021-3251 + RESERVED +CVE-2021-3250 + RESERVED +CVE-2021-3249 + RESERVED +CVE-2021-3248 + RESERVED +CVE-2021-3247 + RESERVED +CVE-2021-3246 (A heap buffer overflow vulnerability in msadpcm_decode_block of libsnd ...) + {DSA-4947-1 DLA-2722-1} + - libsndfile 1.0.31-2 (bug #991496) + NOTE: https://github.com/libsndfile/libsndfile/issues/687 + NOTE: https://github.com/libsndfile/libsndfile/commit/deb669ee8be55a94565f6f8a6b60890c2e7c6f32 +CVE-2021-3245 + RESERVED +CVE-2021-3244 + RESERVED +CVE-2021-3243 (Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerabilit ...) + NOT-FOR-US: Wfilter ICF +CVE-2021-3242 (DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: DuxCMS +CVE-2021-3241 + RESERVED +CVE-2021-3240 + RESERVED +CVE-2021-3239 (E-Learning System 1.0 suffers from an unauthenticated SQL injection vu ...) + NOT-FOR-US: E-Learning System +CVE-2021-3238 + RESERVED +CVE-2021-3237 + RESERVED +CVE-2021-3236 + RESERVED +CVE-2021-3235 + RESERVED +CVE-2021-3234 + RESERVED +CVE-2021-3233 + RESERVED +CVE-2021-3232 + RESERVED +CVE-2021-3231 + RESERVED +CVE-2021-3230 + RESERVED +CVE-2021-3229 (Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4. ...) + NOT-FOR-US: ASUSWRT ASUS RT-AX3000 firmware +CVE-2021-3228 + RESERVED +CVE-2021-3227 + RESERVED +CVE-2021-3226 + RESERVED +CVE-2021-3225 + RESERVED +CVE-2021-3224 (A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exis ...) + NOT-FOR-US: cszcms +CVE-2021-3223 (Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory tra ...) + NOT-FOR-US: Node-RED-Dashboard +CVE-2021-3222 + RESERVED +CVE-2021-3221 + RESERVED +CVE-2021-3220 + RESERVED +CVE-2021-3219 + RESERVED +CVE-2021-3218 + RESERVED +CVE-2021-3217 + RESERVED +CVE-2021-3216 + RESERVED +CVE-2021-3215 + RESERVED +CVE-2021-3214 + RESERVED +CVE-2021-3213 + RESERVED +CVE-2021-3212 + RESERVED +CVE-2021-3211 + RESERVED +CVE-2021-3210 (components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound &l ...) + NOT-FOR-US: Bloodhound +CVE-2021-3209 + RESERVED +CVE-2021-3208 + RESERVED +CVE-2021-3207 + RESERVED +CVE-2021-3206 + RESERVED +CVE-2021-3205 + RESERVED +CVE-2021-3204 (SSRF in the document conversion component of Webware Webdesktop 5.1.15 ...) + NOT-FOR-US: Webware Webdesktop +CVE-2021-3203 + RESERVED +CVE-2021-3202 + RESERVED +CVE-2021-3201 + RESERVED +CVE-2021-3200 (Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * t ...) + - libsolv 0.7.17-1 (unimportant) + NOTE: https://github.com/openSUSE/libsolv/issues/416 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) + NOTE: Crash in CLI tool, no security impact +CVE-2021-3199 (Directory traversal with remote code execution can occur in /upload in ...) + NOT-FOR-US: ONLYOFFICE Document Server +CVE-2021-3198 (By abusing the 'install rpm url' command, an attacker can escape the r ...) + NOT-FOR-US: Ivanti MobileIron Core +CVE-2021-25899 (An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0 ...) + NOT-FOR-US: Void Aural Rec Monitor +CVE-2021-25898 (An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0 ...) + NOT-FOR-US: Void Aural Rec Monitor +CVE-2021-25897 + RESERVED +CVE-2021-25896 + RESERVED +CVE-2021-25895 + RESERVED +CVE-2021-25894 (Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scriptin ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-25893 (Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scriptin ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-25892 + RESERVED +CVE-2021-25891 + RESERVED +CVE-2021-25890 + RESERVED +CVE-2021-25889 + RESERVED +CVE-2021-25888 + RESERVED +CVE-2021-25887 + RESERVED +CVE-2021-25886 + RESERVED +CVE-2021-25885 + RESERVED +CVE-2021-25884 + RESERVED +CVE-2021-25883 + RESERVED +CVE-2021-25882 + RESERVED +CVE-2021-25881 + RESERVED +CVE-2021-25880 + RESERVED +CVE-2021-25879 + RESERVED +CVE-2021-25878 (AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cro ...) + NOT-FOR-US: AVideo/YouPHPTube +CVE-2021-25877 (AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. A ...) + NOT-FOR-US: AVideo/YouPHPTube +CVE-2021-25876 (AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script S ...) + NOT-FOR-US: AVideo/YouPHPTube +CVE-2021-25875 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflec ...) + NOT-FOR-US: AVideo/YouPHPTube +CVE-2021-25874 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQ ...) + NOT-FOR-US: AVideo/YouPHPTube +CVE-2021-25873 + RESERVED +CVE-2021-25872 + RESERVED +CVE-2021-25871 + RESERVED +CVE-2021-25870 + RESERVED +CVE-2021-25869 + RESERVED +CVE-2021-25868 + RESERVED +CVE-2021-25867 + RESERVED +CVE-2021-25866 + RESERVED +CVE-2021-25865 + RESERVED +CVE-2021-25864 (node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Direct ...) + NOT-FOR-US: node-red-contrib-huemagic +CVE-2021-25863 (Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 14 ...) + NOT-FOR-US: Open5GS +CVE-2021-25862 + RESERVED +CVE-2021-25861 + RESERVED +CVE-2021-25860 + RESERVED +CVE-2021-25859 + RESERVED +CVE-2021-25858 + RESERVED +CVE-2021-25857 + RESERVED +CVE-2021-25856 + RESERVED +CVE-2021-25855 + RESERVED +CVE-2021-25854 + RESERVED +CVE-2021-25853 + RESERVED +CVE-2021-25852 + RESERVED +CVE-2021-25851 + RESERVED +CVE-2021-25850 + RESERVED +CVE-2021-25849 (An integer underflow was discovered in userdisk/vport_lldpd in Moxa Ca ...) + NOT-FOR-US: Moxa +CVE-2021-25848 (Improper validation of the length field of LLDP-MED TLV in userdisk/vp ...) + NOT-FOR-US: Moxa +CVE-2021-25847 (Improper validation of the length field of LLDP-MED TLV in userdisk/vp ...) + NOT-FOR-US: Moxa +CVE-2021-25846 (Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Mo ...) + NOT-FOR-US: Moxa +CVE-2021-25845 (Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Mo ...) + NOT-FOR-US: Moxa +CVE-2021-25844 + RESERVED +CVE-2021-25843 + RESERVED +CVE-2021-25842 + RESERVED +CVE-2021-25841 + RESERVED +CVE-2021-25840 + RESERVED +CVE-2021-25839 (A weak password requirement vulnerability exists in the Create New Use ...) + NOT-FOR-US: MintHCM +CVE-2021-25838 (The Import function in MintHCM RELEASE 3.0.8 allows an attacker to exe ...) + NOT-FOR-US: MintHCM +CVE-2021-25837 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...) + NOT-FOR-US: Cosmos Network Ethermint +CVE-2021-25836 (Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle i ...) + NOT-FOR-US: Cosmos Network Ethermint +CVE-2021-25835 (Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain tra ...) + NOT-FOR-US: Cosmos Network Ethermint +CVE-2021-25834 (Cosmos Network Ethermint <= v0.4.0 is affected by a transaction rep ...) + NOT-FOR-US: Cosmos Network Ethermint +CVE-2021-25833 (A file extension handling issue was found in [server] module of ONLYOF ...) + NOT-FOR-US: ONLYOFFICE DocumentServer +CVE-2021-25832 (A heap buffer overflow vulnerability inside of BMP image processing wa ...) + NOT-FOR-US: ONLYOFFICE DocumentServer +CVE-2021-25831 (A file extension handling issue was found in [core] module of ONLYOFFI ...) + NOT-FOR-US: ONLYOFFICE DocumentServer +CVE-2021-25830 (A file extension handling issue was found in [core] module of ONLYOFFI ...) + NOT-FOR-US: ONLYOFFICE DocumentServer +CVE-2021-25829 (An improper binary stream data handling issue was found in the [core] ...) + NOT-FOR-US: ONLYOFFICE DocumentServer +CVE-2021-25828 + RESERVED +CVE-2021-25827 + RESERVED +CVE-2021-25826 + RESERVED +CVE-2021-25825 + RESERVED +CVE-2021-25824 + RESERVED +CVE-2021-25823 + RESERVED +CVE-2021-25822 + RESERVED +CVE-2021-25821 + RESERVED +CVE-2021-25820 + RESERVED +CVE-2021-25819 + RESERVED +CVE-2021-25818 + RESERVED +CVE-2021-25817 + RESERVED +CVE-2021-25816 + RESERVED +CVE-2021-25815 + RESERVED +CVE-2021-25814 + RESERVED +CVE-2021-25813 + RESERVED +CVE-2021-25812 (Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 v ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 +CVE-2021-25811 (MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a craf ...) + NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices +CVE-2021-25810 (Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0. ...) + NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices +CVE-2021-25809 (UCMS 1.5.0 was discovered to contain a physical path leakage via an er ...) + NOT-FOR-US: UCMS +CVE-2021-25808 (A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 a ...) + NOT-FOR-US: Bludit +CVE-2021-25807 + RESERVED +CVE-2021-25806 + RESERVED +CVE-2021-25805 + RESERVED +CVE-2021-25804 (A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Pl ...) + {DSA-4834-1 DLA-2728-1} + - vlc 3.0.12-1 + NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c (v3.0.12) +CVE-2021-25803 (A buffer overflow vulnerability in the vlc_input_attachment_New compon ...) + {DSA-4834-1 DLA-2728-1} + - vlc 3.0.12-1 + NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb (v3.0.12) +CVE-2021-25802 (A buffer overflow vulnerability in the AVI_ExtractSubtitle component o ...) + {DSA-4834-1 DLA-2728-1} + - vlc 3.0.12-1 + NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72 (v3.0.12) +CVE-2021-25801 (A buffer overflow vulnerability in the __Parse_indx component of Video ...) + {DSA-4834-1 DLA-2728-1} + - vlc 3.0.12-1 + NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2 (v3.0.12) +CVE-2021-25800 + RESERVED +CVE-2021-25799 + RESERVED +CVE-2021-25798 + RESERVED +CVE-2021-25797 + RESERVED +CVE-2021-25796 + RESERVED +CVE-2021-25795 + RESERVED +CVE-2021-25794 + RESERVED +CVE-2021-25793 + RESERVED +CVE-2021-25792 + RESERVED +CVE-2021-25791 (Multiple stored cross site scripting (XSS) vulnerabilities in the "Upd ...) + NOT-FOR-US: Online Doctor Appointment System +CVE-2021-25790 (Multiple stored cross site scripting (XSS) vulnerabilities in the "Reg ...) + NOT-FOR-US: House Rental and Property Listing +CVE-2021-25789 + RESERVED +CVE-2021-25788 + RESERVED +CVE-2021-25787 + RESERVED +CVE-2021-25786 + RESERVED +CVE-2021-25785 (Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: taocms +CVE-2021-25784 (Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulne ...) + NOT-FOR-US: taocms +CVE-2021-25783 (Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulne ...) + NOT-FOR-US: taocms +CVE-2021-25782 + RESERVED +CVE-2021-25781 + RESERVED +CVE-2021-25780 (An arbitrary file upload vulnerability has been identified in posts.ph ...) + NOT-FOR-US: Baby Care System +CVE-2021-25779 (Baby Care System v1.0 is vulnerable to SQL injection via the 'id' para ...) + NOT-FOR-US: Baby Care System +CVE-2021-25778 (In JetBrains TeamCity before 2020.2.1, permissions during user deletio ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25777 (In JetBrains TeamCity before 2020.2.1, permissions during token remova ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25776 (In JetBrains TeamCity before 2020.2, an ECR token could be exposed in ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25775 (In JetBrains TeamCity before 2020.2.1, the server admin could create a ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25774 (In JetBrains TeamCity before 2020.2.1, a user could get access to the ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25773 (JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on se ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25772 (In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possibl ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25771 (In JetBrains YouTrack before 2020.6.1099, project information could be ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25770 (In JetBrains YouTrack before 2020.5.3123, server-side template injecti ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25769 (In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator w ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25768 (In JetBrains YouTrack before 2020.4.4701, permissions for attachments ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25767 (In JetBrains YouTrack before 2020.6.1767, an issue's existence could b ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25766 (In JetBrains YouTrack before 2020.4.4701, improper resource access che ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25765 (In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload w ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-25764 (In JetBrains PhpStorm before 2020.3, source code could be added to deb ...) + NOT-FOR-US: JetBrains PhpStorm +CVE-2021-25763 (In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by def ...) + NOT-FOR-US: JetBrains Ktor +CVE-2021-25762 (In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. ...) + NOT-FOR-US: JetBrains Ktor +CVE-2021-25761 (In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage ke ...) + NOT-FOR-US: JetBrains Ktor +CVE-2021-25760 (In JetBrains Hub before 2020.1.12669, information disclosure via the p ...) + NOT-FOR-US: JetBrains Hub +CVE-2021-25759 (In JetBrains Hub before 2020.1.12629, an authenticated user can delete ...) + NOT-FOR-US: JetBrains Hub +CVE-2021-25758 (In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deseria ...) + - intellij-idea <itp> (bug #747616) +CVE-2021-25757 (In JetBrains Hub before 2020.1.12629, an open redirect was possible. ...) + NOT-FOR-US: JetBrains Hub +CVE-2021-25756 (In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for sev ...) + - intellij-idea <itp> (bug #747616) +CVE-2021-25755 (In JetBrains Code With Me before 2020.3, an attacker on the local netw ...) + NOT-FOR-US: JetBrains Code With Me +CVE-2021-25754 + RESERVED +CVE-2021-25753 + RESERVED +CVE-2021-25752 + RESERVED +CVE-2021-25751 + RESERVED +CVE-2021-25750 + RESERVED +CVE-2021-25749 + RESERVED +CVE-2021-25748 + RESERVED +CVE-2021-25747 + RESERVED +CVE-2021-25746 + RESERVED +CVE-2021-25745 + RESERVED +CVE-2021-25744 + RESERVED +CVE-2021-25743 (kubectl does not neutralize escape, meta or control sequences containe ...) + - kubernetes <unfixed> + [bullseye] - kubernetes <no-dsa> (Minor issue) + NOTE: https://github.com/kubernetes/kubernetes/issues/101695 +CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user that can ...) + NOT-FOR-US: Kubernetes ingress-nginx component +CVE-2021-25741 (A security issue was discovered in Kubernetes where a user may be able ...) + - kubernetes <unfixed> + [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client) + NOTE: Server components no longer built since 1.20.5+really1.20.2-1 + NOTE: https://github.com/kubernetes/kubernetes/issues/104980 +CVE-2021-25740 (A security issue was discovered with Kubernetes that could enable user ...) + - kubernetes <unfixed> + [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/14/1 +CVE-2021-25739 + RESERVED +CVE-2021-25738 (Loading specially-crafted yaml with the Kubernetes Java Client library ...) + NOT-FOR-US: Kubernetes Java client +CVE-2021-25737 (A security issue was discovered in Kubernetes where a user may be able ...) + - kubernetes <unfixed> (bug #990793) + [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/4 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1 +CVE-2021-25736 + RESERVED + - kubernetes <not-affected> (Windows-specific) +CVE-2021-25735 (A security issue was discovered in kube-apiserver that could allow nod ...) + - kubernetes <unfixed> (bug #990793) + [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client) + NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/1 + NOTE: https://github.com/kubernetes/kubernetes/issues/100096 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1 +CVE-2021-25734 + RESERVED +CVE-2021-25733 + RESERVED +CVE-2021-25732 + RESERVED +CVE-2021-25731 + RESERVED +CVE-2021-25730 + RESERVED +CVE-2021-25729 + RESERVED +CVE-2021-25728 + RESERVED +CVE-2021-25727 + RESERVED +CVE-2021-25726 + RESERVED +CVE-2021-25725 + RESERVED +CVE-2021-25724 + RESERVED +CVE-2021-25723 + RESERVED +CVE-2021-25722 + RESERVED +CVE-2021-25721 + RESERVED +CVE-2021-25720 + RESERVED +CVE-2021-25719 + RESERVED +CVE-2021-25718 + RESERVED +CVE-2021-25717 + RESERVED +CVE-2021-25716 + RESERVED +CVE-2021-25715 + RESERVED +CVE-2021-25714 + RESERVED +CVE-2021-25713 + RESERVED +CVE-2021-25712 + RESERVED +CVE-2021-25711 + RESERVED +CVE-2021-25710 + RESERVED +CVE-2021-25709 + RESERVED +CVE-2021-25708 + RESERVED +CVE-2021-25707 + RESERVED +CVE-2021-25706 + RESERVED +CVE-2021-25705 + RESERVED +CVE-2021-25704 + RESERVED +CVE-2021-25703 + RESERVED +CVE-2021-25702 + RESERVED +CVE-2021-25701 (The fUSBHub driver in the PCoIP Software Client prior to version 21.07 ...) + NOT-FOR-US: Teradici +CVE-2021-25700 + RESERVED +CVE-2021-25699 (The OpenSSL component of the Teradici PCoIP Software Client prior to v ...) + NOT-FOR-US: Teradici +CVE-2021-25698 (The OpenSSL component of the Teradici PCoIP Standard Agent prior to ve ...) + NOT-FOR-US: Teradici +CVE-2021-25697 + RESERVED +CVE-2021-25696 + RESERVED +CVE-2021-25695 (The USB vHub in the Teradici PCOIP Software Agent prior to version 21. ...) + NOT-FOR-US: Teradici +CVE-2021-25694 (Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not vali ...) + NOT-FOR-US: Teradici PCoIP Graphics Agent for Windows +CVE-2021-25693 (An attacker may cause a Denial of Service (DoS) in multiple versions o ...) + NOT-FOR-US: Teradici PCoIP Agent +CVE-2021-25692 (Sensitive smart card data is logged in default INFO logs by Teradici's ...) + NOT-FOR-US: Teradici +CVE-2021-25691 + RESERVED +CVE-2021-25690 (A null pointer dereference in Teradici PCoIP Soft Client versions prio ...) + NOT-FOR-US: Teradici PCoIP Soft Client +CVE-2021-25689 (An out of bounds write in Teradici PCoIP soft client versions prior to ...) + NOT-FOR-US: Teradici PCoIP Soft Client +CVE-2021-25688 (Under certain conditions, Teradici PCoIP Agents for Windows prior to v ...) + NOT-FOR-US: Teradici PCoIP Agents +CVE-2021-25687 + RESERVED +CVE-2021-25686 + RESERVED +CVE-2021-25685 + RESERVED +CVE-2021-25684 (It was discovered that apport in data/apport did not properly open a r ...) + NOT-FOR-US: Apport +CVE-2021-25683 (It was discovered that the get_starttime() function in data/apport did ...) + NOT-FOR-US: Apport +CVE-2021-25682 (It was discovered that the get_pid_info() function in data/apport did ...) + NOT-FOR-US: Apport +CVE-2021-25681 (** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 s ...) + NOT-FOR-US: AdTran Personal Phone Manager +CVE-2021-25680 (** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager soft ...) + NOT-FOR-US: AdTran Personal Phone Manager +CVE-2021-25679 (** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager soft ...) + NOT-FOR-US: AdTran Personal Phone Manager +CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The salt-api' ...) + {DLA-2815-1} + - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 + NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ + NOTE: https://github.com/saltstack/salt/commit/5273722c2180c394bc426f731450b95809ca952e (v3002.3) + NOTE: https://github.com/saltstack/salt/commit/039b7f3f5713170799363d96e6263c2809e4245c (v3002.3) + NOTE: Regression: https://github.com/saltstack/salt/pull/59664 + NOTE: Regression fix: https://github.com/saltstack/salt/commit/51f350fcdf4b14e4f16cedabd743ca23c574a186 + NOTE: Regression follow-up: https://github.com/saltstack/salt/pull/59748 + NOTE: Regression follow-up fix: https://github.com/saltstack/salt/commit/61d74a7e3bc4dfd6f16a7f123e76d0824059217d +CVE-2021-3196 (An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 t ...) + NOT-FOR-US: Hitachi ID Bravura Security Fabric +CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a ne ...) + NOTE: Disputed Bitcoin issue + NOTE: https://github.com/bitcoin/bitcoin/issues/20866 +CVE-2021-3194 + RESERVED +CVE-2021-3193 (Improper access and command validation in the Nagios Docker Config Wiz ...) + NOT-FOR-US: Nagios XI +CVE-2021-3192 + RESERVED +CVE-2021-3191 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...) + NOT-FOR-US: Idelji Web ViewPoint +CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS Command Inje ...) + NOT-FOR-US: Node async-git +CVE-2021-25678 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...) + NOT-FOR-US: Solid Edge (Siemens) +CVE-2021-25677 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...) + NOT-FOR-US: Nucleus (Siemens) +CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALAN ...) + NOT-FOR-US: Siemens +CVE-2021-25675 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...) + NOT-FOR-US: Siemens +CVE-2021-25674 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...) + NOT-FOR-US: Siemens +CVE-2021-25673 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...) + NOT-FOR-US: Siemens +CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password Appstore ...) + NOT-FOR-US: Mendix Forgot Password Appstore module +CVE-2021-25671 (A vulnerability has been identified in RWG1.M12 (All versions < V1. ...) + NOT-FOR-US: Siemens +CVE-2021-25670 (A vulnerability has been identified in Tecnomatix RobotExpert (All ver ...) + NOT-FOR-US: Tecnomatix RobotExpert (Siemens) +CVE-2021-25669 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) + NOT-FOR-US: Siemens +CVE-2021-25668 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) + NOT-FOR-US: Siemens +CVE-2021-25667 (A vulnerability has been identified in RUGGEDCOM RM1224 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 80 ...) + NOT-FOR-US: Siemens +CVE-2021-25665 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2021-25664 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) + NOT-FOR-US: Nucleus (Siemens) +CVE-2021-25663 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) + NOT-FOR-US: Nucleus (Siemens) +CVE-2021-25662 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) + NOT-FOR-US: Siemens +CVE-2021-25661 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) + NOT-FOR-US: Siemens +CVE-2021-25660 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...) + NOT-FOR-US: Siemens +CVE-2021-25659 (A vulnerability has been identified in Automation License Manager 5 (A ...) + NOT-FOR-US: Automation License Manager +CVE-2021-25658 + RESERVED +CVE-2021-25657 + RESERVED +CVE-2021-25656 (Stored XSS injection vulnerabilities were discovered in the Avaya Aura ...) + NOT-FOR-US: Avaya +CVE-2021-25655 (A vulnerability in the system Service Menu component of Avaya Aura Exp ...) + NOT-FOR-US: Avaya +CVE-2021-25654 (An arbitrary code execution vulnerability was discovered in Avaya Aura ...) + NOT-FOR-US: Avaya +CVE-2021-25653 (A privilege escalation vulnerability was discovered in Avaya Aura Appl ...) + NOT-FOR-US: Avaya +CVE-2021-25652 (An information disclosure vulnerability was discovered in the director ...) + NOT-FOR-US: Avaya +CVE-2021-25651 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability w ...) + NOT-FOR-US: Avaya +CVE-2021-25650 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability w ...) + NOT-FOR-US: Avaya +CVE-2021-25649 (** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerabilit ...) + NOT-FOR-US: Avaya +CVE-2021-25648 (Mobile application "Testes de Codigo" 11.4 and prior allows an attacke ...) + NOT-FOR-US: Mobile application "Testes de Codigo" +CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...) + NOT-FOR-US: Mobile application "Testes de Codigo" +CVE-2021-25646 (Apache Druid includes the ability to execute user-provided JavaScript ...) + - druid <itp> (bug #825797) +CVE-2021-3308 (An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 throug ...) + - xen 4.14.1+11-gb0b734a8b3-1 (bug #981052) + [buster] - xen <not-affected> (Vulnerable code introduced later) + [stretch] - xen <not-affected> (Vulnerable code introduced later) + NOTE: https://xenbits.xen.org/xsa/advisory-360.html + NOTE: Introduced by: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=5b58dad089880127674d460494d1a9d68109b3d7 (4.14.0-rc1) + NOTE: Issue backported to 4.12.3 and 4.13.1 + NOTE: Fixed by: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=58427889f5a420cc5226f88524b3228f90b72a58 +CVE-2021-3189 (The slashify package 1.0.0 for Node.js allows open-redirect attacks, a ...) + NOT-FOR-US: Node slashify +CVE-2021-3188 (phpList 3.6.0 allows CSV injection, related to the email parameter, an ...) + - phplist <itp> (bug #612288) +CVE-2021-3187 + RESERVED +CVE-2021-3186 (A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi S ...) + NOT-FOR-US: Tenda AC5 +CVE-2021-25645 (An issue was discovered in Couchbase Server before 6.0.5, 6.1.x throug ...) + NOT-FOR-US: Couchbase Server +CVE-2021-25644 (An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 ...) + NOT-FOR-US: Couchbase Server +CVE-2021-25643 (An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 a ...) + NOT-FOR-US: Couchbase Server +CVE-2021-25642 + RESERVED +CVE-2021-25641 (Each Apache Dubbo server will set a serialization id to tell the clien ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-25640 (In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-25639 + RESERVED +CVE-2021-25638 + RESERVED +CVE-2021-25637 + RESERVED +CVE-2021-25636 + RESERVED +CVE-2021-25635 + RESERVED + - libreoffice <not-affected> (Only affects Microsoft Crypto API back-end) + NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25635 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/3 + NOTE: Fixed by: https://github.com/LibreOffice/core/commit/edeb164c1d8ab64116afee4e2140403a362a1358 (7-0) + NOTE: Fixed by: https://github.com/LibreOffice/core/commit/a5fe0bea138c5b32268a5cd0093908909d8bc013 (7-1) +CVE-2021-25634 (LibreOffice supports digital signatures of ODF documents and macros wi ...) + {DSA-4988-1} + - libreoffice 1:7.2.0-2 + [buster] - libreoffice <ignored> (Risk doesn't warrant complex backport) + [stretch] - libreoffice <not-affected> (XAdES / xades:SigningTime support introduced in 5.3) + NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/2 + NOTE: XAdES/xades:SigningTime support introduced in 5.3, but pre-requisite for CVE-2021-25633/25634 also introduces it + NOTE: Pre-requisites (replacement for XSecParser): + NOTE: https://github.com/LibreOffice/core/commit/ad5930e87e788780a255523f106deb1dde5d7b37 (7-0) + NOTE: https://github.com/LibreOffice/core/commit/d92235df75829a8cf2ee8cc7b0b76063093b6cc2 (7-1) + NOTE: Fixed by: https://github.com/LibreOffice/core/commit/abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02 (7-0) + NOTE: Fixed by: https://github.com/LibreOffice/core/commit/94ce59dd02fcfcaa1eb4f195b45a9a2edbd58242 (7-0) + NOTE: Fixed by: https://github.com/LibreOffice/core/commit/89befefb98487a27bff1003084e1200320828b3f (7-1) + NOTE: Fixed by: https://github.com/LibreOffice/core/commit/b776cf1281660cf495e12824872576bb8e99d569 (7-1) +CVE-2021-25633 (LibreOffice supports digital signatures of ODF documents and macros wi ...) + {DSA-4988-1} + - libreoffice 1:7.2.0-2 + [buster] - libreoffice <ignored> (Risk doesn't warrant complex backport) + [stretch] - libreoffice <ignored> (Risk doesn't warrant complex backport) + NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/1 + NOTE: Pre-requisites (replacement for XSecParser): + NOTE: https://github.com/LibreOffice/core/commit/ad5930e87e788780a255523f106deb1dde5d7b37 (7-0) + NOTE: https://github.com/LibreOffice/core/commit/d92235df75829a8cf2ee8cc7b0b76063093b6cc2 (7-1) + NOTE: Fixed by: https://github.com/LibreOffice/core/commit/a1cf770c2d7ca3e153e0b1f01ddcc313bc2bed7f (7-0) + NOTE: Fixed by: https://github.com/LibreOffice/core/commit/be773bc5960def8c51de0e0e41db837e001aa8fd (7-1) +CVE-2021-25632 + RESERVED +CVE-2021-25631 (In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7 ...) + - libreoffice <not-affected> (Libreoffice on Windows) + NOTE: https://positive.security/blog/url-open-rce#open-libreoffice +CVE-2021-25630 ("loolforkit" is a privileged program that is supposed to be run by a s ...) + NOT-FOR-US: libreoffice online +CVE-2021-25629 + RESERVED +CVE-2021-25628 + RESERVED +CVE-2021-25627 + RESERVED +CVE-2021-25626 + RESERVED +CVE-2021-25625 + RESERVED +CVE-2021-25624 + RESERVED +CVE-2021-25623 + RESERVED +CVE-2021-25622 + RESERVED +CVE-2021-25621 + RESERVED +CVE-2021-25620 + RESERVED +CVE-2021-25619 + RESERVED +CVE-2021-25618 + RESERVED +CVE-2021-25617 + RESERVED +CVE-2021-25616 + RESERVED +CVE-2021-25615 + RESERVED +CVE-2021-25614 + RESERVED +CVE-2021-25613 + RESERVED +CVE-2021-25612 + RESERVED +CVE-2021-25611 + RESERVED +CVE-2021-25610 + RESERVED +CVE-2021-25609 + RESERVED +CVE-2021-25608 + RESERVED +CVE-2021-25607 + RESERVED +CVE-2021-25606 + RESERVED +CVE-2021-25605 + RESERVED +CVE-2021-25604 + RESERVED +CVE-2021-25603 + RESERVED +CVE-2021-25602 + RESERVED +CVE-2021-25601 + RESERVED +CVE-2021-25600 + RESERVED +CVE-2021-25599 + RESERVED +CVE-2021-25598 + RESERVED +CVE-2021-25597 + RESERVED +CVE-2021-25596 + RESERVED +CVE-2021-25595 + RESERVED +CVE-2021-25594 + RESERVED +CVE-2021-25593 + RESERVED +CVE-2021-25592 + RESERVED +CVE-2021-25591 + RESERVED +CVE-2021-25590 + RESERVED +CVE-2021-25589 + RESERVED +CVE-2021-25588 + RESERVED +CVE-2021-25587 + RESERVED +CVE-2021-25586 + RESERVED +CVE-2021-25585 + RESERVED +CVE-2021-25584 + RESERVED +CVE-2021-25583 + RESERVED +CVE-2021-25582 + RESERVED +CVE-2021-25581 + RESERVED +CVE-2021-25580 + RESERVED +CVE-2021-25579 + RESERVED +CVE-2021-25578 + RESERVED +CVE-2021-25577 + RESERVED +CVE-2021-25576 + RESERVED +CVE-2021-25575 + RESERVED +CVE-2021-25574 + RESERVED +CVE-2021-25573 + RESERVED +CVE-2021-25572 + RESERVED +CVE-2021-25571 + RESERVED +CVE-2021-25570 + RESERVED +CVE-2021-25569 + RESERVED +CVE-2021-25568 + RESERVED +CVE-2021-25567 + RESERVED +CVE-2021-25566 + RESERVED +CVE-2021-25565 + RESERVED +CVE-2021-25564 + RESERVED +CVE-2021-25563 + RESERVED +CVE-2021-25562 + RESERVED +CVE-2021-25561 + RESERVED +CVE-2021-25560 + RESERVED +CVE-2021-25559 + RESERVED +CVE-2021-25558 + RESERVED +CVE-2021-25557 + RESERVED +CVE-2021-25556 + RESERVED +CVE-2021-25555 + RESERVED +CVE-2021-25554 + RESERVED +CVE-2021-25553 + RESERVED +CVE-2021-25552 + RESERVED +CVE-2021-25551 + RESERVED +CVE-2021-25550 + RESERVED +CVE-2021-25549 + RESERVED +CVE-2021-25548 + RESERVED +CVE-2021-25547 + RESERVED +CVE-2021-25546 + RESERVED +CVE-2021-25545 + RESERVED +CVE-2021-25544 + RESERVED +CVE-2021-25543 + RESERVED +CVE-2021-25542 + RESERVED +CVE-2021-25541 + RESERVED +CVE-2021-25540 + RESERVED +CVE-2021-25539 + RESERVED +CVE-2021-25538 + RESERVED +CVE-2021-25537 + RESERVED +CVE-2021-25536 + RESERVED +CVE-2021-25535 + RESERVED +CVE-2021-25534 + RESERVED +CVE-2021-25533 + RESERVED +CVE-2021-25532 + RESERVED +CVE-2021-25531 + RESERVED +CVE-2021-25530 + RESERVED +CVE-2021-25529 + RESERVED +CVE-2021-25528 + RESERVED +CVE-2021-25527 (Improper export of Android application components vulnerability in Sam ...) + NOT-FOR-US: Samsung +CVE-2021-25526 (Intent redirection vulnerability in Samsung Blockchain Wallet prior to ...) + NOT-FOR-US: Samsung +CVE-2021-25525 (Improper check or handling of exception conditions vulnerability in Sa ...) + NOT-FOR-US: Samsung +CVE-2021-25524 (Insecure storage of device information in Contacts prior to version 12 ...) + NOT-FOR-US: Samsung +CVE-2021-25523 (Insecure storage of device information in Samsung Dialer prior to vers ...) + NOT-FOR-US: Samsung +CVE-2021-25522 (Insecure storage of sensitive information vulnerability in Smart Captu ...) + NOT-FOR-US: Samsung +CVE-2021-25521 (Insecure caller check in sharevia deeplink logic prior to Samsung Inte ...) + NOT-FOR-US: Samsung +CVE-2021-25520 (Insecure caller check and input validation vulnerabilities in SearchKe ...) + NOT-FOR-US: Samsung +CVE-2021-25519 (An improper access control vulnerability in CPLC prior to SMR Dec-2021 ...) + NOT-FOR-US: Samsung +CVE-2021-25518 (An improper boundary check in secure_log of LDFW and BL31 prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2021-25517 (An improper input validation vulnerability in LDFW prior to SMR Dec-20 ...) + NOT-FOR-US: Samsung +CVE-2021-25516 (An improper check or handling of exceptional conditions in Exynos base ...) + NOT-FOR-US: Samsung +CVE-2021-25515 (An improper usage of implicit intent in SemRewardManager prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2021-25514 (An improper intent redirection handling in Tags prior to SMR Dec-2021 ...) + NOT-FOR-US: Samsung +CVE-2021-25513 (An improper privilege management vulnerability in Apps Edge applicatio ...) + NOT-FOR-US: Samsung +CVE-2021-25512 (An improper validation vulnerability in telephony prior to SMR Dec-202 ...) + NOT-FOR-US: Samsung +CVE-2021-25511 (An improper validation vulnerability in FilterProvider prior to SMR De ...) + NOT-FOR-US: Samsung +CVE-2021-25510 (An improper validation vulnerability in FilterProvider prior to SMR De ...) + NOT-FOR-US: Samsung +CVE-2021-25509 (A missing input validation in Samsung Flow Windows application prior t ...) + NOT-FOR-US: Samsung +CVE-2021-25508 (Improper privilege management vulnerability in API Key used in SmartTh ...) + NOT-FOR-US: Samsung +CVE-2021-25507 (Improper authorization vulnerability in Samsung Flow mobile applicatio ...) + NOT-FOR-US: Samsung +CVE-2021-25506 (Non-existent provider in Samsung Health prior to 6.19.1.0001 allows at ...) + NOT-FOR-US: Samsung +CVE-2021-25505 (Improper authentication in Samsung Pass prior to 3.0.02.4 allows to us ...) + NOT-FOR-US: Samsung +CVE-2021-25504 (Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 a ...) + NOT-FOR-US: Samsung +CVE-2021-25503 (Improper input validation vulnerability in HDCP prior to SMR Nov-2021 ...) + NOT-FOR-US: Samsung +CVE-2021-25502 (A vulnerability of storing sensitive information insecurely in Propert ...) + NOT-FOR-US: Samsung +CVE-2021-25501 (An improper access control vulnerability in SCloudBnRReceiver in SecTe ...) + NOT-FOR-US: Samsung +CVE-2021-25500 (A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release ...) + NOT-FOR-US: Samsung +CVE-2021-25499 (Intent redirection vulnerability in SamsungAccountSDKSigninActivity of ...) + NOT-FOR-US: Samsung +CVE-2021-25498 (A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSP ...) + NOT-FOR-US: Samsung +CVE-2021-25497 (A possible buffer overflow vulnerability in maetd_cpy_slice of libSPen ...) + NOT-FOR-US: Samsung +CVE-2021-25496 (A possible buffer overflow vulnerability in maetd_dec_slice of libSPen ...) + NOT-FOR-US: Samsung +CVE-2021-25495 (A possible heap buffer overflow vulnerability in libSPenBase library o ...) + NOT-FOR-US: Samsung +CVE-2021-25494 (A possible buffer overflow vulnerability in libSPenBase library of Sam ...) + NOT-FOR-US: Samsung +CVE-2021-25493 (Lack of boundary checking of a buffer in libSPenBase library of Samsun ...) + NOT-FOR-US: Samsung +CVE-2021-25492 (Lack of boundary checking of a buffer in libSPenBase library of Samsun ...) + NOT-FOR-US: Samsung +CVE-2021-25491 (A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows m ...) + NOT-FOR-US: Samsung +CVE-2021-25490 (A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release ...) + NOT-FOR-US: Samsung +CVE-2021-25489 (Assuming radio permission is gained, missing input validation in modem ...) + NOT-FOR-US: Samsung +CVE-2021-25488 (Lack of boundary checking of a buffer in recv_data() of modem interfac ...) + NOT-FOR-US: Samsung +CVE-2021-25487 (Lack of boundary checking of a buffer in set_skb_priv() of modem inter ...) + NOT-FOR-US: Samsung +CVE-2021-25486 (Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 ...) + NOT-FOR-US: Samsung +CVE-2021-25485 (Path traversal vulnerability in FactoryAirCommnadManger prior to SMR O ...) + NOT-FOR-US: Samsung +CVE-2021-25484 (Improper authentication in InputManagerService prior to SMR Oct-2021 R ...) + NOT-FOR-US: Samsung +CVE-2021-25483 (Lack of boundary checking of a buffer in livfivextractor library prior ...) + NOT-FOR-US: Samsung +CVE-2021-25482 (SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 ...) + NOT-FOR-US: Samsung +CVE-2021-25481 (An improper error handling in Exynos CP booting driver prior to SMR Oc ...) + NOT-FOR-US: Samsung +CVE-2021-25480 (A lack of replay attack protection in GUTI REALLOCATION COMMAND messag ...) + NOT-FOR-US: Samsung +CVE-2021-25479 (A possible heap-based buffer overflow vulnerability in Exynos CP Chips ...) + NOT-FOR-US: Samsung +CVE-2021-25478 (A possible stack-based buffer overflow vulnerability in Exynos CP Chip ...) + NOT-FOR-US: Samsung +CVE-2021-25477 (An improper error handling in Mediatek RRC Protocol stack prior to SMR ...) + NOT-FOR-US: Mediatek +CVE-2021-25476 (An information disclosure vulnerability in Widevine TA log prior to SM ...) + NOT-FOR-US: Samsung +CVE-2021-25475 (A possible heap-based buffer overflow vulnerability in DSP kernel driv ...) + NOT-FOR-US: Samsung +CVE-2021-25474 (Assuming a shell privilege is gained, an improper exception handling f ...) + NOT-FOR-US: Samsung +CVE-2021-25473 (Assuming a shell privilege is gained, an improper exception handling f ...) + NOT-FOR-US: Samsung +CVE-2021-25472 (An improper access control vulnerability in BluetoothSettingsProvider ...) + NOT-FOR-US: Samsung +CVE-2021-25471 (A lack of replay attack protection in Security Mode Command process pr ...) + NOT-FOR-US: Samsung +CVE-2021-25470 (An improper caller check logic of SMC call in TEEGRIS secure OS prior ...) + NOT-FOR-US: Samsung +CVE-2021-25469 (A possible stack-based buffer overflow vulnerability in Widevine trust ...) + NOT-FOR-US: Samsung +CVE-2021-25468 (A possible guessing and confirming a byte memory vulnerability in Wide ...) + NOT-FOR-US: Samsung +CVE-2021-25467 (Assuming system privilege is gained, possible buffer overflow vulnerab ...) + NOT-FOR-US: Samsung +CVE-2021-25466 (Improper scheme check vulnerability in Samsung Internet prior to versi ...) + NOT-FOR-US: Samsung +CVE-2021-25465 (An improper scheme check vulnerability in Samsung Themes prior to vers ...) + NOT-FOR-US: Samsung +CVE-2021-25464 (An improper file management vulnerability in SamsungCapture prior to v ...) + NOT-FOR-US: Samsung +CVE-2021-25463 (Improper access control vulnerability in PENUP prior to version 3.8.00 ...) + NOT-FOR-US: Samsung +CVE-2021-25462 (NULL pointer dereference vulnerability in NPU driver prior to SMR Sep- ...) + NOT-FOR-US: Samsung +CVE-2021-25461 (An improper length check in APAService prior to SMR Sep-2021 Release 1 ...) + NOT-FOR-US: Samsung +CVE-2021-25460 (An improper access control vulnerability in sspExit() in BlockchainTZS ...) + NOT-FOR-US: Samsung +CVE-2021-25459 (An improper access control vulnerability in sspInit() in BlockchainTZS ...) + NOT-FOR-US: Samsung +CVE-2021-25458 (NULL pointer dereference vulnerability in ION driver prior to SMR Sep- ...) + NOT-FOR-US: Samsung +CVE-2021-25457 (An improper input validation vulnerability in DSP driver prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2021-25456 (OOB read vulnerability in libswmfextractor.so library prior to SMR Sep ...) + NOT-FOR-US: Samsung +CVE-2021-25455 (OOB read vulnerability in libsaviextractor.so library prior to SMR Sep ...) + NOT-FOR-US: Samsung +CVE-2021-25454 (OOB read vulnerability in libsaacextractor.so library prior to SMR Sep ...) + NOT-FOR-US: Samsung +CVE-2021-25453 (Some improper access control in Bluetooth APIs prior to SMR Sep-2021 R ...) + NOT-FOR-US: Samsung +CVE-2021-25452 (An improper input validation vulnerability in loading graph file in DS ...) + NOT-FOR-US: Samsung +CVE-2021-25451 (A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2021-25450 (Path traversal vulnerability in FactoryAirCommnadManger prior to SMR S ...) + NOT-FOR-US: Samsung +CVE-2021-25449 (An improper input validation vulnerability in libsapeextractor library ...) + NOT-FOR-US: Samsung +CVE-2021-25448 (Improper access control vulnerability in Smart Touch Call prior to ver ...) + NOT-FOR-US: Samsung +CVE-2021-25447 (Improper access control vulnerability in SmartThings prior to version ...) + NOT-FOR-US: Samsung +CVE-2021-25446 (Improper access control vulnerability in SmartThings prior to version ...) + NOT-FOR-US: Samsung +CVE-2021-25445 (Unprotected component vulnerability in Samsung Internet prior to versi ...) + NOT-FOR-US: Samsung +CVE-2021-25444 (An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 ...) + NOT-FOR-US: Samsung +CVE-2021-25443 (A use after free vulnerability in conn_gadget driver prior to SMR AUG- ...) + NOT-FOR-US: Samsung +CVE-2021-25442 (Improper MDM policy management vulnerability in KME module prior to KC ...) + NOT-FOR-US: Samsung (KME module) +CVE-2021-25441 (Improper input validation vulnerability in AR Emoji Editor prior to ve ...) + NOT-FOR-US: AR Emoji Editor +CVE-2021-25440 (Improper access control vulnerability in FactoryCameraFB prior to vers ...) + NOT-FOR-US: FactoryCameraFB +CVE-2021-25439 (Improper access control vulnerability in Samsung Members prior to vers ...) + NOT-FOR-US: Samsung Members +CVE-2021-25438 (Improper access control vulnerability in Samsung Members prior to vers ...) + NOT-FOR-US: Samsung Members +CVE-2021-25437 (Improper access control vulnerability in Tizen FOTA service prior to F ...) + NOT-FOR-US: Tizen FOTA service +CVE-2021-25436 (Improper input validation vulnerability in Tizen FOTA service prior to ...) + NOT-FOR-US: Tizen FOTA service +CVE-2021-25435 (Improper input validation vulnerability in Tizen bootloader prior to F ...) + NOT-FOR-US: Tizen bootloader +CVE-2021-25434 (Improper input validation vulnerability in Tizen bootloader prior to F ...) + NOT-FOR-US: Tizen bootloader +CVE-2021-25433 (Improper authorization vulnerability in Tizen factory reset policy pri ...) + NOT-FOR-US: Tizen factory reset policy +CVE-2021-25432 (Information exposure vulnerability in Samsung Members prior to version ...) + NOT-FOR-US: Samsung Members +CVE-2021-25431 (Improper access control vulnerability in Cameralyzer prior to versions ...) + NOT-FOR-US: Cameralyzer +CVE-2021-25430 (Improper access control vulnerability in Bluetooth application prior t ...) + NOT-FOR-US: Bluetooth application (Samsung) +CVE-2021-25429 (Improper privilege management vulnerability in Bluetooth application p ...) + NOT-FOR-US: Bluetooth application (Samsung) +CVE-2021-25428 (Improper validation check vulnerability in PackageManager prior to SMR ...) + NOT-FOR-US: PackageManager (Samsung) +CVE-2021-25427 (SQL injection vulnerability in Bluetooth prior to SMR July-2021 Releas ...) + NOT-FOR-US: Bluetooth (Samsung) +CVE-2021-25426 (Improper component protection vulnerability in SmsViewerActivity of Sa ...) + NOT-FOR-US: Samsung Message +CVE-2021-25425 (Improper check vulnerability in Samsung Health prior to version 6.17 a ...) + NOT-FOR-US: Samsung +CVE-2021-25424 (Improper authentication vulnerability in Tizen bluetooth-frwk prior to ...) + NOT-FOR-US: Samsung +CVE-2021-25423 (Improper log management vulnerability in Watch Active2 PlugIn prior to ...) + NOT-FOR-US: Watch Active2 PlugIn +CVE-2021-25422 (Improper log management vulnerability in Watch Active PlugIn prior to ...) + NOT-FOR-US: Watch Active2 PlugIn +CVE-2021-25421 (Improper log management vulnerability in Galaxy Watch3 PlugIn prior to ...) + NOT-FOR-US: Galaxy Watch3 PlugIn +CVE-2021-25420 (Improper log management vulnerability in Galaxy Watch PlugIn prior to ...) + NOT-FOR-US: Galaxy Watch PlugIn +CVE-2021-25419 (Non-compliance of recommended secure coding scheme in Samsung Internet ...) + NOT-FOR-US: Samsung +CVE-2021-25418 (Improper component protection vulnerability in Samsung Internet prior ...) + NOT-FOR-US: Samsung +CVE-2021-25417 (Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allo ...) + NOT-FOR-US: Samsung +CVE-2021-25416 (Assuming EL1 is compromised, an improper address validation in RKP pri ...) + NOT-FOR-US: Samsung +CVE-2021-25415 (Assuming EL1 is compromised, an improper address validation in RKP pri ...) + NOT-FOR-US: Samsung +CVE-2021-25414 (Improper sanitization of incoming intent in Samsung Contacts prior to ...) + NOT-FOR-US: Samsung +CVE-2021-25413 (Improper sanitization of incoming intent in Samsung Contacts prior to ...) + NOT-FOR-US: Samsung +CVE-2021-25412 (An improper access control vulnerability in genericssoservice prior to ...) + NOT-FOR-US: Samsung +CVE-2021-25411 (Improper address validation vulnerability in RKP api prior to SMR JUN- ...) + NOT-FOR-US: Samsung +CVE-2021-25410 (Improper access control of a component in CallBGProvider prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2021-25409 (Improper access in Notification setting prior to SMR JUN-2021 Release ...) + NOT-FOR-US: Samsung +CVE-2021-25408 (A possible buffer overflow vulnerability in NPU driver prior to SMR JU ...) + NOT-FOR-US: Samsung +CVE-2021-25407 (A possible out of bounds write vulnerability in NPU driver prior to SM ...) + NOT-FOR-US: Samsung +CVE-2021-25406 (Information exposure vulnerability in Gear S Plugin prior to version 2 ...) + NOT-FOR-US: Samsung +CVE-2021-25405 (An improper access control vulnerability in ScreenOffActivity in Samsu ...) + NOT-FOR-US: Samsung +CVE-2021-25404 (Information Exposure vulnerability in SmartThings prior to version 1.7 ...) + NOT-FOR-US: Samsung +CVE-2021-25403 (Intent redirection vulnerability in Samsung Account prior to version 1 ...) + NOT-FOR-US: Samsung +CVE-2021-25402 (Information Exposure vulnerability in Samsung Notes prior to version 4 ...) + NOT-FOR-US: Samsung +CVE-2021-25401 (Intent redirection vulnerability in Samsung Health prior to version 6. ...) + NOT-FOR-US: Samsung +CVE-2021-25400 (Intent redirection vulnerability in Samsung Internet prior to version ...) + NOT-FOR-US: Samsung +CVE-2021-25399 (Improper configuration in Smart Manager prior to version 11.0.05.0 all ...) + NOT-FOR-US: Samsung +CVE-2021-25398 (Intent redirection vulnerability in Bixby Voice prior to version 3.1.1 ...) + NOT-FOR-US: Samsung +CVE-2021-25397 (An improper access control vulnerability in TelephonyUI prior to SMR M ...) + NOT-FOR-US: Samsung +CVE-2021-25396 (An improper input validation vulnerability in NPU firmware prior to SM ...) + NOT-FOR-US: Samsung +CVE-2021-25395 (A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 ...) + NOT-FOR-US: Samsung +CVE-2021-25394 (A use after free vulnerability via race condition in MFC charger drive ...) + NOT-FOR-US: Samsung +CVE-2021-25393 (Improper sanitization of incoming intent in SecSettings prior to SMR M ...) + NOT-FOR-US: Samsung +CVE-2021-25392 (Improper protection of backup path configuration in Samsung Dex prior ...) + NOT-FOR-US: Samsung +CVE-2021-25391 (Intent redirection vulnerability in Secure Folder prior to SMR MAY-202 ...) + NOT-FOR-US: Samsung +CVE-2021-25390 (Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 R ...) + NOT-FOR-US: Samsung +CVE-2021-25389 (Improper running task check in S Secure prior to SMR MAY-2021 Release ...) + NOT-FOR-US: Samsung +CVE-2021-25388 (Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 ...) + NOT-FOR-US: Samsung +CVE-2021-25387 (An improper input validation vulnerability in sflacfd_get_frm() in lib ...) + NOT-FOR-US: Samsung +CVE-2021-25386 (An improper input validation vulnerability in sdfffd_parse_chunk_FVER( ...) + NOT-FOR-US: Samsung +CVE-2021-25385 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...) + NOT-FOR-US: Samsung +CVE-2021-25384 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...) + NOT-FOR-US: Samsung +CVE-2021-25383 (An improper input validation vulnerability in scmn_mfal_read() in libs ...) + NOT-FOR-US: Samsung +CVE-2021-25382 (An improper authorization of using debugging command in Secure Folder ...) + NOT-FOR-US: Samsung +CVE-2021-25381 (Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in ...) + NOT-FOR-US: Samsung +CVE-2021-25380 (Improper handling of exceptional conditions in Bixby prior to version ...) + NOT-FOR-US: Bixby +CVE-2021-25379 (Intent redirection vulnerability in Gallery prior to version 5.4.16.1 ...) + NOT-FOR-US: Samsung +CVE-2021-25378 (Improper access control of certain port in SmartThings prior to versio ...) + NOT-FOR-US: Samsung +CVE-2021-25377 (Intent redirection in Samsung Experience Service versions 10.8.0.4 in ...) + NOT-FOR-US: Samsung +CVE-2021-25376 (An improper synchronization logic in Samsung Email prior to version 6. ...) + NOT-FOR-US: Samsung +CVE-2021-25375 (Using predictable index for attachments in Samsung Email prior to vers ...) + NOT-FOR-US: Samsung +CVE-2021-25374 (An improper authorization vulnerability in Samsung Members "samsungrew ...) + NOT-FOR-US: Samsung +CVE-2021-25373 (Using unsafe PendingIntent in Customization Service prior to version 2 ...) + NOT-FOR-US: PendingIntent in Customization Service (Samsung) +CVE-2021-25372 (An improper boundary check in DSP driver prior to SMR Mar-2021 Release ...) + NOT-FOR-US: Samsung +CVE-2021-25371 (A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows a ...) + NOT-FOR-US: Samsung +CVE-2021-25370 (An incorrect implementation handling file descriptor in dpu driver pri ...) + NOT-FOR-US: Samsung +CVE-2021-25369 (An improper access control vulnerability in sec_log file prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2021-25368 (Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allo ...) + NOT-FOR-US: Samsung +CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 4.2.00. ...) + NOT-FOR-US: Samsung +CVE-2021-25366 (Improper access control in Samsung Internet prior to version 13.2.1.70 ...) + NOT-FOR-US: Samsung +CVE-2021-25365 (An improper exception control in softsimd prior to SMR APR-2021 Releas ...) + NOT-FOR-US: Samsung +CVE-2021-25364 (A pendingIntent hijacking vulnerability in Secure Folder prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2021-25363 (An improper access control in ActivityManagerService prior to SMR APR- ...) + NOT-FOR-US: Samsung +CVE-2021-25362 (An improper permission management in CertInstaller prior to SMR APR-20 ...) + NOT-FOR-US: Samsung +CVE-2021-25361 (An improper access control vulnerability in stickerCenter prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2021-25360 (An improper input validation vulnerability in libswmfextractor library ...) + NOT-FOR-US: Samsung +CVE-2021-25359 (An improper SELinux policy prior to SMR APR-2021 Release 1 allows loca ...) + NOT-FOR-US: Samsung +CVE-2021-25358 (A vulnerability that stores IMSI values in an improper path prior to S ...) + NOT-FOR-US: Samsung +CVE-2021-25357 (A pendingIntent hijacking vulnerability in Create Movie prior to SMR A ...) + NOT-FOR-US: Samsung +CVE-2021-25356 (An improper caller check vulnerability in Managed Provisioning prior t ...) + NOT-FOR-US: Samsung +CVE-2021-25355 (Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 ...) + NOT-FOR-US: Samsung +CVE-2021-25354 (Improper input check in Samsung Internet prior to version 13.2.1.46 al ...) + NOT-FOR-US: Samsung +CVE-2021-25353 (Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.121 ...) + NOT-FOR-US: Samsung +CVE-2021-25352 (Using PendingIntent with implicit intent in Bixby Voice prior to versi ...) + NOT-FOR-US: Samsung +CVE-2021-25351 (Improper Access Control in EmailValidationView in Samsung Account prio ...) + NOT-FOR-US: Samsung +CVE-2021-25350 (Information Exposure vulnerability in Samsung Account prior to version ...) + NOT-FOR-US: Samsung +CVE-2021-25349 (Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5. ...) + NOT-FOR-US: Samsung +CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to version 1 ...) + NOT-FOR-US: Samsung Internet +CVE-2021-25347 (Hijacking vulnerability in Samsung Email application version prior to ...) + NOT-FOR-US: Samsung Email application +CVE-2021-25346 (A possible arbitrary memory overwrite vulnerabilities in quram library ...) + NOT-FOR-US: Samsung +CVE-2021-25345 (Graphic format mismatch while converting video format in hwcomposer pr ...) + NOT-FOR-US: Samsung +CVE-2021-25344 (Missing permission check in knox_custom service prior to SMR Mar-2021 ...) + NOT-FOR-US: Samsung +CVE-2021-25343 (Calling of non-existent provider in Samsung Members prior to version 2 ...) + NOT-FOR-US: Samsung +CVE-2021-25342 (Calling of non-existent provider in SMP sdk prior to version 3.0.9 all ...) + NOT-FOR-US: Samsung +CVE-2021-25341 (Calling of non-existent provider in S Assistant prior to version 6.5.0 ...) + NOT-FOR-US: Samsung +CVE-2021-25340 (Improper access control vulnerability in Samsung keyboard version prio ...) + NOT-FOR-US: Samsung +CVE-2021-25339 (Improper address validation in HArx in Samsung mobile devices prior to ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-25338 (Improper memory access control in RKP in Samsung mobile devices prior ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-25337 (Improper access control in clipboard service in Samsung mobile devices ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-25336 (Improper access control in NotificationManagerService in Samsung mobil ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-25335 (Improper lockscreen status check in cocktailbar service in Samsung mob ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-25334 (Improper input check in wallpaper service in Samsung mobile devices pr ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-25333 (Improper access control in Samsung Pay mini application prior to v4.0. ...) + NOT-FOR-US: Samsung Pay mini application +CVE-2021-25332 (Improper access control in Samsung Pay mini application prior to v4.0. ...) + NOT-FOR-US: Samsung Pay mini application +CVE-2021-25331 (Improper access control in Samsung Pay mini application prior to v4.0. ...) + NOT-FOR-US: Samsung Pay mini application +CVE-2021-25330 (Calling of non-existent provider in MobileWips application prior to SM ...) + NOT-FOR-US: MobileWips application +CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...) + NOT-FOR-US: MISP +CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because the cl ...) + NOT-FOR-US: Files.com Fat Client +CVE-2021-3182 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer ...) + NOT-FOR-US: D-Link +CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a deni ...) + {DSA-4838-1 DLA-2529-1} + - mutt 2.0.5-1 (bug #980326) + NOTE: https://gitlab.com/muttmua/mutt/-/issues/323 + NOTE: https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17 +CVE-2021-3180 + RESERVED +CVE-2021-25329 (The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10. ...) + {DSA-4891-1 DLA-2594-1} + - tomcat9 9.0.43-1 + - tomcat8 <removed> + - tomcat7 <removed> + [stretch] - tomcat7 <ignored> (No components in libservlet3.0-java binary package are affected) + NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/2 + NOTE: https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453 (9.0.43) + NOTE: https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35 (8.5.63) + NOTE: https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5 (7.0.108) + NOTE: CVE is for incomplete fix for CVE-2020-9484. +CVE-2021-25328 (Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a ...) + NOT-FOR-US: Skyworth Digital Technology RN510 +CVE-2021-25327 (Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site requ ...) + NOT-FOR-US: Skyworth Digital Technology RN510 +CVE-2021-25326 (Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrec ...) + NOT-FOR-US: Skyworth Digital Technology RN510 +CVE-2021-25325 (MISP 2.4.136 has XSS via galaxy cluster element values to app/View/Gal ...) + NOT-FOR-US: MISP +CVE-2021-25324 (MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster n ...) + NOT-FOR-US: MISP +CVE-2021-25323 (The default setting of MISP 2.4.136 did not enable the requirements (a ...) + NOT-FOR-US: MISP +CVE-2021-25322 (A UNIX Symbolic Link (Symlink) Following vulnerability in python-Hyper ...) + - hyperkitty <not-affected> (SuSE-specific packaging issue) +CVE-2021-25321 (A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of ...) + - arpwatch <not-affected> (SuSE specific packaging issue) + NOTE: Debian does not ship arpwatch-2.1a11-drop-privs.dif and does apply permissions + NOTE: to /var/lib/arpwatch (to arpwatch:arpatch, 0750) on postinst time +CVE-2021-25320 (A Improper Access Control vulnerability in Rancher, allows users in th ...) + NOT-FOR-US: Rancher +CVE-2021-25319 (A Incorrect Default Permissions vulnerability in the packaging of virt ...) + - virtualbox <not-affected> (openSUSE specific security issue in the openSUSE packaging) + NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/2 +CVE-2021-25318 (A Incorrect Permission Assignment for Critical Resource vulnerability ...) + NOT-FOR-US: Rancher +CVE-2021-25317 (A Incorrect Default Permissions vulnerability in the packaging of cups ...) + - cups <not-affected> (In Debian /var/log/cups is owned by root:root) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1949119 +CVE-2021-25316 (A Insecure Temporary File vulnerability in s390-tools of SUSE Linux En ...) + NOT-FOR-US: SuSE (different from src:s390-tools in Debian) +CVE-2021-25315 (A Incorrect Implementation of Authentication Algorithm vulnerability i ...) + - salt <not-affected> (SuSE specific issue, cf #985085) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1182382 +CVE-2021-25314 (A Creation of Temporary File With Insecure Permissions vulnerability i ...) + NOT-FOR-US: hawk2 as packaged by SuSE +CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...) + NOT-FOR-US: Rancher +CVE-2021-3179 (GGLocker iOS application, contains an insecure data storage of the pas ...) + NOT-FOR-US: GGLocker iOS application +CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, w ...) + {DLA-2586-1} + - linux 5.10.12-1 (unimportant) + [buster] - linux 4.19.171-1 + NOTE: https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/ + NOTE: Disputed/mild security relevance/impact +CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ...) + {DLA-2919-1 DLA-2619-1} + - python3.9 3.9.1-3 + - python3.8 <removed> + - python3.7 <removed> + [buster] - python3.7 3.7.3-2+deb10u3 + [stretch] - python3.7 <no-dsa> (Minor issue) + - python3.5 <removed> + - python2.7 2.7.18-2 + [buster] - python2.7 <no-dsa> (Minor issue) + NOTE: https://bugs.python.org/issue42938 + NOTE: https://github.com/python/cpython/pull/24239 + NOTE: https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html + NOTE: https://github.com/python/cpython/commit/916610ef90a0d0761f08747f7b0905541f0977c7 (master) + NOTE: https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932 (3.9) + NOTE: https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f (3.8) + NOTE: https://github.com/python/cpython/commit/d9b8f138b7df3b455b54653ca59f491b4840d6fa (3.7) + NOTE: https://github.com/python/cpython/commit/34df10a9a16b38d54421eeeaf73ec89828563be7 (3.6) +CVE-2021-3176 (The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for ...) + NOT-FOR-US: Mitel +CVE-2021-3175 + RESERVED +CVE-2021-25312 (HTCondor before 8.9.11 allows a user to submit a job as another user o ...) + - condor <not-affected> (Only affects versions 8.9.2 through 8.9.10 inclusive) + NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0001.html +CVE-2021-25311 (condor_credd in HTCondor before 8.9.11 allows Directory Traversal outs ...) + - condor <not-affected> (Only affects versions 8.9.7 through 8.9.10 inclusive) + NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0002.html +CVE-2021-25310 (** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Be ...) + NOT-FOR-US: Belkin Linksys WRT160NL devices +CVE-2021-25309 (The telnet administrator service running on port 650 on Gigaset DX600A ...) + NOT-FOR-US: Gigaset devices +CVE-2021-25308 + RESERVED +CVE-2021-25307 + RESERVED +CVE-2021-25306 (A buffer overflow vulnerability in the AT command interface of Gigaset ...) + NOT-FOR-US: Gigaset devices +CVE-2021-3174 + RESERVED +CVE-2021-25305 + RESERVED +CVE-2021-25304 + RESERVED +CVE-2021-25303 + RESERVED +CVE-2021-25302 + RESERVED +CVE-2021-3173 + RESERVED +CVE-2021-3172 + RESERVED +CVE-2021-3171 + RESERVED +CVE-2021-3170 + RESERVED +CVE-2021-3169 (An issue in Jumpserver 2.6.2 and below allows attackers to create a co ...) + NOT-FOR-US: Jumpserver +CVE-2021-3168 + RESERVED +CVE-2021-3167 (In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens ar ...) + NOT-FOR-US: Cloudera Data Engineering (CDE) +CVE-2021-3166 (An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An at ...) + NOT-FOR-US: ASUS devices +CVE-2021-3165 (SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser acco ...) + NOT-FOR-US: SmartAgent +CVE-2021-3164 (ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. ...) + NOT-FOR-US: ChurchRota +CVE-2021-3163 (** DISPUTED ** A vulnerability in the HTML editor of Slab Quill 4.8.0 ...) + NOT-FOR-US: Slab Quill +CVE-2021-25301 + RESERVED +CVE-2021-25300 + RESERVED +CVE-2021-25299 (Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). ...) + NOT-FOR-US: Nagios XI +CVE-2021-25298 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...) + NOT-FOR-US: Nagios XI +CVE-2021-25297 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...) + NOT-FOR-US: Nagios XI +CVE-2021-25296 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...) + NOT-FOR-US: Nagios XI +CVE-2021-25295 (OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issue ...) + NOT-FOR-US: OpenCATS +CVE-2021-25294 (OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity re ...) + NOT-FOR-US: OpenCATS +CVE-2021-25293 (An issue was discovered in Pillow before 8.1.1. There is an out-of-bou ...) + - pillow 8.1.1-1 + [buster] - pillow <ignored> (Minor issue) + [stretch] - pillow <not-affected> (Vulnerable code introduced later) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + NOTE: https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5 + NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/a90dc4910045f5c6c119b582d4fd2e4841cd51f8 (v4.3.0) +CVE-2021-25292 (An issue was discovered in Pillow before 8.1.1. The PDF parser allows ...) + - pillow 8.1.1-1 + [buster] - pillow <no-dsa> (Minor issue) + [stretch] - pillow <not-affected> (Vulnerable code introduced later) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + NOTE: https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee + NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4 (5.1.0) +CVE-2021-25291 (An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...) + - pillow 8.1.1-1 + [buster] - pillow <ignored> (Minor issue) + [stretch] - pillow <not-affected> (Vulnerable code introduced later) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + NOTE: https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61 + NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0) +CVE-2021-25290 (An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...) + {DLA-2716-1} + - pillow 8.1.1-1 + [buster] - pillow <no-dsa> (Minor issue) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + NOTE: https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9 +CVE-2021-25289 (An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap- ...) + - pillow 8.1.1-1 + [buster] - pillow <not-affected> (Vulnerable code not present) + [stretch] - pillow <not-affected> (Vulnerable code not present) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html + NOTE: https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299 +CVE-2021-25288 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...) + [experimental] - pillow 8.2.0-1 + - pillow 8.1.2+dfsg-0.2 (unimportant; bug #989062) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode + NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87 + NOTE: Debian packages are built without JPEG2000 support +CVE-2021-25287 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...) + [experimental] - pillow 8.2.0-1 + - pillow 8.1.2+dfsg-0.2 (unimportant; bug #989062) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode + NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87 + NOTE: Debian packages are built without JPEG2000 support +CVE-2021-3185 (A flaw was found in the gstreamer h264 component of gst-plugins-bad be ...) + {DSA-4833-1 DLA-2528-1} + - gst-plugins-bad1.0 1.18.1-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1917192 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc + NOTE: https://www.openwall.com/lists/oss-security/2021/01/20/1 +CVE-2021-25286 + RESERVED +CVE-2021-25285 + RESERVED +CVE-2021-25284 (An issue was discovered in through SaltStack Salt before 3002.5. salt. ...) + {DLA-2815-1} + - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 + NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ + NOTE: https://github.com/saltstack/salt/commit/ac2ce3a3a000e428122bc120179e083de95c1de7 (v3002.3) + NOTE: Regression: https://github.com/saltstack/salt/pull/59664 + NOTE: Regression fix: https://github.com/saltstack/salt/commit/24d04343b36ffbd4cf63441db13b43363ea57548 + NOTE: Regression: https://github.com/saltstack/salt/issues/59793 + NOTE: Regression fix: https://github.com/saltstack/salt/commit/e6dd6a482a76e2c82fcc6eeb6df9030e453837c4 +CVE-2021-25283 (An issue was discovered in through SaltStack Salt before 3002.5. The j ...) + {DLA-2815-1} + - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 + NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ + NOTE: https://github.com/saltstack/salt/commit/3fbf9a35bc4f7a43f628631f89ebb31f907859e3 (v3002.5) +CVE-2021-25282 (An issue was discovered in through SaltStack Salt before 3002.5. The s ...) + {DLA-2815-1} + - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 + NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ + NOTE: https://github.com/saltstack/salt/commit/aafc5ed6de60403c90201d85963299df351147ec (v3002.3) + NOTE: Regression: https://github.com/saltstack/salt/issues/59935 + NOTE: Regression fix: https://github.com/saltstack/salt/commit/da381954425e1e1d5b807ff1156090847c5d16aa +CVE-2021-25281 (An issue was discovered in through SaltStack Salt before 3002.5. salt- ...) + {DLA-2815-1} + - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 + NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ + NOTE: https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2021/01/28 + NOTE: https://github.com/saltstack/salt/commit/905efea17d9740a081509780d7c44e742b99ce60 (v3000.7) + NOTE: Regression: https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2021/02/05 + NOTE: Regression: https://github.com/saltstack/salt/commit/8f8994ba42e618a9b07fac417d931bdb7b7005d1 + NOTE: Regression: https://github.com/saltstack/salt/commit/41a24843d8b22c6a340338ac86a628323fbfc181 + NOTE: Regression: https://github.com/saltstack/salt/commit/7b3591d9cd427d46e410bc2d510e2ccfa6a23884 +CVE-2021-XXXX [SQL Server LIMIT / OFFSET SQL Injection] + - php-laravel-framework 6.20.14+dfsg-2 (bug #987831) + - php-illuminate-database <removed> (bug #987848) + NOTE: https://github.com/laravel/framework/security/advisories/GHSA-4mg9-vhxq-vm7j + NOTE: https://blog.laravel.com/security-sql-injection-in-sql-server-limit-offset +CVE-2021-XXXX [Unexpected database bindings via requests (follow-up)] + - php-laravel-framework 6.20.14+dfsg-1 + NOTE: https://github.com/laravel/framework/security/advisories/GHSA-x7p5-p2c9-phvg + TODO: check php-illuminate-database and CVE assignment +CVE-2021-21263 (Laravel is a web application framework. Versions of Laravel before 6.2 ...) + - php-laravel-framework 6.20.11+dfsg-1 (bug #980095) + - php-illuminate-database <removed> (bug #980899) + NOTE: https://blog.laravel.com/security-laravel-62011-7302-8221-released + NOTE: https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x + NOTE: https://github.com/laravel/framework/pull/35865 +CVE-2021-3162 (Docker Desktop Community before 2.5.0.0 on macOS mishandles certificat ...) + NOT-FOR-US: Docker Desktop on MacOS +CVE-2021-3161 + RESERVED +CVE-2021-3160 (Deserialization of untrusted data in the login page of ASSUWEB 359.3 b ...) + NOT-FOR-US: ACA +CVE-2021-25280 + RESERVED +CVE-2021-25279 + RESERVED +CVE-2021-25278 (FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Backgroun ...) + NOT-FOR-US: FTAPI +CVE-2021-25277 (FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative ...) + NOT-FOR-US: FTAPI +CVE-2021-25276 (In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory cont ...) + NOT-FOR-US: SolarWinds +CVE-2021-25275 (SolarWinds Orion Platform before 2020.2.4, as used by various SolarWin ...) + NOT-FOR-US: SolarWinds +CVE-2021-25274 (The Collector Service in SolarWinds Orion Platform before 2020.2.4 use ...) + NOT-FOR-US: SolarWinds +CVE-2021-3159 (A stored cross site scripting (XSS) vulnerability in the /sys/attachme ...) + NOT-FOR-US: Landray EKP +CVE-2021-25273 (Stored XSS can execute as administrator in quarantined email detail vi ...) + NOT-FOR-US: Sophos +CVE-2021-25272 + RESERVED +CVE-2021-25271 (A local attacker could read or write arbitrary files with administrato ...) + NOT-FOR-US: HitmanPro +CVE-2021-25270 (A local attacker could execute arbitrary code with administrator privi ...) + NOT-FOR-US: HitmanPro +CVE-2021-25269 (A local administrator could prevent the HMPA service from starting des ...) + NOT-FOR-US: Sophos +CVE-2021-25268 + RESERVED +CVE-2021-25267 + RESERVED +CVE-2021-25266 + RESERVED +CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connect Clie ...) + NOT-FOR-US: Sophos Connect Client +CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a local at ...) + NOT-FOR-US: Sophos +CVE-2021-25263 (Clickhouse prior to versions v20.8.18.32-lts, v21.1.9.41-stable, v21.2 ...) + - clickhouse <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/ClickHouse/ClickHouse/pull/22822 + NOTE: Vulnerable code introduced at https://github.com/ClickHouse/ClickHouse/commit/ea8994b9e4fd4434b296ffccbfbf60c3c65a50d1 +CVE-2021-25262 + RESERVED +CVE-2021-25261 + RESERVED +CVE-2021-25260 + RESERVED +CVE-2021-25259 + RESERVED +CVE-2021-25258 + RESERVED +CVE-2021-25257 + RESERVED +CVE-2021-25256 + RESERVED +CVE-2021-25255 + RESERVED +CVE-2021-25254 + RESERVED +CVE-2021-25253 (An improper access control vulnerability in Trend Micro Apex One, Tren ...) + NOT-FOR-US: Trend Micro +CVE-2021-25252 (Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine ( ...) + NOT-FOR-US: Trend Micro +CVE-2021-25251 (The Trend Micro Security 2020 and 2021 families of consumer products a ...) + NOT-FOR-US: Trend Micro +CVE-2021-25250 (An improper access control vulnerability in Trend Micro Apex One, Tren ...) + NOT-FOR-US: Trend Micro +CVE-2021-25249 (An out-of-bounds write information disclosure vulnerability in Trend M ...) + NOT-FOR-US: Trend Micro +CVE-2021-25248 (An out-of-bounds read information disclosure vulnerability in Trend Mi ...) + NOT-FOR-US: Trend Micro +CVE-2021-25247 (A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks ...) + NOT-FOR-US: Trend Micro +CVE-2021-25246 (An improper access control information disclosure vulnerability in Tre ...) + NOT-FOR-US: Trend Micro +CVE-2021-25245 (An improper access control vulnerability in Worry-Free Business Securi ...) + NOT-FOR-US: Worry-Free Business Security +CVE-2021-25244 (An improper access control vulnerability in Worry-Free Business Securi ...) + NOT-FOR-US: Worry-Free Business Security +CVE-2021-25243 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) + NOT-FOR-US: Trend Micro +CVE-2021-25242 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) + NOT-FOR-US: Trend Micro +CVE-2021-25241 (A server-side request forgery (SSRF) information disclosure vulnerabil ...) + NOT-FOR-US: Trend Micro +CVE-2021-25240 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) + NOT-FOR-US: Trend Micro +CVE-2021-25239 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) + NOT-FOR-US: Trend Micro +CVE-2021-25238 (An improper access control information disclosure vulnerability in Tre ...) + NOT-FOR-US: Trend Micro +CVE-2021-25237 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) + NOT-FOR-US: Trend Micro +CVE-2021-25236 (A server-side request forgery (SSRF) information disclosure vulnerabil ...) + NOT-FOR-US: Trend Micro +CVE-2021-25235 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) + NOT-FOR-US: Trend Micro +CVE-2021-25234 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) + NOT-FOR-US: Trend Micro +CVE-2021-25233 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) + NOT-FOR-US: Trend Micro +CVE-2021-25232 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) + NOT-FOR-US: Trend Micro +CVE-2021-25231 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) + NOT-FOR-US: Trend Micro +CVE-2021-25230 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) + NOT-FOR-US: Trend Micro +CVE-2021-25229 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) + NOT-FOR-US: Trend Micro +CVE-2021-25228 (An improper access control vulnerability in Trend Micro Apex One (on-p ...) + NOT-FOR-US: Trend Micro +CVE-2021-25227 (Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memor ...) + NOT-FOR-US: Trend Micro +CVE-2021-25226 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...) + NOT-FOR-US: Trend Micro +CVE-2021-25225 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...) + NOT-FOR-US: Trend Micro +CVE-2021-25224 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...) + NOT-FOR-US: Trend Micro +CVE-2021-25223 + RESERVED +CVE-2021-25222 + RESERVED +CVE-2021-25221 + RESERVED +CVE-2021-25220 + RESERVED +CVE-2021-25219 (In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3- ...) + {DSA-4994-1 DLA-2807-1} + - bind9 1:9.17.19-1 + NOTE: https://kb.isc.org/docs/cve-2021-25219 + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8fe18c0566c41228a568157287f5a44f96d37662 (v9_16_22) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/e4931584a34bdd0a0d18e4d918fb853bf5296787 (v9_16_22) +CVE-2021-25218 (In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported P ...) + - bind9 <not-affected> (Vulnerable code introduced later) + NOTE: https://kb.isc.org/docs/cve-2021-25218 +CVE-2021-25217 (In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 ( ...) + {DLA-2674-1} + - isc-dhcp 4.4.1-2.3 (bug #989157) + [buster] - isc-dhcp 4.4.1-2+deb10u1 + NOTE: https://kb.isc.org/docs/cve-2021-25217 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/6 + NOTE: https://downloads.isc.org/isc/dhcp/4.4.2-P1/patches/4.4.2.CVE-2021-25217.patch +CVE-2021-25216 (In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9 ...) + {DSA-4909-1 DLA-2647-1} + - bind9 1:9.16.15-1 (bug #987743) + NOTE: https://kb.isc.org/docs/cve-2021-25216 + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/216a97188d86cb3edb307a40ff5ee61b030eb033 (v9_16_15) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/a875dcc66969ea3995eb6fc1545d39dafcb56b26 (v9_16_15) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/6b0b0c6aba2488f8db5d6cdbc44162b98ffa5ed4 (v9_16_15) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/3fd30e16340afd95ee8c7dca8a5ff7cc35d069bc (v9_16_15) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/565a6a56791b01b86e2fd1eaa1907bf985f2e997 (v9_16_15) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/99132eda0e006932fa5927d4ad81bced0d3b3042 (v9_16_15) + NOTE: Issue can be mitigated configuring with --disable-isc-spnego and using the system library. +CVE-2021-25215 (In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9 ...) + {DSA-4909-1 DLA-2647-1} + - bind9 1:9.16.15-1 (bug #987742) + NOTE: https://kb.isc.org/docs/cve-2021-25215 + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/dde958717c9bfdc8679764c045c226e3a1468334 (v9_16_15) +CVE-2021-25214 (In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, ...) + {DSA-4909-1 DLA-2647-1} + - bind9 1:9.16.15-1 (bug #987741) + NOTE: https://kb.isc.org/docs/cve-2021-25214 + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/f68d4cba3321ed375bbc334e2333250893c4f587 (v9_16_15) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/f092fcee10a7e8b391747dbdd7e58243bff4f75c (v9_16_15) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/01a916abac22f87a248a7525d3e7408acac0804b (v9_16_15) +CVE-2021-25213 (SQL injection vulnerability in SourceCodester Travel Management System ...) + NOT-FOR-US: SourceCodester +CVE-2021-25212 (SQL injection vulnerability in SourceCodester Alumni Management System ...) + NOT-FOR-US: SourceCodester Alumni Management System +CVE-2021-25211 (Arbitrary file upload vulnerability in SourceCodester Ordering System ...) + NOT-FOR-US: SourceCodester +CVE-2021-25210 (Arbitrary file upload vulnerability in SourceCodester Alumni Managemen ...) + NOT-FOR-US: SourceCodester Alumni Management System +CVE-2021-25209 (SQL injection vulnerability in SourceCodester Theme Park Ticketing Sys ...) + NOT-FOR-US: SourceCodester Theme Park Ticketing System +CVE-2021-25208 (Arbitrary file upload vulnerability in SourceCodester Travel Managemen ...) + NOT-FOR-US: SourceCodester +CVE-2021-25207 (Arbitrary file upload vulnerability in SourceCodester E-Commerce Websi ...) + NOT-FOR-US: SourceCodester +CVE-2021-25206 (Arbitrary file upload vulnerability in SourceCodester Responsive Order ...) + NOT-FOR-US: SourceCodester +CVE-2021-25205 (SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 ...) + NOT-FOR-US: SourceCodester +CVE-2021-25204 (Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce ...) + NOT-FOR-US: SourceCodester +CVE-2021-25203 (Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attacke ...) + NOT-FOR-US: Victor CMS +CVE-2021-25202 (SQL injection vulnerability in SourceCodester Sales and Inventory Syst ...) + NOT-FOR-US: SourceCodester Sales and Inventory System +CVE-2021-25201 (SQL injection vulnerability in Learning Management System v 1.0 allows ...) + NOT-FOR-US: Learning Management System +CVE-2021-25200 (Arbitrary file upload vulnerability in SourceCodester Learning Managem ...) + NOT-FOR-US: SourceCodester +CVE-2021-25199 + RESERVED +CVE-2021-25198 + RESERVED +CVE-2021-25197 (Cross-site scripting (XSS) vulnerability in SourceCodester Content Man ...) + NOT-FOR-US: SourceCodester Content Management System +CVE-2021-3158 + RESERVED +CVE-2021-3157 + RESERVED +CVE-2021-3156 (Sudo before 1.9.5p2 contains an off-by-one error that can result in a ...) + {DSA-4839-1 DLA-2534-1} + - sudo 1.9.5p1-1.1 + NOTE: https://www.sudo.ws/alerts/unescape_overflow.html + NOTE: https://www.sudo.ws/repos/sudo/rev/9b97f1787804 + NOTE: https://www.sudo.ws/repos/sudo/rev/a97dc92eae6b + NOTE: https://www.sudo.ws/repos/sudo/rev/049ad90590be + NOTE: https://www.sudo.ws/repos/sudo/rev/09f98816fc89 + NOTE: https://www.sudo.ws/repos/sudo/rev/c125fbe68783 + NOTE: https://www.openwall.com/lists/oss-security/2021/01/26/3 +CVE-2021-3155 (snapd 2.54.2 and earlier created ~/snap directories in user home direc ...) + - snapd 2.54-1 + NOTE: https://github.com/snapcore/snapd/pull/9841 + NOTE: https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85 (2.52) + NOTE: https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca (2.54) +CVE-2021-3154 (An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenti ...) + NOT-FOR-US: SolarWinds +CVE-2021-3153 (HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an or ...) + NOT-FOR-US: HashiCorp Terraform Enterprise +CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a protecti ...) + NOT-FOR-US: Home Assistant +CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) ...) + NOT-FOR-US: i-doit +CVE-2021-3150 (A cross-site scripting (XSS) vulnerability on the Delete Personal Data ...) + NOT-FOR-US: Cryptshare Server +CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ ...) + NOT-FOR-US: Netshield NANO devices +CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5. Sending craft ...) + {DLA-2815-1} + - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 + NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ + NOTE: Introduced by: https://github.com/saltstack/salt/commit/fc9267afa3a7ecaae3ef446575072e0e5d51d8b7 (v2016.3) + NOTE: Fixed by: https://github.com/saltstack/salt/commit/6ae64c6b15cb7f43b57f564a0cb8a0e426cc183a (v3000.7 backport) +CVE-2021-3147 + RESERVED +CVE-2021-25196 + RESERVED +CVE-2021-25195 (Windows PKU2U Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-25194 + RESERVED +CVE-2021-25193 + RESERVED +CVE-2021-25192 + RESERVED +CVE-2021-25191 + RESERVED +CVE-2021-25190 + RESERVED +CVE-2021-25189 + RESERVED +CVE-2021-25188 + RESERVED +CVE-2021-25187 + RESERVED +CVE-2021-25186 + RESERVED +CVE-2021-25185 + RESERVED +CVE-2021-25184 + RESERVED +CVE-2021-25183 + RESERVED +CVE-2021-25182 + RESERVED +CVE-2021-25181 + RESERVED +CVE-2021-25180 + RESERVED +CVE-2021-25179 (SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS ...) + NOT-FOR-US: SolarWinds +CVE-2021-25178 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-25177 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-25176 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-25175 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-25174 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-25173 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-25172 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-25171 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-25170 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-25169 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-25168 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-25167 (A remote unauthorized access vulnerability was discovered in Aruba Air ...) + NOT-FOR-US: Aruba +CVE-2021-25166 (A remote unauthorized access vulnerability was discovered in Aruba Air ...) + NOT-FOR-US: Aruba +CVE-2021-25165 (A remote XML external entity vulnerability was discovered in Aruba Air ...) + NOT-FOR-US: Aruba +CVE-2021-25164 (A remote XML external entity vulnerability was discovered in Aruba Air ...) + NOT-FOR-US: Aruba +CVE-2021-25163 (A remote XML external entity vulnerability was discovered in Aruba Air ...) + NOT-FOR-US: Aruba +CVE-2021-25162 (A remote execution of arbitrary commands vulnerability was discovered ...) + NOT-FOR-US: Aruba +CVE-2021-25161 (A remote cross-site scripting (xss) vulnerability was discovered in so ...) + NOT-FOR-US: Aruba +CVE-2021-25160 (A remote arbitrary file modification vulnerability was discovered in s ...) + NOT-FOR-US: Aruba +CVE-2021-25159 (A remote arbitrary file modification vulnerability was discovered in s ...) + NOT-FOR-US: Aruba +CVE-2021-25158 (A remote arbitrary file read vulnerability was discovered in some Arub ...) + NOT-FOR-US: Aruba +CVE-2021-25157 (A remote arbitrary file read vulnerability was discovered in some Arub ...) + NOT-FOR-US: Aruba +CVE-2021-25156 (A remote arbitrary directory create vulnerability was discovered in so ...) + NOT-FOR-US: Aruba +CVE-2021-25155 (A remote arbitrary file modification vulnerability was discovered in s ...) + NOT-FOR-US: Aruba +CVE-2021-25154 (A remote escalation of privilege vulnerability was discovered in Aruba ...) + NOT-FOR-US: Aruba +CVE-2021-25153 (A remote SQL injection vulnerability was discovered in Aruba AirWave M ...) + NOT-FOR-US: Aruba +CVE-2021-25152 (A remote insecure deserialization vulnerability was discovered in Arub ...) + NOT-FOR-US: Aruba +CVE-2021-25151 (A remote insecure deserialization vulnerability was discovered in Arub ...) + NOT-FOR-US: Aruba +CVE-2021-25150 (A remote execution of arbitrary commands vulnerability was discovered ...) + NOT-FOR-US: Aruba +CVE-2021-25149 (A remote buffer overflow vulnerability was discovered in some Aruba In ...) + NOT-FOR-US: Aruba +CVE-2021-25148 (A remote arbitrary file modification vulnerability was discovered in s ...) + NOT-FOR-US: Aruba +CVE-2021-25147 (A remote authentication restriction bypass vulnerability was discovere ...) + NOT-FOR-US: Aruba +CVE-2021-25146 (A remote execution of arbitrary commands vulnerability was discovered ...) + NOT-FOR-US: Aruba +CVE-2021-25145 (A remote unauthorized disclosure of information vulnerability was disc ...) + NOT-FOR-US: Aruba +CVE-2021-25144 (A remote buffer overflow vulnerability was discovered in some Aruba In ...) + NOT-FOR-US: Aruba +CVE-2021-25143 (A remote denial of service (dos) vulnerability was discovered in some ...) + NOT-FOR-US: Aruba +CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) + NOT-FOR-US: HPE +CVE-2021-25141 (A security vulnerability has been identified in in certain HPE and Aru ...) + NOT-FOR-US: HPE +CVE-2021-25140 (A potential security vulnerability has been identified in the HPE Moon ...) + NOT-FOR-US: HPE +CVE-2021-25139 (A potential security vulnerability has been identified in the HPE Moon ...) + NOT-FOR-US: HPE +CVE-2021-25138 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25137 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25136 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25135 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25134 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25133 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25132 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25131 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25130 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25129 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25128 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25127 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25126 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25125 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25124 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25123 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...) + NOT-FOR-US: HPE +CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat versions ...) + {DSA-4891-1 DLA-2594-1} + - tomcat9 9.0.43-1 + - tomcat8 <removed> + - tomcat7 <removed> + [stretch] - tomcat7 <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/1 + NOTE: https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1 (9.0.43) + NOTE: https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa (8.5.63) +CVE-2021-25121 + RESERVED +CVE-2021-25120 + RESERVED +CVE-2021-25119 + RESERVED +CVE-2021-25118 + RESERVED +CVE-2021-25117 + RESERVED +CVE-2021-25116 + RESERVED +CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25113 + RESERVED +CVE-2021-25112 + RESERVED +CVE-2021-25111 + RESERVED +CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any logged in u ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL I ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25107 (The Form Store to DB WordPress plugin before 1.1.1 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25106 (The Privacy Policy Generator, Terms & Conditions Generator WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25104 + RESERVED +CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25102 + RESERVED +CVE-2021-25101 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25100 (The GiveWP WordPress plugin before 2.17.3 does not escape the s parame ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25099 (The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25098 + RESERVED +CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25096 (The IP2Location Country Blocker WordPress plugin before 2.26.5 bans ca ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25095 (The IP2Location Country Blocker WordPress plugin before 2.26.5 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25094 + RESERVED +CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have authorisa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25092 (The Link Library WordPress plugin before 7.2.8 does not have CSRF chec ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25091 (The Link Library WordPress plugin before 7.2.9 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25090 + RESERVED +CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25088 + RESERVED +CVE-2021-25087 + RESERVED +CVE-2021-25086 + RESERVED +CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced C ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25082 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25081 + RESERVED +CVE-2021-25080 (The Contact Form Entries WordPress plugin before 1.1.7 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25078 (The Affiliates Manager WordPress plugin before 2.9.0 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25077 (The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25075 (The Duplicate Page or Post WordPress plugin before 1.5.1 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25074 (The WebP Converter for Media WordPress plugin before 4.0.3 contains a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in v ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25072 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25071 + RESERVED +CVE-2021-25070 + RESERVED +CVE-2021-25069 (The Download Manager WordPress plugin before 3.2.34 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25068 + RESERVED +CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was affected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25066 + RESERVED +CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25064 + RESERVED +CVE-2021-25063 (The Contact Form 7 Skins WordPress plugin through 2.5.0 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was affected by a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25060 (The Five Star Business Profile and Schema WordPress plugin before 2.1. ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25059 + RESERVED +CVE-2021-25058 (The Buffer Button WordPress plugin through 1.0 was vulnerable to Authe ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25057 (The Translation Exchange WordPress plugin through 1.0.14 was vulnerabl ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25056 + RESERVED +CVE-2021-25055 (The FeedWordPress plugin before 2022.0123 is affected by a Reflected C ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25054 (The WPcalc WordPress plugin through 2.1 does not sanitize user input i ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25053 (The WP Coder WordPress plugin before 2.5.2 within the wow-company admi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25052 (The Button Generator WordPress plugin before 2.3.3 within the wow-comp ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25051 (The Modal Window WordPress plugin before 5.2.2 within the wow-company ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25050 (The Remove Footer Credit WordPress plugin before 1.0.11 does properly ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25049 (The Mobile Events Manager WordPress plugin before 1.4.4 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25048 + RESERVED +CVE-2021-25047 (The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affecte ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25046 (The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25045 (The Asgaros Forum WordPress plugin before 1.15.15 does not validate or ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25044 + RESERVED +CVE-2021-25043 (The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25042 + RESERVED +CVE-2021-25041 (The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerabl ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25040 (The Booking Calendar WordPress plugin before 8.9.2 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25039 + RESERVED +CVE-2021-25038 + RESERVED +CVE-2021-25037 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by an a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25036 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Pr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25035 (The Backup and Staging by WP Time Capsule WordPress plugin before 1.22 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25034 + RESERVED +CVE-2021-25033 (The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Co ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25030 (The Events Made Easy WordPress plugin before 2.2.36 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25029 (The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25028 (The Event Tickets WordPress plugin before 5.2.2 does not validate the ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25026 + RESERVED +CVE-2021-25025 (The EventCalendar WordPress plugin before 1.1.51 does not have proper ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25024 (The EventCalendar WordPress plugin before 1.1.51 does not escape some ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25023 (The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25022 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25021 (The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 do ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25020 (The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25019 + RESERVED +CVE-2021-25018 (The PPOM for WooCommerce WordPress plugin before 24.0 does not have au ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25017 (The Tutor LMS WordPress plugin before 1.9.12 does not escape the searc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25015 (The myCred WordPress plugin before 2.4 does not sanitise and escape th ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25014 (The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have authorisation a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25012 + RESERVED +CVE-2021-25011 + RESERVED +CVE-2021-25010 + RESERVED +CVE-2021-25009 + RESERVED +CVE-2021-25008 (The Code Snippets WordPress plugin before 2.14.3 does not escape the s ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25007 + RESERVED +CVE-2021-25006 + RESERVED +CVE-2021-25005 (The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and e ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25003 + RESERVED +CVE-2021-25002 + RESERVED +CVE-2021-25001 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2021-25000 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24999 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24998 (The Simple JWT Login WordPress plugin before 3.3.0 can be used to crea ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24997 (The WP Guppy WordPress plugin before 1.3 does not have any authorisati ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24996 + RESERVED +CVE-2021-24995 + RESERVED +CVE-2021-24994 + RESERVED +CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26 does not h ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24991 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24990 + RESERVED +CVE-2021-24989 (The Accept Donations with PayPal WordPress plugin before 1.3.4 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24988 (The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24987 + RESERVED +CVE-2021-24986 + RESERVED +CVE-2021-24985 (The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24983 (The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24982 + RESERVED +CVE-2021-24981 (The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24980 (The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24979 (The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24978 + RESERVED +CVE-2021-24977 + RESERVED +CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24975 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24974 (The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 do ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24973 (The Site Reviews WordPress plugin before 5.17.3 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24972 (The Pixel Cat WordPress plugin before 2.6.3 does not escape some of it ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24971 + RESERVED +CVE-2021-24970 (The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24969 (The WordPress Download Manager WordPress plugin before 3.2.22 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24968 (The Ultimate FAQ WordPress plugin before 2.1.2 does not have capabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24967 (The Contact Form & Lead Form Elementor Builder WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24966 + RESERVED +CVE-2021-24965 (The Five Star Restaurant Reservations WordPress plugin before 2.4.8 do ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24964 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly ve ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24963 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24962 + RESERVED +CVE-2021-24961 + RESERVED +CVE-2021-24960 + RESERVED +CVE-2021-24959 + RESERVED +CVE-2021-24958 + RESERVED +CVE-2021-24957 + RESERVED +CVE-2021-24956 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plug ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24955 (The User Registration, Login Form, User Profile & Membership WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24954 (The User Registration, Login Form, User Profile & Membership WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24953 + RESERVED +CVE-2021-24952 + RESERVED +CVE-2021-24951 (The LearnPress WordPress plugin before 4.1.4 does not sanitise, valida ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24950 + RESERVED +CVE-2021-24949 (The "WP Search Filters" widget of The Plus Addons for Elementor - Pro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24948 (The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24947 (The RVM WordPress plugin before 6.4.2 does not have proper authorisati ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24945 (The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24944 (The Custom Dashboard & Login Page WordPress plugin before 7.0 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24942 + RESERVED +CVE-2021-24941 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24940 + RESERVED +CVE-2021-24939 (The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24938 (The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24937 (The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24936 (The WP Extra File Types WordPress plugin before 0.5.1 does not have CS ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not escape the ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24934 (The Visual CSS Style Editor WordPress plugin before 7.5.4 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24933 + RESERVED +CVE-2021-24932 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24931 (The Secure Copy Content Protection and Content Locking WordPress plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24930 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24929 + RESERVED +CVE-2021-24928 (The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24926 (The Domain Check WordPress plugin before 1.0.17 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24925 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24924 (The Email Log WordPress plugin before 2.4.8 does not escape the d para ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24923 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check w ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24921 (The Advanced Database Cleaner WordPress plugin before 3.0.4 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24920 + RESERVED +CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24917 (The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allow ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24916 + RESERVED +CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not have cap ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24913 + RESERVED +CVE-2021-24912 + RESERVED +CVE-2021-24911 + RESERVED +CVE-2021-24910 + RESERVED +CVE-2021-24909 (The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24908 (The Check & Log Email WordPress plugin before 1.0.4 does not escap ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24907 (The Contact Form, Drag and Drop Form Builder for WordPress plugin befo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24906 (The Protect WP Admin WordPress plugin before 3.6.2 does not check for ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24905 + RESERVED +CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does not impl ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24903 + RESERVED +CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24901 + RESERVED +CVE-2021-24900 (The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24898 + RESERVED +CVE-2021-24897 + RESERVED +CVE-2021-24896 (The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24895 + RESERVED +CVE-2021-24894 (The Reviews Plus WordPress plugin before 1.2.14 does not validate the ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24893 (The Stars Rating WordPress plugin before 3.5.1 does not validate the s ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24892 (Insecure Direct Object Reference in edit function of Advanced Forms (F ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.4.8 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24890 + RESERVED +CVE-2021-24889 (The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not es ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24887 + RESERVED +CVE-2021-24886 + RESERVED +CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24883 (The Popup Anything WordPress plugin before 2.0.4 does not escape the L ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24881 + RESERVED +CVE-2021-24880 (The SupportCandy WordPress plugin before 2.2.7 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24879 (The SupportCandy WordPress plugin before 2.2.7 does not have CSRF chec ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24878 (The SupportCandy WordPress plugin before 2.2.7 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.3 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24874 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24873 (The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24872 (The Get Custom Field Values WordPress plugin before 4.0 allows users w ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24871 (The Get Custom Field Values WordPress plugin before 4.0.1 does not esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24870 + RESERVED +CVE-2021-24869 + RESERVED +CVE-2021-24868 (The Document Embedder WordPress plugin before 1.7.9 contains a AJAX ac ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24867 (Numerous Plugins and Themes from the AccessPress Themes (aka Access Ke ...) + TODO: check +CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24865 (The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 d ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24864 + RESERVED +CVE-2021-24863 (The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Prot ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24862 (The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24861 (The Quotes Collection WordPress plugin through 2.5.2 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24860 (The BSK PDF Manager WordPress plugin before 3.1.2 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24859 (The User Meta Shortcodes WordPress plugin through 0.5 registers a shor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24858 (The Cookie Notification Plugin for WordPress plugin before 1.0.9 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24857 (The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded us ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24856 (The Shared Files WordPress plugin before 1.6.61 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24855 (The Display Post Metadata WordPress plugin before 1.5.0 adds a shortco ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24854 (The QR Redirector WordPress plugin before 1.6.1 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24853 (The QR Redirector WordPress plugin before 1.6 does not have capability ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24852 (The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24851 (The Insert Pages WordPress plugin before 3.7.0 allows users with a rol ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24850 (The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that p ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24849 (The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24848 (The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24847 (The importFromRedirection AJAX action of the SEO Redirection Plugin &# ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24846 (The get_query() function of the Ni WooCommerce Custom Order Status Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows passing ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24843 (The SupportCandy WordPress plugin before 2.2.7 does not have CRSF chec ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not enforce ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...) + NOT-FOR-US: WordPress theme +CVE-2021-24839 (The SupportCandy WordPress plugin before 2.2.5 does not have authorisa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24838 (The AnyComment WordPress plugin through 0.2.17 has an API endpoint whi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24837 + RESERVED +CVE-2021-24836 (The Temporary Login Without Password WordPress plugin before 1.7.1 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24835 (The WCFM – Frontend Manager for WooCommerce along with Bookings ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24834 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24833 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24832 (The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CS ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24831 (All AJAX actions of the Tab WordPress plugin before 1.3.2 are availabl ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24830 (The Advanced Access Manager WordPress plugin before 6.8.0 does not esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24829 (The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 d ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24828 (The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5. ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24827 (The Asgaros Forum WordPress plugin before 1.15.13 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24826 + RESERVED +CVE-2021-24825 + RESERVED +CVE-2021-24824 + RESERVED +CVE-2021-24823 + RESERVED +CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does not hav ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24821 + RESERVED +CVE-2021-24820 + RESERVED +CVE-2021-24819 (The Page/Post Content Shortcode WordPress plugin through 1.0 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24818 (The WP Limits WordPress plugin through 1.0 does not have CSRF check wh ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24817 (The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24816 (The Phoenix Media Rename WordPress plugin before 3.4.4 does not have c ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24815 (The Accept Donations with PayPal WordPress plugin before 1.3.2 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24814 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24811 (The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24810 + RESERVED +CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not check ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24808 (The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24807 (The Support Board WordPress plugin before 3.3.5 allows Authenticated ( ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24806 (The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when ad ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24805 + RESERVED +CVE-2021-24804 (The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24803 + RESERVED +CVE-2021-24802 (The Colorful Categories WordPress plugin before 2.0.15 does not enforc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have any auth ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24800 + RESERVED +CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24798 (The WP Header Images WordPress plugin before 2.0.1 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24797 (The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24796 (The My Tickets WordPress plugin before 1.8.31 does not properly saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24795 (The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking C ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24794 (The Connections Business Directory WordPress plugin before 10.4.3 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24793 (The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24792 (The Shiny Buttons WordPress plugin through 1.1.0 does not have any aut ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24791 (The Header Footer Code Manager WordPress plugin before 1.1.14 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24790 (The Contact Form Advanced Database WordPress plugin through 1.0.8 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not escape some ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24788 (The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actio ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24787 (The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24786 (The Download Monitor WordPress plugin before 4.4.5 does not properly v ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24784 (The WP Admin Logo Changer WordPress plugin through 1.0 does not have C ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24783 (The Post Expirator WordPress plugin before 2.6.0 does not have proper ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24782 (The Flex Local Fonts WordPress plugin through 1.0.0 does not escape th ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24781 (The Image Source Control WordPress plugin before 2.3.1 allows users wi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24780 (The Single Post Exporter WordPress plugin through 1.1.1 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24778 + RESERVED +CVE-2021-24777 + RESERVED +CVE-2021-24776 (The WP Performance Score Booster WordPress plugin before 2.1 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24775 (The Document Embedder WordPress plugin before 1.7.5 contains a REST en ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24772 (The Stream WordPress plugin before 3.8.2 does not sanitise and validat ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24771 (The Inspirational Quote Rotator WordPress plugin through 1.0.0 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not perform ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24768 (The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24767 (The Redirect 404 Error Page to Homepage or Custom Page with Logs WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24766 (The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24765 (The Perfect Survey WordPress plugin through 1.5.2 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24764 (The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24763 (The Perfect Survey WordPress plugin before 1.5.2 does not have proper ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24762 (The Perfect Survey WordPress plugin before 1.5.2 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24761 (The Error Log Viewer WordPress plugin through 1.1.1 does not perform n ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24759 (The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some o ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24758 (The Email Log WordPress plugin before 2.4.7 does not properly validate ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not perform ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24756 (The WP System Log WordPress plugin before 1.0.21 does not sanitise, va ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24755 (The myCred WordPress plugin before 2.3 does not validate or escape the ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24753 (The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not pr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capability ...) + NOT-FOR-US: WordPress plugins +CVE-2021-24751 (The GenerateBlocks WordPress plugin before 1.4.0 does not validate the ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24750 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24749 (The URL Shortify WordPress plugin before 1.5.1 does not have CSRF chec ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not properl ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24747 (The SEO Booster WordPress plugin before 3.8 allows for authenticated S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24746 + RESERVED +CVE-2021-24745 (The About Author Box WordPress plugin before 1.0.2 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24742 (The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Edi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape multip ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape some of it ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24739 (The Logo Carousel WordPress plugin before 3.4.2 allows users with a ro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24738 (The Logo Carousel WordPress plugin before 3.4.2 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24737 (The Comments – wpDiscuz WordPress plugin through 7.3.0 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24736 (The Easy Download Manager and File Sharing Plugin with frontend file u ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24735 (The Compact WP Audio Player WordPress plugin before 1.9.7 does not imp ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24734 (The Compact WP Audio Player WordPress plugin before 1.9.7 does not esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24733 (The WP Post Page Clone WordPress plugin before 1.2 allows users with a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plu ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24731 (The Registration Forms – User profile, Content Restriction, Spam ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24730 + RESERVED +CVE-2021-24729 (The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24728 (The Membership & Content Restriction – Paid Member Subscript ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24727 (The StopBadBots WordPress plugin before 6.60 did not validate or escap ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24726 (The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not e ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24725 (The Comment Link Remove and Other Comment Tools WordPress plugin befor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24724 (The Timetable and Event Schedule by MotoPress WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24723 (The WP Reactions Lite WordPress plugin before 1.3.6 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24722 (The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24721 (The Loco Translate WordPress plugin before 2.5.4 mishandles data input ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 wa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Refle ...) + NOT-FOR-US: WordPress theme +CVE-2021-24718 (The Contact Form, Survey & Popup Form Plugin for WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24717 (The AutomatorWP WordPress plugin before 1.7.6 does not perform capabil ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24716 (The Modern Events Calendar Lite WordPress plugin before 5.22.3 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24715 (The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24714 (The Import any XML or CSV File to WordPress plugin before 3.6.3 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24713 (The Video Lessons Manager WordPress plugin before 1.7.2 and Video Less ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17 does not p ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24711 (The del_reistered_domains AJAX action of the Software License Manager ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24710 (The Print-O-Matic WordPress plugin before 2.0.3 does not escape some o ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24709 (The Weather Effect WordPress plugin before 1.3.6 does not properly val ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24708 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24707 (The Learning Courses WordPress plugin before 5.0 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24706 (The Qwizcards – online quizzes and flashcards WordPress plugin b ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape some of i ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24704 + RESERVED +CVE-2021-24703 (The Download Plugin WordPress plugin before 1.6.1 does not have capabi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not properly sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24701 (The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize m ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24700 (The Forminator WordPress plugin before 1.15.4 does not sanitize and es ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not escape ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24698 (The Simple Download Monitor WordPress plugin before 3.9.6 allows users ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24697 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24696 (The Simple Download Monitor WordPress plugin before 3.9.9 does not enf ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24695 (The Simple Download Monitor WordPress plugin before 3.9.6 saves logs i ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24694 (The Simple Download Monitor WordPress plugin before 3.9.11 could allow ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24693 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24692 + RESERVED +CVE-2021-24691 (The Quiz And Survey Master WordPress plugin before 7.3.2 does not esca ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24690 (The Chained Quiz WordPress plugin before 1.2.7.2 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24689 + RESERVED +CVE-2021-24688 + RESERVED +CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24686 (The SVG Support WordPress plugin before 2.3.20 does not escape the "CS ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24685 (The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have any CSR ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24682 (The Cool Tag Cloud WordPress plugin before 2.26 does not escape the st ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24681 (The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24680 (The WP Travel Engine WordPress plugin before 5.3.1 does not escape the ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24678 (The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24677 (The Find My Blocks WordPress plugin before 3.4.0 does not have authori ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24676 (The Better Find and Replace WordPress plugin before 1.2.9 does not esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24675 (The One User Avatar WordPress plugin before 2.3.7 does not check for C ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24674 (The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24673 (The Appointment Hour Booking WordPress plugin before 1.3.16 does not e ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24672 (The One User Avatar WordPress plugin before 2.3.7 does not escape the ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24671 (The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some short ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24669 (The MAZ Loader – Preloader Builder for WordPress plugin before 1 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24668 (The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce ch ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...) + NOT-FOR-US: FortiGuard +CVE-2021-24666 (The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24665 (The WP Video Lightbox WordPress plugin before 1.9.3 does not escape th ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24664 (The School Management System – WPSchoolPress WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through 1.1 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24662 (The Game Server Status WordPress plugin through 1.0 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24661 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24660 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24659 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24658 (The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 d ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24657 (The Limit Login Attempts WordPress plugin before 4.0.50 does not escap ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24656 (The Simple Social Media Share Buttons WordPress plugin before 3.2.4 do ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24655 + RESERVED +CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated us ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24650 + RESERVED +CVE-2021-24649 + RESERVED +CVE-2021-24648 (The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24647 (The Registration Forms – User profile, Content Restriction, Spam ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin before 1.4.3 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24645 (The Booking.com Product Helper WordPress plugin before 1.0.2 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24644 (The Images to WebP WordPress plugin before 1.9 does not validate or sa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape some at ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24642 (The Scroll Baner WordPress plugin through 1.0 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24641 (The Images to WebP WordPress plugin before 1.9 does not have CSRF chec ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24640 (The WordPress Slider Block Gutenslider plugin before 5.2.0 does not es ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24639 (The OMGF WordPress plugin before 4.5.4 does not enforce path validatio ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24638 (The OMGF WordPress plugin before 4.5.4 does not escape or validate the ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24637 (The Google Fonts Typography WordPress plugin before 3.0.3 does not esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24636 (The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24635 (The Visual Link Preview WordPress plugin before 2.2.3 does not enforce ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24634 (The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24633 (The Countdown Block WordPress plugin before 1.1.2 does not have author ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24632 (The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24631 (The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24630 (The Schreikasten WordPress plugin through 0.14.18 does not sanitise or ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24629 (The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24628 (The Wow Forms WordPress plugin through 3.1.3 does not sanitise or esca ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24627 (The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24626 (The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24625 (The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24624 (The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24622 (The Customer Service Software & Support Ticket System WordPress pl ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24621 (The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise it ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24620 (The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products thr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24619 (The Per page add to head WordPress plugin through 1.4.4 does not prope ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24618 (The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24617 (The GamePress WordPress plugin through 1.1.0 does not escape the op_ed ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24616 (The AddToAny Share Buttons WordPress plugin before 1.7.48 does not esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24615 (The Wechat Reward WordPress plugin through 1.7 does not sanitise or es ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24614 (The Book appointment online WordPress plugin before 1.39 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24613 (The Post Views Counter WordPress plugin before 1.3.5 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24612 (The Sociable WordPress plugin through 4.3.4.1 does not sanitise or esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24611 (The Keyword Meta WordPress plugin through 3.0 does not sanitise of esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not implement a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24608 (The Formidable Form Builder – Contact Form, Survey & Quiz Fo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24607 (The Storefront Footer Text WordPress plugin through 1.0.1 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24606 (The Availability Calendar WordPress plugin before 1.2.1 does not escap ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24605 (The create_post_page AJAX action of the Custom Post View Generator Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24604 (The Availability Calendar WordPress plugin before 1.2.2 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24603 (The Site Reviews WordPress plugin before 5.13.1 does not sanitise some ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24602 (The HM Multiple Roles WordPress plugin before 1.3 does not have any ac ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24601 (The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24600 (The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24599 (The Email Encoder – Protect Email Addresses WordPress plugin bef ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24598 (The Testimonial WordPress plugin before 1.6.0 does not escape some tes ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24597 (The You Shang WordPress plugin through 1.0.1 does not escape its qrcod ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24596 (The youForms for WordPress plugin through 1.0.5 does not sanitise esca ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24595 (The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSR ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24594 (The Translate WordPress – Google Language Translator WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24593 (The Business Hours Indicator WordPress plugin before 2.3.5 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24592 (The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise s ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24591 (The Highlight WordPress plugin before 0.9.3 does not sanitise its Cust ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24590 (The Cookie Notice & Consent Banner for GDPR & CCPA Compliance ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24589 + RESERVED +CVE-2021-24588 (The SMS Alert Order Notifications WordPress plugin before 3.4.7 is aff ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24587 (The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24586 (The Per page add to head WordPress plugin before 1.4.4 is lacking any ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24585 (The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24584 (The Timetable and Event Schedule WordPress plugin before 2.4.2 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24583 (The Timetable and Event Schedule WordPress plugin before 2.4.2 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24582 (The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24581 (The Blue Admin WordPress plugin through 21.06.01 does not sanitise or ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24580 (The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise use ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24579 (The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plug ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24578 (The SportsPress WordPress plugin before 2.7.9 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24577 (The Coming soon and Maintenance mode WordPress plugin before 3.5.3 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24576 (The Easy Accordion WordPress plugin before 2.0.22 does not properly sa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24575 (The School Management System – WPSchoolPress WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24574 (The Simple Banner WordPress plugin before 2.10.4 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24573 + RESERVED +CVE-2021-24572 (The Accept Donations with PayPal WordPress plugin before 1.3.1 provide ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24571 (The HD Quiz WordPress plugin before 1.8.4 does not escape some of its ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24570 (The Accept Donations with PayPal WordPress plugin before 1.3.1 offers ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24569 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24567 + RESERVED +CVE-2021-24566 + RESERVED +CVE-2021-24565 (The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24564 (The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24563 (The Frontend Uploader WordPress plugin through 1.3.2 does not prevent ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24562 (The LMS by LifterLMS – Online Course, Membership & Learning ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24561 (The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_gr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24560 (The Software License Manager WordPress plugin before 4.4.8 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24559 + RESERVED +CVE-2021-24558 (The pspin_duplicate_post_save_as_new_post function of the Project Stat ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24557 (The update functionality in the rslider_page uses an rs_id POST parame ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24556 (The kento_email_subscriber_ajax AJAX action of the Email Subscriber Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24555 (The daac_delete_booking_callback function, hooked to the daac_delete_b ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24554 (The Paytm – Donation Plugin WordPress plugin through 1.3.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24553 (The Timeline Calendar WordPress plugin through 1.2 does not sanitise, ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24552 (The Simple Events Calendar WordPress plugin through 1.4.0 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24551 (The Edit Comments WordPress plugin through 0.3 does not sanitise, vali ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24550 (The Broken Link Manager WordPress plugin through 0.6.5 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24549 (The AceIDE WordPress plugin through 2.6.2 does not sanitise or validat ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24548 (The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Au ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24547 (The KN Fix Your Title WordPress plugin through 1.0.1 was vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24546 (The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24545 (The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24544 (The Responsive WordPress Slider WordPress plugin through 2.2.0 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24543 (The jQuery Reply to Comment WordPress plugin through 1.31 does not hav ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24542 + RESERVED +CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape param ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24540 (The Wonder Video Embed WordPress plugin before 1.8 does not escape par ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24539 (The Coming Soon, Under Construction & Maintenance Mode By Dazzler ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24538 (The Current Book WordPress plugin through 1.0.1 does not sanitize user ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24537 (The Similar Posts WordPress plugin through 3.1.5 allow high privilege ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24536 (The Custom Login Redirect WordPress plugin through 1.0.0 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24535 (The Light Messages WordPress plugin through 1.0 is lacking CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24534 (The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24533 (The Maintenance WordPress plugin before 4.03 does not sanitise or esca ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24532 + RESERVED +CVE-2021-24531 (The Charitable – Donation Plugin WordPress plugin before 1.6.51 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24530 (The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly s ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24529 (The Grid Gallery – Photo Image Grid Gallery WordPress plugin bef ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24528 (The FluentSMTP WordPress plugin before 2.0.1 does not sanitize paramet ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24527 (The User Registration & User Profile – Profile Builder WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24526 (The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contac ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24525 (The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users wi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24524 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24523 (The Daily Prayer Time WordPress plugin before 2021.08.10 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24522 (The User Registration, User Profile, Login & Membership – Pr ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24521 (The Side Menu Lite – add sticky fixed buttons WordPress plugin b ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24520 (The Stock in & out WordPress plugin through 1.0.4 lacks proper san ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24519 (The VikRentCar Car Rental Management System WordPress plugin before 1. ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24518 (The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not escape the ti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24515 (The Video Gallery WordPress plugin before 1.1.5 does not escape the Ti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24514 (The Visual Form Builder WordPress plugin before 3.0.4 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24513 (The Form Builder | Create Responsive Contact Forms WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24511 (The fetch_product_ajax functionality in the Product Feed on WooCommerc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24510 (The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24509 (The Page View Count WordPress plugin before 2.4.9 does not escape the ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24508 (The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24507 (The Astra Pro Addon WordPress plugin before 3.5.2 did not properly san ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24506 (The Slider Hero with Animation, Video Background & Intro Maker Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24505 (The Forms WordPress plugin before 1.12.3 did not sanitise its input fi ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24504 (The WP LMS – Best WordPress LMS Plugin WordPress plugin through ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24503 (The Popular Brand Icons – Simple Icons WordPress plugin before 2 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24502 (The WP Google Map WordPress plugin before 1.7.7 did not sanitise or es ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24501 (The Workreap WordPress theme before 2.2.2 had several AJAX actions mis ...) + NOT-FOR-US: Wordpress theme +CVE-2021-24500 (Several AJAX actions available in the Workreap WordPress theme before ...) + NOT-FOR-US: Wordpress theme +CVE-2021-24499 (The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_ ...) + NOT-FOR-US: Wordpress theme +CVE-2021-24498 (The Calendar Event Multi View WordPress plugin before 1.4.01 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24497 (The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL In ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24496 (The Community Events WordPress plugin before 1.4.8 does not sanitise, ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24495 (The Marmoset Viewer WordPress plugin before 1.9.3 does not property sa ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape s ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24493 (The shopp_upload_file AJAX action of the Shopp WordPress plugin throug ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24492 (The hndtst_action_instance_callback AJAX call of the Handsome Testimon ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24491 (The Fileviewer WordPress plugin through 2.2 does not have CSRF checks ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24490 (The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24489 (The Request a Quote WordPress plugin before 2.3.5 does not sanitise, v ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24488 (The slider import search feature and tab parameter of the Post Grid Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24487 (The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF c ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24486 (The Simple Social Media Share Buttons – Social Sharing for Every ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24485 (The Special Text Boxes WordPress plugin through 5.9.109 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24484 (The get_reports() function in the Secure Copy Content Protection and C ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24483 (The get_poll_categories(), get_polls() and get_reports() functions in ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24482 (The Related Posts for WordPress plugin through 2.0.4 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24481 (The Any Hostname WordPress plugin through 1.0.6 does not sanitise or e ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24480 (The Event Geek WordPress plugin through 2.5.2 does not sanitise or esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24479 (The DrawBlog WordPress plugin through 0.90 does not sanitise or valida ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24478 (The Bookshelf WordPress plugin through 2.0.4 does not sanitise or esca ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24477 (The Migrate Users WordPress plugin through 1.0.1 does not sanitise or ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24476 (The Steam Group Viewer WordPress plugin through 2.1 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24475 + RESERVED +CVE-2021-24474 (The Awesome Weather Widget WordPress plugin through 3.0.2 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24473 (The User Profile Picture WordPress plugin before 2.6.0 was affected by ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24472 (The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress ...) + NOT-FOR-US: WordPress theme +CVE-2021-24471 (The YouTube Embed WordPress plugin before 5.2.2 does not validate, esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24470 (The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24469 + RESERVED +CVE-2021-24468 (The Leaflet Map WordPress plugin before 3.0.0 does not escape some sho ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24467 (The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24466 (The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSR ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24465 (The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, vali ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24464 (The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin bef ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24463 (The get_sliders() function in the Image Slider by Ays- Responsive Slid ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24462 (The get_gallery_categories() and get_galleries() functions in the Phot ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24461 (The get_faqs() function in the FAQ Builder AYS WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24460 (The get_fb_likeboxes() function in the Popup Like box – Page Plu ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24459 (The get_results() and get_items() functions in the Survey Maker WordPr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24458 (The get_ays_popupboxes() and get_popup_categories() functions of the P ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24457 (The get_portfolios() and get_portfolio_attributes() functions in the c ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24456 (The Quiz Maker WordPress plugin before 6.2.0.9 did not properly saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24455 (The Tutor LMS – eLearning and online course solution WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24454 (In the YOP Poll WordPress plugin before 6.2.8, when a pool is created ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24453 (The Include Me WordPress plugin through 1.2.1 is vulnerable to path tr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24452 (The W3 Total Cache WordPress plugin before 2.1.5 was affected by a ref ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24451 (The Export Users With Meta WordPress plugin before 0.6.5 did not escap ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24450 (The User Registration, User Profiles, Login & Membership – P ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24449 + RESERVED +CVE-2021-24448 (The User Registration & User Profile – Profile Builder WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not validate its ta ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24446 (The Remove Footer Credit WordPress plugin before 1.0.6 does not have C ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24445 (The My Site Audit WordPress plugin through 1.2.4 does not sanitise or ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24444 (The TaxoPress – Create and Manage Taxonomies, Tags, Categories W ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24443 (The About Me widget of the Youzify – BuddyPress Community, User ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24442 (The Poll, Survey, Questionnaire and Voting system WordPress plugin bef ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24441 (The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitis ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24440 (The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24439 (The Browser Screenshots WordPress plugin before 1.7.6 allowed authenti ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24438 (The ShareThis Dashboard for Google Analytics WordPress plugin before 2 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24437 (The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 do ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24436 (The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a r ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24435 (The iframe-font-preview.php file of the titan-framework does not prope ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or escape i ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24433 + RESERVED +CVE-2021-24432 + RESERVED +CVE-2021-24431 (The Language Bar Flags WordPress plugin through 1.0.8 does not have an ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24430 (The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24429 (The Salon booking system WordPress plugin before 6.3.1 does not proper ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24428 (The RSS for Yandex Turbo WordPress plugin through 1.30 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24427 (The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or e ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24426 (The Backup by 10Web – Backup and Restore Plugin WordPress plugin ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24425 (The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Heade ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24424 (The WP Reset – Most Advanced WordPress Reset Tool WordPress plug ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24423 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24422 + RESERVED +CVE-2021-24421 (The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or esc ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24420 (The Request a Quote WordPress plugin before 2.3.4 did not sanitise and ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24419 (The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24418 (The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 do ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24417 + RESERVED +CVE-2021-24416 (The StreamCast – Radio Player for WordPress plugin before 2.1.1 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24415 (The Polo Video Gallery – Best wordpress video gallery plugin Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24414 (The Video Player for YouTube WordPress plugin before 1.4 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24413 (The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24412 (The Html5 Audio Player – Audio Player for WordPress plugin befor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24411 (The Social Tape WordPress plugin through 1.0 does not have CSRF checks ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24410 (The తెలుగు బైబ&# ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24409 (The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GE ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24408 (The Prismatic WordPress plugin before 2.8 does not sanitise or validat ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24407 (The Jannah WordPress theme before 5.4.5 did not properly sanitize the ...) + NOT-FOR-US: Wordpress theme +CVE-2021-24406 (The wpForo Forum WordPress plugin before 1.9.7 did not validate the re ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24405 (The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24404 (The options.php file of the WP-Board WordPress plugin through 1.1 beta ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24403 (The Orders functionality in the WordPress Page Contact plugin through ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24402 (The Orders functionality in the WP iCommerce WordPress plugin through ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24401 (The Edit domain functionality in the WP Domain Redirect WordPress plug ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24400 (The Edit Role functionality in the Display Users WordPress plugin thro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24399 (The check_order function of The Sorter WordPress plugin through 1.0 us ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24398 (The Add new scene functionality in the Responsive 3D Slider WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24397 (The edit functionality in the MicroCopy WordPress plugin through 1.1.0 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24396 (A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24395 (The editid GET parameter of the Embed Youtube Video WordPress plugin t ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24394 (An id GET parameter of the Easy Testimonial Manager WordPress plugin t ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24393 (A c GET parameter of the Comment Highlighter WordPress plugin through ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24392 (An id GET parameter of the WordPress Membership SwiftCloud.io WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24391 (An editid GET parameter of the Cashtomer WordPress plugin through 1.0. ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24390 (A proid GET parameter of the WordPress支付宝Alipay|& ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24389 (The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24388 (In the VikRentCar Car Rental Management System WordPress plugin before ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24387 (The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly ...) + NOT-FOR-US: Wordpress theme +CVE-2021-24386 (The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24385 (The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24384 (The joomsport_md_load AJAX action of the JoomSport WordPress plugin be ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, va ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did n ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24381 (The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24380 (The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking an ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows users t ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24378 (The Autoptimize WordPress plugin before 2.7.8 does not check for malic ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24377 (The Autoptimize WordPress plugin before 2.7.8 attempts to remove poten ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24376 (The Autoptimize WordPress plugin before 2.7.8 attempts to delete malic ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24375 (Lack of authentication or validation in motor_load_more, motor_gallery ...) + NOT-FOR-US: Wordpress theme +CVE-2021-24374 (The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24373 (The WP Hardening – Fix Your WordPress Security WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24372 (The WP Hardening – Fix Your WordPress Security WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24371 (The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24370 (The Fancy Product Designer WordPress plugin before 4.6.9 allows unauth ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24369 (In the GetPaid WordPress plugin before 2.3.4, users with the contribut ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24368 (The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin W ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24367 (The WP Config File Editor WordPress plugin through 1.7.1 was affected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24366 (The Admin Columns Free WordPress plugin before 4.3 and Admin Columns P ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24365 (The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5. ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24364 (The Jannah WordPress theme before 5.4.4 did not properly sanitize the ...) + NOT-FOR-US: WordPress theme +CVE-2021-24363 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24362 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24361 (In the Location Manager WordPress plugin before 2.1.0.10, the AJAX act ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24360 (The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its s ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24359 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24358 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24357 (In the Best Image Gallery & Responsive Photo Gallery – FooGa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24356 (In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24355 (In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24354 (A lack of capability checks and insufficient nonce check on the AJAX a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24353 (The import_data function of the Simple 301 Redirects by BetterLinks Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24352 (The export_data function of the Simple 301 Redirects by BetterLinks Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24351 (The theplus_more_post AJAX action of The Plus Addons for Elementor Pag ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24350 (The Visitors WordPress plugin through 0.3 is affected by an Unauthenti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24349 (This Gallery from files WordPress plugin through 1.6.0 gives the funct ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24348 (The menu delete functionality of the Side Menu – add fixed side ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24347 (The SP Project & Document Manager WordPress plugin before 4.22 all ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24346 (The Stock in & out WordPress plugin through 1.0.4 has a search fun ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24345 (The page lists-management feature of the Sendit WP Newsletter WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24344 (The Easy Preloader WordPress plugin through 1.0.0 does not sanitise it ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24343 (The iFlyChat WordPress plugin before 4.7.0 does not sanitise its APP I ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24342 (The JNews WordPress theme before 8.0.6 did not sanitise the cat_id par ...) + NOT-FOR-US: WordPress theme +CVE-2021-24341 (When deleting a date in the Xllentech English Islamic Calendar WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24340 (The WP Statistics WordPress plugin before 13.0.8 relied on using the W ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24339 (The Pods – Custom Content Types and Fields WordPress plugin befo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24338 (The Pods – Custom Content Types and Fields WordPress plugin befo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24337 (The id GET parameter of one of the Video Embed WordPress plugin throug ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24336 (The FlightLog WordPress plugin through 3.0.2 does not sanitise, valida ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24335 (The Car Repair Services & Auto Mechanic WordPress theme before 4.0 ...) + NOT-FOR-US: WordPress theme +CVE-2021-24334 (The Instant Images – One Click Unsplash Uploads WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24333 (The Content Copy Protection & Prevent Image Save WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24332 (The Autoptimize WordPress plugin before 2.8.4 was missing proper escap ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24331 (The Smooth Scroll Page Up/Down Buttons WordPress plugin before 1.4 did ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24330 (The Funnel Builder by CartFlows – Create High Converting Sales F ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24329 (The WP Super Cache WordPress plugin before 1.7.3 did not properly sani ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24328 (The WP Login Security and History WordPress plugin through 1.0 did not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24327 (The SEO Redirection Plugin – 301 Redirect Manager WordPress plug ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24326 (The tab parameter of the settings page of the All 404 Redirect to Home ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24325 (The tab parameter of the settings page of the 404 SEO Redirection Word ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24324 (The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF c ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24323 (When taxes are enabled, the "Additional tax classes" field was not pro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24322 (The Database Backup for WordPress plugin before 2.4 did not escape the ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24321 (The Bello - Directory & Listing WordPress theme before 1.6.0 did n ...) + NOT-FOR-US: WordPress theme +CVE-2021-24320 (The Bello - Directory & Listing WordPress theme before 1.6.0 did n ...) + NOT-FOR-US: WordPress theme +CVE-2021-24319 (The Bello - Directory & Listing WordPress theme before 1.6.0 did n ...) + NOT-FOR-US: WordPress theme +CVE-2021-24318 (The Listeo WordPress theme before 1.6.11 did not ensure that the Post/ ...) + NOT-FOR-US: WordPress theme +CVE-2021-24317 (The Listeo WordPress theme before 1.6.11 did not properly sanitise som ...) + NOT-FOR-US: WordPress theme +CVE-2021-24316 (The search feature of the Mediumish WordPress theme through 1.0.47 doe ...) + NOT-FOR-US: WordPress theme +CVE-2021-24315 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24314 (The Goto WordPress theme before 2.1 did not sanitise, validate of esca ...) + NOT-FOR-US: WordPress theme +CVE-2021-24313 (The WP Prayer WordPress plugin before 1.6.2 provides the functionality ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24312 (The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_ ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24311 (The wp_ajax_upload-remote-file AJAX action of the External Media WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24310 (The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24309 (The "Schedule Name" input in the Weekly Schedule WordPress plugin befo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24308 (The 'State' field of the Edit profile page of the LMS by LifterLMS  ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24307 (The All in One SEO – Best WordPress SEO Plugin – Easily Im ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24306 (The Ultimate Member – User Profile, User Registration, Login &am ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24305 (The Target First WordPress Plugin v2.0, also previously known as Watch ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24304 (The Newsmag WordPress theme before 5.0 does not sanitise the td_block_ ...) + NOT-FOR-US: Wordpress theme +CVE-2021-24303 (The JiangQie Official Website Mini Program WordPress plugin before 1.1 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24302 (The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable to an ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24301 (The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24300 (The slider import search feature of the PickPlugins Product Slider for ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 21.0426 provid ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24298 (The method and share GET parameters of the Giveaway pages were not san ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24297 (The Goto WordPress theme before 2.1 did not properly sanitize the form ...) + NOT-FOR-US: Goto WordPress theme +CVE-2021-24296 (The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24295 (It was possible to exploit an Unauthenticated Time-Based Blind SQL Inj ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24294 (The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP Word ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress plugin be ...) + NOT-FOR-US: NextGEN Gallery Pro WordPress plugin +CVE-2021-24292 (The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy A ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24291 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...) + NOT-FOR-US: Photo Gallery by 10Web / Mobile-Friendly Image Gallery WordPress plugin +CVE-2021-24290 (There are several endpoints in the Store Locator Plus for WordPress pl ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24289 (There is functionality in the Store Locator Plus for WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24288 (When subscribing using AcyMailing, the 'redirect' parameter isn't prop ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies, Change ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24286 (The settings page of the Redirect 404 to parent WordPress plugin befor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24285 (The request_list_request AJAX call of the Car Seller - Auto Classified ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24284 (The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows una ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24283 (The tab GET parameter of the settings page is not sanitised or escaped ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24282 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24281 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24280 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24279 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, l ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24278 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, u ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24277 (The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24276 (The Contact Form by Supsystic WordPress plugin before 1.7.15 did not s ...) + NOT-FOR-US: Supsystic WordPress plugin +CVE-2021-24275 (The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise ...) + NOT-FOR-US: Supsystic WordPress plugin +CVE-2021-24274 (The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not s ...) + NOT-FOR-US: Supsystic WordPress plugin +CVE-2021-24273 (The “Clever Addons for Elementor” WordPress Plugin before ...) + NOT-FOR-US: WordPress Plugin +CVE-2021-24272 (The fitness calculators WordPress plugin before 1.9.6 add calculators ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24271 (The “Ultimate Addons for Elementor” WordPress Plugin befor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24270 (The “DeTheme Kit for Elementor” WordPress Plugin before 1. ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24269 (The “Sina Extension for Elementor” WordPress Plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24268 (The “JetWidgets For Elementor” WordPress Plugin before 1.0 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24267 (The “All-in-One Addons for Elementor – WidgetKit” Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24266 (The “The Plus Addons for Elementor Page Builder Lite” Word ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24265 (The “Rife Elementor Extensions & Templates” WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24264 (The “Image Hover Effects – Elementor Addon” WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24263 (The “Elementor Addons – PowerPack Addons for ElementorR ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24262 (The “WooLentor – WooCommerce Elementor Addons + Builder ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24261 (The “HT Mega – Absolute Addons for Elementor Page Builder& ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24260 (The “Livemesh Addons for Elementor” WordPress Plugin befor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24259 (The “Elementor Addon Elements” WordPress Plugin before 1.1 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24258 (The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2. ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24257 (The “Premium Addons for Elementor” WordPress Plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24256 (The “Elementor – Header, Footer & Blocks Template̶ ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24255 (The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24254 (The College publisher Import WordPress plugin through 0.1 does not che ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24253 (The Classyfrieds WordPress plugin through 3.8 does not properly check ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24252 (The Event Banner WordPress plugin through 1.3 does not verify the uplo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24251 (The Business Directory Plugin – Easy Listing Directories for Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24250 (The Business Directory Plugin – Easy Listing Directories for Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24249 (The Business Directory Plugin – Easy Listing Directories for Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24248 (The Business Directory Plugin – Easy Listing Directories for Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24247 (The Contact Form Check Tester WordPress plugin through 1.0.2 settings ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24246 (The Workscout Core WordPress plugin before 1.3.4, used by the WorkScou ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24245 (The Stop Spammers WordPress plugin before 2021.9 did not escape user i ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24244 (An AJAX action registered by the WPBakery Page Builder (Visual Compose ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24243 (An AJAX action registered by the WPBakery Page Builder (Visual Compose ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24242 (The Tutor LMS – eLearning and online course solution WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24241 (The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not p ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24240 (The Business Hours Pro WordPress plugin through 5.5.0 allows a remote ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24239 (The Pie Register – User Registration Forms. Invitation based reg ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24238 (The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, d ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24237 (The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, d ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24236 (The Imagements WordPress plugin through 1.2.5 allows images to be uplo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24235 (The Goto WordPress theme before 2.0 does not sanitise the keywords and ...) + NOT-FOR-US: WordPress theme +CVE-2021-24234 (The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24233 (The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthe ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24232 (The Advanced Booking Calendar WordPress plugin before 1.6.8 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24231 (The Jetpack Scan team identified a Cross-Site Request Forgery vulnerab ...) + NOT-FOR-US: Jetpack +CVE-2021-24230 (The Jetpack Scan team identified a Cross-Site Request Forgery vulnerab ...) + NOT-FOR-US: Patreon WordPress plugin +CVE-2021-24229 (The Jetpack Scan team identified a Reflected Cross-Site Scripting via ...) + NOT-FOR-US: Patreon WordPress plugin +CVE-2021-24228 (The Jetpack Scan team identified a Reflected Cross-Site Scripting in t ...) + NOT-FOR-US: Patreon WordPress plugin +CVE-2021-24227 (The Jetpack Scan team identified a Local File Disclosure vulnerability ...) + NOT-FOR-US: Patreon WordPress plugin +CVE-2021-24226 (In the AccessAlly WordPress plugin before 3.5.7, the file "resource/fr ...) + NOT-FOR-US: AccessAlly WordPress plugin +CVE-2021-24225 (The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sa ...) + NOT-FOR-US: Advanced Booking Calendar WordPress plugin +CVE-2021-24224 (The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordP ...) + NOT-FOR-US: Easy Form Builder WordPress plugin +CVE-2021-24223 (The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitr ...) + NOT-FOR-US: N5 Upload Form WordPress plugin +CVE-2021-24222 (The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from ...) + NOT-FOR-US: WP-Curriculo Vitae Free WordPress plugin +CVE-2021-24221 (The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin f ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24220 (Thrive “Legacy” Rise by Thrive Themes WordPress theme befo ...) + NOT-FOR-US: WordPress theme +CVE-2021-24219 (The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24218 (The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX act ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24217 (The run_action function of the Facebook for WordPress plugin before 3. ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24216 + RESERVED +CVE-2021-24215 (An Improper Access Control vulnerability was discovered in the Control ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24214 (The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24213 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24212 (The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://wooc ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24211 (The WordPress Related Posts plugin through 3.6.4 contains an authentic ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24210 (There is an open redirect in the PhastPress WordPress plugin before 1. ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24209 (The WP Super Cache WordPress plugin before 1.7.2 was affected by an au ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24208 (The editor of the WP Page Builder WordPress plugin before 1.2.4 allows ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24207 (By default, the WP Page Builder WordPress plugin before 1.2.4 allows s ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24206 (In the Elementor Website Builder WordPress plugin before 3.1.4, the im ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24205 (In the Elementor Website Builder WordPress plugin before 3.1.4, the ic ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24204 (In the Elementor Website Builder WordPress plugin before 3.1.4, the ac ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24203 (In the Elementor Website Builder WordPress plugin before 3.1.4, the di ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24202 (In the Elementor Website Builder WordPress plugin before 3.1.4, the he ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24201 (In the Elementor Website Builder WordPress plugin before 3.1.4, the co ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24200 (The wpDataTables – Tables & Table Charts premium WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24199 (The wpDataTables – Tables & Table Charts premium WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24198 (The wpDataTables – Tables & Table Charts premium WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24197 (The wpDataTables – Tables & Table Charts premium WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24196 (The Social Slider Widget WordPress plugin before 1.8.5 allowed Authent ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24195 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24194 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24193 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24192 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24191 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24190 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24189 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24188 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24187 (The setting page of the SEO Redirection Plugin - 301 Redirect Manager ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24186 (The tutor_answering_quiz_question/get_answer_by_id function pair from ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24185 (The tutor_place_rating AJAX action from the Tutor LMS – eLearnin ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24184 (Several AJAX endpoints in the Tutor LMS – eLearning and online c ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24183 (The tutor_quiz_builder_get_question_form AJAX action from the Tutor LM ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24182 (The tutor_quiz_builder_get_answers_by_question AJAX action from the Tu ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24181 (The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24180 (Unvalidated input and lack of output encoding within the Related Posts ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24179 (The Business Directory Plugin – Easy Listing Directories for Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24178 (The Business Directory Plugin – Easy Listing Directories for Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-24177 (In the default configuration of the File Manager WordPress plugin befo ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24176 (The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the re ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24175 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24174 (The Database Backups WordPress plugin through 1.2.2.6 does not have CS ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24173 (The VM Backups WordPress plugin through 1.0 does not have CSRF checks, ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24172 (The VM Backups WordPress plugin through 1.0 does not have CSRF checks, ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24171 (The WooCommerce Upload Files WordPress plugin before 59.4 ran a single ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24170 (The REST API endpoint get_users in the User Profile Picture WordPress ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24169 (This Advanced Order Export For WooCommerce WordPress plugin before 3.1 ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24168 (The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not prop ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24167 (When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_lo ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24166 (The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form R ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24165 (In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24164 (In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low- ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24163 (The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, di ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24162 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, a ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24161 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, a ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24160 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, s ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24159 (Due to the lack of sanitization and lack of nonce protection on the cu ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24158 (Orbit Fox by ThemeIsle has a feature to add a registration form to bot ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24157 (Orbit Fox by ThemeIsle has a feature to add custom scripts to the head ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24156 (Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0 ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24155 (The WordPress Backup and Migrate Plugin – Backup Guard WordPress ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24154 (The Theme Editor WordPress plugin before 2.6 did not validate the GET ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24153 (A Stored Cross-Site Scripting vulnerability was discovered in the Yoas ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24152 (The "All Subscribers" setting page of Popup Builder was vulnerable to ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24151 + RESERVED +CVE-2021-24150 (The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plu ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress plugin, ...) + NOT-FOR-US: Modern Events Calendar Lite WordPress plugin +CVE-2021-24148 (A business logic issue in the MStore API WordPress plugin, versions be ...) + NOT-FOR-US: MStore API WordPress plugin +CVE-2021-24147 (Unvalidated input and lack of output encoding in the Modern Events Cal ...) + NOT-FOR-US: Modern Events Calendar Lite WordPress plugin +CVE-2021-24146 (Lack of authorisation checks in the Modern Events Calendar Lite WordPr ...) + NOT-FOR-US: Modern Events Calendar Lite WordPress plugin +CVE-2021-24145 (Arbitrary file upload in the Modern Events Calendar Lite WordPress plu ...) + NOT-FOR-US: Modern Events Calendar Lite WordPress plugin +CVE-2021-24144 (Unvalidated input in the Contact Form 7 Database Addon plugin, version ...) + NOT-FOR-US: Contact Form 7 Database Addon plugin, +CVE-2021-24143 (Unvalidated input in the AccessPress Social Icons plugin, versions bef ...) + NOT-FOR-US: AccessPress Social Icons plugin +CVE-2021-24142 (Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPre ...) + NOT-FOR-US: 301 Redirects - Easy Redirect Manager WordPress plugin +CVE-2021-24141 (Unvaludated input in the Advanced Database Cleaner plugin, versions be ...) + NOT-FOR-US: Advanced Database Cleaner plugin +CVE-2021-24140 (Unvalidated input in the Ajax Load More WordPress plugin, versions bef ...) + NOT-FOR-US: Ajax Load More WordPress plugin +CVE-2021-24139 (Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress ...) + NOT-FOR-US: Photo Gallery (10Web Photo Gallery) WordPress plugin +CVE-2021-24138 (Unvalidated input in the AdRotate WordPress plugin, versions before 5. ...) + NOT-FOR-US: AdRotate WordPress plugin +CVE-2021-24137 (Unvalidated input in the Blog2Social WordPress plugin, versions before ...) + NOT-FOR-US: Blog2Social WordPress plugin +CVE-2021-24136 (Unvalidated input and lack of output encoding in the Testimonials Widg ...) + NOT-FOR-US: Testimonials Widget WordPress plugin +CVE-2021-24135 (Unvalidated input and lack of output encoding in the WP Customer Revie ...) + NOT-FOR-US: WP Customer Reviews WordPress plugin +CVE-2021-24134 (Unvalidated input and lack of output encoding in the Constant Contact ...) + NOT-FOR-US: Constant Contact Forms WordPress plugin +CVE-2021-24133 (Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions b ...) + NOT-FOR-US: ActiveCampaign WordPress plugin +CVE-2021-24132 (The Slider by 10Web WordPress plugin, versions before 1.2.36, in the b ...) + NOT-FOR-US: 10Web WordPress plugin +CVE-2021-24131 (Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, vers ...) + NOT-FOR-US: Anti-Spam by CleanTalk WordPress plugin +CVE-2021-24130 (Unvalidated input in the WP Google Map Plugin WordPress plugin, versio ...) + NOT-FOR-US: WP Google Map Plugin WordPress plugin +CVE-2021-24129 (Unvalidated input and lack of output encoding in the Themify Portfolio ...) + NOT-FOR-US: Themify Portfolio Post WordPress plugin +CVE-2021-24128 (Unvalidated input and lack of output encoding in the Team Members Word ...) + NOT-FOR-US: Team Members WordPress plugin +CVE-2021-24127 (Unvalidated input and lack of output encoding in the ThirstyAffiliates ...) + NOT-FOR-US: ThirstyAffiliates Affiliate Link Manager WordPress plugin +CVE-2021-24126 (Unvalidated input and lack of output encoding in the Envira Gallery Li ...) + NOT-FOR-US: Envira Gallery Lite WordPress plugin +CVE-2021-24125 (Unvalidated input in the Contact Form Submissions WordPress plugin bef ...) + NOT-FOR-US: Contact Form Submissions WordPress plugin +CVE-2021-24124 (Unvalidated input and lack of output encoding in the WP Shieldon WordP ...) + NOT-FOR-US: WP Shieldon WordPress plugin +CVE-2021-24123 (Arbitrary file upload in the PowerPress WordPress plugin, versions bef ...) + NOT-FOR-US: PowerPress WordPress plugin +CVE-2021-24122 (When serving resources from a network location using the NTFS file sys ...) + {DLA-2594-1} + - tomcat9 9.0.40-1 (unimportant) + - tomcat8 <removed> (unimportant) + - tomcat7 <removed> (unimportant) + NOTE: https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533 (9.0.40) + NOTE: https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9 (8.5.60) + NOTE: https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177 (7.0.107) + NOTE: Issue when erving resources from a network location using the NTFS file system. +CVE-2021-21261 (Flatpak is a system for building, distributing, and running sandboxed ...) + {DSA-4830-1} + - flatpak 1.8.5-1 + [stretch] - flatpak <not-affected> (app portal introduced in 0.11.4) + NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2 + NOTE: Fixed by: + NOTE: https://github.com/flatpak/flatpak/commit/6d1773d2a54dde9b099043f07a2094a4f1c2f486 + NOTE: https://github.com/flatpak/flatpak/commit/6e5ae7a109cdfa9735ea7ccbd8cb79f9e8d3ae8b + NOTE: https://github.com/flatpak/flatpak/commit/aeb6a7ab0abaac4a8f4ad98b3df476d9de6b8bd4 + NOTE: https://github.com/flatpak/flatpak/commit/cc1401043c075268ecc652eac557ef8076b5eaba + NOTE: Automated tests: + NOTE: https://github.com/flatpak/flatpak/commit/821249844bbb7e52cbf4508b4de18c05e8592220 + NOTE: https://github.com/flatpak/flatpak/commit/39a5621e6941b9d27bf89b63e8fb6cad6e279e53 + NOTE: https://github.com/flatpak/flatpak/commit/d19f6c330aa42e17df6dc36d12b6f4dfa507dbb3 + NOTE: https://www.openwall.com/lists/oss-security/2021/01/21/4 +CVE-2021-3146 (The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allow ...) + NOT-FOR-US: Dolby Audio X2 (DAX2) API service +CVE-2021-3145 (In Ionic Identity Vault before 5, a local root attacker on an Android ...) + NOT-FOR-US: Ionic Identity Vault +CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once after e ...) + {DLA-2815-1} + - salt 3002.5+dfsg1-1 (bug #983632) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 + NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ + NOTE: Introduced by: https://github.com/saltstack/salt/commit/b8e34e1f6f785bf00634ee561c89c30c45f4c689 (v2018.2) + NOTE: Fixed by: https://github.com/saltstack/salt/commit/7c1d565465f78a7937f089857f3980045f27fd6e (v3002.3) +CVE-2021-3143 + RESERVED +CVE-2021-3142 + REJECTED +CVE-2021-3141 (In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is st ...) + NOT-FOR-US: Unisys +CVE-2021-24121 + RESERVED +CVE-2021-24120 + RESERVED +CVE-2021-24119 (In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in b ...) + {DLA-2826-1} + - mbedtls 2.16.11-0.1 + [bullseye] - mbedtls <no-dsa> (Minor issue) + [buster] - mbedtls <no-dsa> (Minor issue) + NOTE: Fixed in 2.26.0: https://github.com/ARMmbed/mbedtls/releases/tag/v2.26.0 +CVE-2021-24118 + RESERVED +CVE-2021-24117 (In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in ...) + NOT-FOR-US: Rust SGX +CVE-2021-24116 (In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM f ...) + - wolfssl 5.0.0-1 (bug #991663) + [bullseye] - wolfssl <no-dsa> (Minor issue) + NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable +CVE-2021-24115 (In Botan before 2.17.3, constant-time computations are not used for ce ...) + - botan 2.17.3+dfsg-1 + [buster] - botan <no-dsa> (Minor issue) + - botan1.10 <removed> + [stretch] - botan1.10 <not-affected> (Vulnerable code not present) + NOTE: https://github.com/randombit/botan/pull/2549 +CVE-2021-24114 (Microsoft Teams iOS Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24113 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24112 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...) + NOT-FOR-US: Microsoft +CVE-2021-24111 (.NET Framework Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24110 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-24109 (Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-24108 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2021-24107 (Windows Event Tracing Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24106 (Windows DirectX Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24105 (Package Managers Configurations Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24104 (Microsoft SharePoint Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24103 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-24102 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-24101 (Microsoft Dataverse Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24100 (Microsoft Edge for Android Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24099 (Skype for Business and Lync Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24098 (Windows Console Driver Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24097 + RESERVED +CVE-2021-24096 (Windows Kernel Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24095 (DirectX Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24094 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-24093 (Windows Graphics Component Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24092 (Microsoft Defender Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24091 (Windows Camera Codec Pack Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24090 (Windows Error Reporting Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24089 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-24088 (Windows Local Spooler Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24087 (Azure IoT CLI extension Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24086 (Windows TCP/IP Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24085 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-24084 (Windows Mobile Device Management Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24083 (Windows Address Book Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24082 (Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulne ...) + NOT-FOR-US: Microsoft +CVE-2021-24081 (Microsoft Windows Codecs Library Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24080 (Windows Trust Verification API Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24079 (Windows Backup Engine Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24078 (Windows DNS Server Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24077 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-24076 (Microsoft Windows VMSwitch Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24075 (Windows Network File System Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24074 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-24073 (Skype for Business and Lync Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24072 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24071 (Microsoft SharePoint Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24070 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-24069 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-24068 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-24067 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-24066 (Microsoft SharePoint Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-24065 + RESERVED +CVE-2021-24064 + RESERVED +CVE-2021-24063 + RESERVED +CVE-2021-24062 + RESERVED +CVE-2021-24061 + RESERVED +CVE-2021-24060 + RESERVED +CVE-2021-24059 + RESERVED +CVE-2021-24058 + RESERVED +CVE-2021-24057 + RESERVED +CVE-2021-24056 + RESERVED +CVE-2021-24055 + RESERVED +CVE-2021-24054 + RESERVED +CVE-2021-24053 + RESERVED +CVE-2021-24052 + RESERVED +CVE-2021-24051 + RESERVED +CVE-2021-24050 + RESERVED +CVE-2021-24049 + RESERVED +CVE-2021-24048 + RESERVED +CVE-2021-24047 + RESERVED +CVE-2021-24046 (A logic flaw in Ray-Ban® Stories device software allowed some par ...) + NOT-FOR-US: Facebook View +CVE-2021-24045 (A type confusion vulnerability could be triggered when resolving the " ...) + NOT-FOR-US: Facebook Hermes +CVE-2021-24044 (By passing invalid javascript code where await and yield were called u ...) + NOT-FOR-US: Facebook Hermes +CVE-2021-24043 (A missing bound check in RTCP flag parsing code prior to WhatsApp for ...) + NOT-FOR-US: Whatsapp +CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ...) + NOT-FOR-US: Whatsapp +CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...) + NOT-FOR-US: Whatsapp +CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the ...) + NOT-FOR-US: Facebook ParlAI +CVE-2021-24039 + RESERVED +CVE-2021-24038 (Due to a bug with management of handles in OVRServiceLauncher.exe, an ...) + NOT-FOR-US: Oculus Desktop +CVE-2021-24037 (A use after free in hermes, while emitting certain error messages, pri ...) + NOT-FOR-US: Facebook Hermes +CVE-2021-24036 (Passing an attacker controlled size when creating an IOBuf could cause ...) + - hhvm <removed> +CVE-2021-24035 (A lack of filename validation when unzipping archives prior to WhatsAp ...) + NOT-FOR-US: WhatsApp +CVE-2021-24034 + RESERVED +CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort ...) + NOT-FOR-US: react-dev-utils +CVE-2021-24030 (The fbgames protocol handler registered as part of Facebook Gameroom d ...) + NOT-FOR-US: Facebook Gameroom +CVE-2021-24029 (A packet of death scenario is possible in mvfst via a specially crafte ...) + NOT-FOR-US: mvfst +CVE-2021-24028 (An invalid free in Thrift's table-based serialization can cause the ap ...) + NOT-FOR-US: Facebook Thrift (Debian packages Apache Thrift) +CVE-2021-24027 (A cache configuration issue prior to WhatsApp for Android v2.21.4.18 a ...) + NOT-FOR-US: WhatsApp +CVE-2021-24026 (A missing bounds check within the audio decoding pipeline for WhatsApp ...) + NOT-FOR-US: WhatsApp +CVE-2021-24025 (Due to incorrect string size calculations inside the preg_quote functi ...) + - hhvm <removed> +CVE-2021-24024 (A clear text storage of sensitive information into log file vulnerabil ...) + NOT-FOR-US: FortiADCManager +CVE-2021-24023 (An improper input validation in FortiAI v1.4.0 and earlier may allow a ...) + NOT-FOR-US: FortiAI (FortiGuard) +CVE-2021-24022 (A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, ...) + NOT-FOR-US: Fortiguard +CVE-2021-24021 (An improper neutralization of input vulnerability [CWE-79] in FortiAna ...) + NOT-FOR-US: Fortiguard +CVE-2021-24020 (A missing cryptographic step in the implementation of the hash digest ...) + NOT-FOR-US: Fortiguard +CVE-2021-24019 (An insufficient session expiration vulnerability [CWE- 613] in FortiCl ...) + NOT-FOR-US: Fortiguard +CVE-2021-24018 (A buffer underwrite vulnerability in the firmware verification routine ...) + NOT-FOR-US: FortiOS +CVE-2021-24017 (An improper authentication in Fortinet FortiManager version 6.4.3 and ...) + NOT-FOR-US: Fortiguard +CVE-2021-24016 (An improper neutralization of formula elements in a csv file in Fortin ...) + NOT-FOR-US: Fortiguard +CVE-2021-24015 (An improper neutralization of special elements used in an OS Command v ...) + NOT-FOR-US: Fortinet +CVE-2021-24014 (Multiple instances of improper neutralization of input during web page ...) + NOT-FOR-US: FortiSandbox +CVE-2021-24013 (Multiple Path traversal vulnerabilities in the Webmail of FortiMail be ...) + NOT-FOR-US: Fortinet +CVE-2021-24012 (An improper following of a certificate's chain of trust vulnerability ...) + NOT-FOR-US: FortiGate +CVE-2021-24011 (A privilege escalation vulnerability in FortiNAC version below 8.8.2 m ...) + NOT-FOR-US: Fortiguard +CVE-2021-24010 (Improper limitation of a pathname to a restricted directory vulnerabil ...) + NOT-FOR-US: FortiSandbox +CVE-2021-24009 + RESERVED +CVE-2021-24008 + RESERVED +CVE-2021-24007 (Multiple improper neutralization of special elements of SQL commands v ...) + NOT-FOR-US: Fortiguard +CVE-2021-24006 (An improper access control vulnerability in FortiManager versions 6.4. ...) + NOT-FOR-US: FortiGuard +CVE-2021-24005 (Usage of hard-coded cryptographic keys to encrypt configuration files ...) + NOT-FOR-US: FortiGuard +CVE-2021-24004 + RESERVED +CVE-2021-24003 + RESERVED +CVE-2021-3140 + RESERVED +CVE-2021-3139 (In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy ...) + - tcmu 1.5.2-6 (bug #980007) + NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12 + NOTE: https://www.openwall.com/lists/oss-security/2021/01/13/5 + NOTE: https://github.com/open-iscsi/tcmu-runner/issues/645 + NOTE: https://github.com/open-iscsi/tcmu-runner/pull/644 + NOTE: Fixed by: https://github.com/open-iscsi/tcmu-runner/commit/2b16e96e6b63d0419d857f53e4cc67f0adb383fd + NOTE: Some followup fixes: https://github.com/open-iscsi/tcmu-runner/pull/646 + NOTE: https://github.com/open-iscsi/tcmu-runner/commit/b202dc06ef391c6ab9a7561856238a258de04663 + NOTE: https://github.com/open-iscsi/tcmu-runner/commit/170bfa63288a399b38c35eb646b2835d4ba7c08a + NOTE: https://github.com/open-iscsi/tcmu-runner/commit/01685b2ab8c430c0fb9ce397e7e76b60fe6cbde5 +CVE-2021-24002 (When a user clicked on an FTP URL containing encoded newline character ...) + {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} + - firefox 88.0-1 + - firefox-esr 78.10.0esr-1 + - thunderbird 1:78.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-24002 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-24002 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24002 +CVE-2021-24001 (A compromised content process could have performed session history man ...) + - firefox 88.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24001 +CVE-2021-24000 (A race condition with requestPointerLock() and setTimeout() could have ...) + - firefox 88.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24000 +CVE-2021-23999 (If a Blob URL was loaded through some unusual user interaction, it cou ...) + {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} + - firefox 88.0-1 + - firefox-esr 78.10.0esr-1 + - thunderbird 1:78.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23999 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23999 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999 +CVE-2021-23998 (Through complicated navigations with new windows, an HTTP page could h ...) + {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} + - firefox 88.0-1 + - firefox-esr 78.10.0esr-1 + - thunderbird 1:78.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23998 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23998 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23998 +CVE-2021-23997 (Due to unexpected data type conversions, a use-after-free could have o ...) + - firefox 88.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23997 +CVE-2021-23996 (By utilizing 3D CSS in conjunction with Javascript, content could have ...) + - firefox 88.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23996 +CVE-2021-23995 (When Responsive Design Mode was enabled, it used references to objects ...) + {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} + - firefox 88.0-1 + - firefox-esr 78.10.0esr-1 + - thunderbird 1:78.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23995 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23995 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23995 +CVE-2021-23994 (A WebGL framebuffer was not initialized early enough, resulting in mem ...) + {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} + - firefox 88.0-1 + - firefox-esr 78.10.0esr-1 + - thunderbird 1:78.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23994 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23994 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23994 +CVE-2021-23993 (An attacker may perform a DoS attack to prevent a user from sending en ...) + {DSA-4897-1 DLA-2632-1} + - thunderbird 1:78.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23993 +CVE-2021-23992 (Thunderbird did not check if the user ID associated with an OpenPGP ke ...) + {DSA-4897-1 DLA-2632-1} + - thunderbird 1:78.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23992 +CVE-2021-23991 (If a Thunderbird user has previously imported Alice's OpenPGP key, and ...) + {DSA-4897-1 DLA-2632-1} + - thunderbird 1:78.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23991 +CVE-2021-23990 + RESERVED +CVE-2021-23989 + RESERVED +CVE-2021-23988 (Mozilla developers reported memory safety bugs present in Firefox 86. ...) + - firefox 87.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23988 +CVE-2021-23987 (Mozilla developers and community members reported memory safety bugs p ...) + {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1} + - firefox 87.0-1 + - firefox-esr 78.9.0esr-1 + - thunderbird 1:78.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23987 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23987 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23987 +CVE-2021-23986 (A malicious extension with the 'search' permission could have installe ...) + - firefox 87.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23986 +CVE-2021-23985 (If an attacker is able to alter specific about:config values (for exam ...) + - firefox 87.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23985 +CVE-2021-23984 (A malicious extension could have opened a popup window lacking an addr ...) + {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1} + - firefox 87.0-1 + - firefox-esr 78.9.0esr-1 + - thunderbird 1:78.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23984 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23984 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23984 +CVE-2021-23983 (By causing a transition on a parent node by removing a CSS rule, an in ...) + - firefox 87.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23983 +CVE-2021-23982 (Using techniques that built on the slipstream research, a malicious we ...) + {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1} + - firefox 87.0-1 + - firefox-esr 78.9.0esr-1 + - thunderbird 1:78.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23982 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23982 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23982 +CVE-2021-23981 (A texture upload of a Pixel Buffer Object could have confused the WebG ...) + {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1} + - firefox 87.0-1 + - firefox-esr 78.9.0esr-1 + - thunderbird 1:78.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23981 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23981 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23981 +CVE-2021-23980 [mutation XSS via allowed math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False] + RESERVED + {DSA-4892-1 DLA-2620-1} + - python-bleach 3.2.1-2.1 (bug #986251) + NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1689399 + NOTE: https://github.com/mozilla/bleach/commit/1334134d34397966a7f7cfebd38639e9ba2c680e + NOTE: https://github.com/mozilla/bleach/commit/d398c89e54ced6b1039d3677689707456ba42dec +CVE-2021-23979 (Mozilla developers reported memory safety bugs present in Firefox 85. ...) + - firefox 86.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979 +CVE-2021-23978 (Mozilla developers reported memory safety bugs present in Firefox 85 a ...) + {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1} + - firefox 86.0-1 + - firefox-esr 78.8.0esr-1 + - thunderbird 1:78.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23978 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23978 +CVE-2021-23977 (Firefox for Android suffered from a time-of-check-time-of-use vulnerab ...) + - firefox <not-affected> (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23977 +CVE-2021-23976 (When accepting a malicious intent from other installed apps, Firefox f ...) + - firefox <not-affected> (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23976 +CVE-2021-23975 (The developer page about:memory has a Measure function for exploring w ...) + - firefox 86.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23975 +CVE-2021-23974 (The DOMParser API did not properly process '<noscript>' elements ...) + - firefox 86.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974 +CVE-2021-23973 (When trying to load a cross-origin resource in an audio/video context ...) + {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1} + - firefox 86.0-1 + - firefox-esr 78.8.0esr-1 + - thunderbird 1:78.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23973 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23973 +CVE-2021-23972 (One phishing tactic on the web is to provide a link with HTTP Auth. Fo ...) + - firefox 86.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23972 +CVE-2021-23971 (When processing a redirect with a conflicting Referrer-Policy, Firefox ...) + - firefox 86.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23971 +CVE-2021-23970 (Context-specific code was included in a shared jump table; resulting i ...) + - firefox 86.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23970 +CVE-2021-23969 (As specified in the W3C Content Security Policy draft, when creating a ...) + {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1} + - firefox 86.0-1 + - firefox-esr 78.8.0esr-1 + - thunderbird 1:78.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23969 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23969 +CVE-2021-23968 (If Content Security Policy blocked frame navigation, the full destinat ...) + {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1} + - firefox 86.0-1 + - firefox-esr 78.8.0esr-1 + - thunderbird 1:78.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23968 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23968 +CVE-2021-23967 + RESERVED +CVE-2021-23966 + RESERVED +CVE-2021-23965 (Mozilla developers reported memory safety bugs present in Firefox 84. ...) + - firefox 85.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965 +CVE-2021-23964 (Mozilla developers reported memory safety bugs present in Firefox 84 a ...) + {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1} + - firefox-esr 78.7.0esr-1 + - firefox 85.0-1 + - thunderbird 1:78.7.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23964 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23964 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23964 +CVE-2021-23963 (When sharing geolocation during an active WebRTC share, Firefox could ...) + - firefox 85.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23963 +CVE-2021-23962 (Incorrect use of the '<RowCountChanged>' method could have led t ...) + - firefox 85.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23962 +CVE-2021-23961 (Further techniques that built on the slipstream research combined with ...) + {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1} + - firefox 85.0-1 + - firefox-esr 78.10.0esr-1 + - thunderbird 1:78.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23961 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23961 +CVE-2021-23960 (Performing garbage collection on re-declared JavaScript variables resu ...) + {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1} + - firefox-esr 78.7.0esr-1 + - firefox 85.0-1 + - thunderbird 1:78.7.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23960 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23960 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23960 +CVE-2021-23959 (An XSS bug in internal error pages could have led to various spoofing ...) + - firefox <not-affected> (Only affects Firefox for Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23959 +CVE-2021-23958 (The browser could have been confused into transferring a screen sharin ...) + - firefox 85.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23958 +CVE-2021-23957 (Navigations through the Android-specific `intent` URL scheme could hav ...) + - firefox <not-affected> (Only affects Firefox for Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23957 +CVE-2021-23956 (An ambiguous file picker design could have confused users who intended ...) + - firefox 85.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23956 +CVE-2021-23955 (The browser could have been confused into transferring a pointer lock ...) + - firefox 85.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23955 +CVE-2021-23954 (Using the new logical assignment operators in a JavaScript switch stat ...) + {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1} + - firefox-esr 78.7.0esr-1 + - firefox 85.0-1 + - thunderbird 1:78.7.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23954 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23954 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23954 +CVE-2021-23953 (If a user clicked into a specifically crafted PDF, the PDF reader coul ...) + {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1} + - firefox-esr 78.7.0esr-1 + - firefox 85.0-1 + - thunderbird 1:78.7.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23953 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23953 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23953 +CVE-2021-23952 + RESERVED +CVE-2021-23951 + RESERVED +CVE-2021-23950 + RESERVED +CVE-2021-23949 + RESERVED +CVE-2021-23948 + RESERVED +CVE-2021-23947 + RESERVED +CVE-2021-23946 + RESERVED +CVE-2021-23945 + RESERVED +CVE-2021-23944 + RESERVED +CVE-2021-23943 + RESERVED +CVE-2021-23942 + RESERVED +CVE-2021-23941 + RESERVED +CVE-2021-23940 + RESERVED +CVE-2021-23939 + RESERVED +CVE-2021-23938 + RESERVED +CVE-2021-23937 (A DNS proxy and possible amplification attack vulnerability in WebClie ...) + NOT-FOR-US: Apache Wicket +CVE-2021-3138 (In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypas ...) + NOT-FOR-US: Discourse +CVE-2021-3137 (XWiki 12.10.2 allows XSS via an SVG document to the upload feature of ...) + NOT-FOR-US: XWiki +CVE-2021-3136 + RESERVED +CVE-2021-3135 (An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for Wor ...) + NOT-FOR-US: tagDiv Newspaper theme for WordPress +CVE-2021-23936 (OX App Suite through 7.10.4 allows XSS via the subject of a task. ...) + NOT-FOR-US: OX App Suite +CVE-2021-23935 (OX App Suite through 7.10.4 allows XSS via an appointment in which the ...) + NOT-FOR-US: OX App Suite +CVE-2021-23934 (OX App Suite through 7.10.4 allows XSS via a contact whose name contai ...) + NOT-FOR-US: OX App Suite +CVE-2021-23933 (OX App Suite through 7.10.4 allows XSS via JavaScript in a Note refere ...) + NOT-FOR-US: OX App Suite +CVE-2021-23932 (OX App Suite through 7.10.4 allows XSS via an inline image with a craf ...) + NOT-FOR-US: OX App Suite +CVE-2021-23931 (OX App Suite through 7.10.4 allows XSS via an inline binary file. ...) + NOT-FOR-US: OX App Suite +CVE-2021-23930 (OX App Suite through 7.10.4 allows XSS via use of the conversion API f ...) + NOT-FOR-US: OX App Suite +CVE-2021-23929 (OX App Suite through 7.10.4 allows XSS via a crafted Content-Dispositi ...) + NOT-FOR-US: OX App Suite +CVE-2021-23928 (OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests que ...) + NOT-FOR-US: OX App Suite +CVE-2021-23927 (OX App Suite through 7.10.4 allows SSRF via a URL with an @ character ...) + NOT-FOR-US: OX App Suite +CVE-2021-23926 (The XML parsers used by XMLBeans up to version 2.6.0 did not set the p ...) + {DLA-2693-1} + - xmlbeans 3.0.2-1 + NOTE: https://issues.apache.org/jira/browse/XMLBEANS-517 +CVE-2021-23925 (An issue was discovered in Devolutions Server before 2020.3. There is ...) + NOT-FOR-US: Devolutions Server +CVE-2021-23924 (An issue was discovered in Devolutions Server before 2020.3. There is ...) + NOT-FOR-US: Devolutions Server +CVE-2021-23923 (An issue was discovered in Devolutions Server before 2020.3. There is ...) + NOT-FOR-US: Devolutions Server +CVE-2021-23922 (An issue was discovered in Devolutions Remote Desktop Manager before 2 ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2021-23921 (An issue was discovered in Devolutions Server before 2020.3. There is ...) + NOT-FOR-US: Devolutions Server +CVE-2021-3134 (Mubu 2.2.1 allows local users to gain privileges to execute commands, ...) + NOT-FOR-US: Mubu +CVE-2021-3133 (The Elementor Contact Form DB plugin before 1.6 for WordPress allows C ...) + NOT-FOR-US: Elementor Contact Form DB plugin for WordPress +CVE-2021-3132 + RESERVED +CVE-2021-3131 (The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 enco ...) + NOT-FOR-US: 1C:Enterprise +CVE-2021-3130 (Within the Open-AudIT up to version 3.5.3 application, the web interfa ...) + NOT-FOR-US: Open-AudIT +CVE-2021-3129 (Ignition before 2.5.2, as used in Laravel and other products, allows u ...) + NOT-FOR-US: Ignition +CVE-2021-3128 (In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers ...) + NOT-FOR-US: ASUS +CVE-2021-23920 + RESERVED +CVE-2021-23919 + RESERVED +CVE-2021-23918 + RESERVED +CVE-2021-23917 + RESERVED +CVE-2021-23916 + RESERVED +CVE-2021-23915 + RESERVED +CVE-2021-23914 + RESERVED +CVE-2021-23913 + RESERVED +CVE-2021-23912 + RESERVED +CVE-2021-23911 + RESERVED +CVE-2021-23910 (An issue was discovered in HERMES 2.1 in the MBUX Infotainment System ...) + NOT-FOR-US: Mercedes-Benz HERMES +CVE-2021-23909 (An issue was discovered in HERMES 2.1 in the MBUX Infotainment System ...) + NOT-FOR-US: Mercedes-Benz HERMES +CVE-2021-23908 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...) + NOT-FOR-US: MBUX Infotainment System on Mercedes-Benz vehicles +CVE-2021-23907 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...) + NOT-FOR-US: MBUX Infotainment System on Mercedes-Benz vehicles +CVE-2021-23906 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...) + NOT-FOR-US: MBUX Infotainment System on Mercedes-Benz vehicles +CVE-2021-23905 + RESERVED +CVE-2021-23904 + RESERVED +CVE-2021-23903 + RESERVED +CVE-2021-23902 + RESERVED +CVE-2021-23901 (An XML external entity (XXE) injection vulnerability was discovered in ...) + NOT-FOR-US: Apache Nutch +CVE-2021-23900 (OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an ...) + NOT-FOR-US: OWASP json-sanitizer +CVE-2021-23899 (OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDA ...) + NOT-FOR-US: OWASP json-sanitizer +CVE-2021-23898 + RESERVED +CVE-2021-23897 + REJECTED +CVE-2021-25900 (An issue was discovered in the smallvec crate before 0.6.14 and 1.x be ...) + - rust-smallvec 1.4.2-2 (bug #984665) + [buster] - rust-smallvec <no-dsa> (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0003.html + NOTE: https://github.com/servo/rust-smallvec/issues/252 +CVE-2021-3127 (NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorre ...) + NOT-FOR-US: nats-server +CVE-2021-3126 + RESERVED +CVE-2021-23896 (Cleartext Transmission of Sensitive Information vulnerability in the a ...) + NOT-FOR-US: McAfee +CVE-2021-23895 (Deserialization of untrusted data vulnerability in McAfee Database Sec ...) + NOT-FOR-US: McAfee +CVE-2021-23894 (Deserialization of untrusted data vulnerability in McAfee Database Sec ...) + NOT-FOR-US: McAfee +CVE-2021-23893 (Privilege Escalation vulnerability in a Windows system driver of McAfe ...) + NOT-FOR-US: McAfee +CVE-2021-23892 (By exploiting a time of check to time of use (TOCTOU) race condition d ...) + NOT-FOR-US: McAfee +CVE-2021-23891 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...) + NOT-FOR-US: McAfee +CVE-2021-23890 (Information leak vulnerability in the Agent Handler of McAfee ePolicy ...) + NOT-FOR-US: McAfee +CVE-2021-23889 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...) + NOT-FOR-US: McAfee +CVE-2021-23888 (Unvalidated client-side URL redirect vulnerability in McAfee ePolicy O ...) + NOT-FOR-US: McAfee +CVE-2021-23887 (Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP ...) + NOT-FOR-US: McAfee +CVE-2021-23886 (Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) E ...) + NOT-FOR-US: McAfee +CVE-2021-23885 (Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior t ...) + NOT-FOR-US: McAfee +CVE-2021-23884 (Cleartext Transmission of Sensitive Information vulnerability in the e ...) + NOT-FOR-US: McAfee +CVE-2021-23883 (A Null Pointer Dereference vulnerability in McAfee Endpoint Security ( ...) + NOT-FOR-US: McAfee +CVE-2021-23882 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...) + NOT-FOR-US: McAfee +CVE-2021-23881 (A stored cross site scripting vulnerability in ePO extension of McAfee ...) + NOT-FOR-US: McAfee +CVE-2021-23880 (Improper Access Control in attribute in McAfee Endpoint Security (ENS) ...) + NOT-FOR-US: McAfee +CVE-2021-23879 (Unquoted service path vulnerability in McAfee Endpoint Product Removal ...) + NOT-FOR-US: McAfee +CVE-2021-23878 (Clear text storage of sensitive Information in memory vulnerability in ...) + NOT-FOR-US: McAfee +CVE-2021-23877 (Privilege escalation vulnerability in the Windows trial installer of M ...) + NOT-FOR-US: McAfee +CVE-2021-23876 (Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to ...) + NOT-FOR-US: McAfee +CVE-2021-23875 + RESERVED +CVE-2021-23874 (Arbitrary Process Execution vulnerability in McAfee Total Protection ( ...) + NOT-FOR-US: McAfee +CVE-2021-23873 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...) + NOT-FOR-US: McAfee +CVE-2021-23872 (Privilege Escalation vulnerability in the File Lock component of McAfe ...) + NOT-FOR-US: McAfee +CVE-2021-23871 + RESERVED +CVE-2021-23870 + RESERVED +CVE-2021-23869 + RESERVED +CVE-2021-23868 + RESERVED +CVE-2021-23867 + RESERVED +CVE-2021-23866 + RESERVED +CVE-2021-23865 + RESERVED +CVE-2021-23864 + RESERVED +CVE-2021-23863 (HTML code injection vulnerability in Android Application, Bosch Video ...) + NOT-FOR-US: Bosch +CVE-2021-23862 (A crafted configuration packet sent by an authenticated administrative ...) + NOT-FOR-US: Bosch +CVE-2021-23861 (By executing a special command, an user with administrative rights can ...) + NOT-FOR-US: Bosch +CVE-2021-23860 (An error in a page handler of the VRM may lead to a reflected cross si ...) + NOT-FOR-US: Bosch +CVE-2021-23859 (An unauthenticated attacker is able to send a special HTTP request, th ...) + NOT-FOR-US: Bosch +CVE-2021-23858 (Information disclosure: The main configuration, including users and th ...) + NOT-FOR-US: Bosch +CVE-2021-23857 (Login with hash: The login routine allows the client to log in to the ...) + NOT-FOR-US: Bosch +CVE-2021-23856 (The web server is vulnerable to reflected XSS and therefore an attacke ...) + NOT-FOR-US: Bosch +CVE-2021-23855 (The user and password data base is exposed by an unprotected web serve ...) + NOT-FOR-US: Bosch +CVE-2021-23854 (An error in the handling of a page parameter in Bosch IP cameras may l ...) + NOT-FOR-US: Bosch +CVE-2021-23853 (In Bosch IP cameras, improper validation of the HTTP header allows an ...) + NOT-FOR-US: Bosch +CVE-2021-23852 (An authenticated attacker with administrator rights Bosch IP cameras c ...) + NOT-FOR-US: Bosch +CVE-2021-23851 + RESERVED +CVE-2021-23850 + RESERVED +CVE-2021-23849 (A vulnerability in the web-based interface allows an unauthenticated r ...) + NOT-FOR-US: Bosch IP cameras +CVE-2021-23848 (An error in the URL handler Bosch IP cameras may lead to a reflected c ...) + NOT-FOR-US: Bosch +CVE-2021-23847 (A Missing Authentication in Critical Function in Bosch IP cameras allo ...) + NOT-FOR-US: Bosch +CVE-2021-23846 (When using http protocol, the user password is transmitted as a clear ...) + NOT-FOR-US: Bosch +CVE-2021-23845 (This vulnerability could allow an attacker to hijack a session while a ...) + NOT-FOR-US: Bosch +CVE-2021-23844 + RESERVED +CVE-2021-23843 (The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are us ...) + NOT-FOR-US: Bosch +CVE-2021-23842 (Communication to the AMC2 uses a state-of-the-art cryptographic algori ...) + NOT-FOR-US: Bosch +CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...) + {DSA-4855-1 DLA-2565-1 DLA-2563-1} + - openssl 1.1.1j-1 + - openssl1.0 <removed> + NOTE: https://www.openssl.org/news/secadv/20210216.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf (OpenSSL_1_1_1j) +CVE-2021-23840 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...) + {DSA-4855-1 DLA-2565-1 DLA-2563-1} + - openssl 1.1.1j-1 + - openssl1.0 <removed> + NOTE: https://www.openssl.org/news/secadv/20210216.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 (OpenSSL_1_1_1j) +CVE-2021-23839 (OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 ...) + - openssl 1.0.0d-1 + - openssl1.0 <not-affected> (SSL2 disabled before openssl1.0 was uploaded) + NOTE: https://www.openssl.org/news/secadv/20210216.txt + NOTE: SSL2 disabled since 1.0.0d-1 (1.0.0c-2 in experimental) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=901f1ef7dacb6b3bde63233a1f623e1fa2f0f058 (OpenSSL_1_1_1j) +CVE-2021-23838 (An issue was discovered in flatCore before 2.0.0 build 139. A reflecte ...) + NOT-FOR-US: flatCore CMS +CVE-2021-23837 (An issue was discovered in flatCore before 2.0.0 build 139. A time-bas ...) + NOT-FOR-US: flatCore CMS +CVE-2021-23836 (An issue was discovered in flatCore before 2.0.0 build 139. A stored X ...) + NOT-FOR-US: flatCore CMS +CVE-2021-23835 (An issue was discovered in flatCore before 2.0.0 build 139. A local fi ...) + NOT-FOR-US: flatCore CMS +CVE-2021-3125 (In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 & ...) + NOT-FOR-US: TP-Link +CVE-2021-3124 (Stored cross-site scripting (XSS) in form field in robust.systems prod ...) + NOT-FOR-US: WordPress Plugin Custom Global Variables +CVE-2021-3123 + RESERVED +CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers per ...) + NOT-FOR-US: CMCAgent in NCR Command Center Agent +CVE-2021-3121 (An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarsha ...) + - golang-gogoprotobuf 1.3.2-1 + [buster] - golang-gogoprotobuf <no-dsa> (Minor issue) + [stretch] - golang-gogoprotobuf <no-dsa> (Minor issue) + NOTE: https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc +CVE-2021-3120 (An arbitrary file upload vulnerability in the YITH WooCommerce Gift Ca ...) + NOT-FOR-US: YITH WooCommerce Gift Cards Premium plugin for WordPress +CVE-2021-3119 (Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing is ...) + - sqlcipher <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/sqlcipher/sqlcipher/commit/cb71f53e8cea4802509f182fa5bead0ac6ab0e7f#diff-9305215a9a0ea69300281fc4af90bc7f3437e34a0e1745d030213152993ddae4 +CVE-2021-3118 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...) + NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging) +CVE-2021-3117 + RESERVED +CVE-2021-3116 (before_upstream_connection in AuthPlugin in http/proxy/auth.py in prox ...) + NOT-FOR-US: proxy.py +CVE-2021-3115 (Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to ...) + - golang-1.15 1.15.7-1 + - golang-1.11 <removed> + [buster] - golang-1.11 <ignored> (Minor issue, only applies to inherently insecure setups) + - golang-1.8 <removed> + [stretch] - golang-1.8 <ignored> (Minor issue, requires unsecure PATH and compiling a malicious dependency) + - golang-1.7 <removed> + [stretch] - golang-1.7 <ignored> (Minor issue, requires unsecure PATH and compiling a malicious dependency) + NOTE: https://github.com/golang/go/issues/43783 + NOTE: https://github.com/golang/go/commit/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0 (master) + NOTE: https://github.com/golang/go/commit/e8e7facfaa47bf21007c0a1c679debba52ec3ea0 (1.15.7) + NOTE: Mainly an issue on Windows but as well for Unix users who have '.' listed + NOTE: explicitly in PATH and running 'go get' outside of a module or with module + NOTE: mode disabled. +CVE-2021-3114 (In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go ...) + {DSA-4848-1 DLA-2592-1 DLA-2591-1} + - golang-1.15 1.15.7-1 + - golang-1.11 <removed> + - golang-1.8 <removed> + - golang-1.7 <removed> + NOTE: https://github.com/golang/go/issues/43786 + NOTE: https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871 (master) + NOTE: https://github.com/golang/go/commit/5c8fd727c41e31273923c32b33d4f25855f4e123 (1.15.7) +CVE-2021-23834 + RESERVED +CVE-2021-23833 + RESERVED +CVE-2021-23832 + RESERVED +CVE-2021-23831 + RESERVED +CVE-2021-23830 + RESERVED +CVE-2021-23829 + RESERVED +CVE-2021-23828 + RESERVED +CVE-2021-23827 (Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5 ...) + NOT-FOR-US: Keybase Desktop Client +CVE-2021-23826 + RESERVED +CVE-2021-23825 + RESERVED +CVE-2021-23824 (This affects the package Crow before 0.3+4. When using attributes with ...) + NOT-FOR-US: CrowCpp +CVE-2021-23823 + RESERVED +CVE-2021-23822 + RESERVED +CVE-2021-23821 + RESERVED +CVE-2021-23820 (This affects all versions of package json-pointer. A type confusion vu ...) + NOT-FOR-US: Node json-pointer +CVE-2021-23819 + RESERVED +CVE-2021-23818 + RESERVED +CVE-2021-23817 + RESERVED +CVE-2021-23816 + RESERVED +CVE-2021-23815 + RESERVED +CVE-2021-23814 (This affects the package unisharp/laravel-filemanager from 0.0.0. The ...) + NOT-FOR-US: Laravel Filemanager +CVE-2021-23813 + RESERVED +CVE-2021-23812 + RESERVED +CVE-2021-23811 + RESERVED +CVE-2021-23810 + RESERVED +CVE-2021-23809 + RESERVED +CVE-2021-23808 + RESERVED +CVE-2021-23807 (This affects the package jsonpointer before 5.0.0. A type confusion vu ...) + NOT-FOR-US: Node json-pointer +CVE-2021-23806 + RESERVED +CVE-2021-23805 + RESERVED +CVE-2021-23804 + RESERVED +CVE-2021-23803 (This affects the package latte/latte before 2.10.6. There is a way to ...) + - php-nette <removed> + [stretch] - php-nette <not-affected> (Sandbox first appeared in Latte 2.8.0 so older versions are not affected.) + NOTE: https://github.com/nette/latte/commit/227c86eda9a8a6d060ea8501923e768b6d992210 + NOTE: https://github.com/nette/latte/issues/279 +CVE-2021-23802 + RESERVED +CVE-2021-23801 + RESERVED +CVE-2021-23800 + RESERVED +CVE-2021-23799 + RESERVED +CVE-2021-23798 + RESERVED +CVE-2021-23797 (All versions of package http-server-node are vulnerable to Directory T ...) + NOT-FOR-US: Node http-server +CVE-2021-23796 + RESERVED +CVE-2021-23795 + RESERVED +CVE-2021-23794 + RESERVED +CVE-2021-23793 + RESERVED +CVE-2021-23792 + RESERVED +CVE-2021-23791 + RESERVED +CVE-2021-23790 + RESERVED +CVE-2021-23789 + RESERVED +CVE-2021-23788 + RESERVED +CVE-2021-23787 + RESERVED +CVE-2021-23786 + RESERVED +CVE-2021-23785 + RESERVED +CVE-2021-23784 (This affects the package tempura before 0.4.0. If the input to the esc ...) + NOT-FOR-US: tempura +CVE-2021-23783 + RESERVED +CVE-2021-23782 + RESERVED +CVE-2021-23781 + RESERVED +CVE-2021-23780 + RESERVED +CVE-2021-23779 + RESERVED +CVE-2021-23778 + RESERVED +CVE-2021-23777 + RESERVED +CVE-2021-23776 + RESERVED +CVE-2021-23775 + RESERVED +CVE-2021-23774 + RESERVED +CVE-2021-23773 + RESERVED +CVE-2021-23772 (This affects all versions of package github.com/kataras/iris; all vers ...) + NOT-FOR-US: iris Go web framework +CVE-2021-23771 + RESERVED +CVE-2021-23770 + RESERVED +CVE-2021-23769 + RESERVED +CVE-2021-23768 + RESERVED +CVE-2021-23767 + RESERVED +CVE-2021-23766 + RESERVED +CVE-2021-23765 + RESERVED +CVE-2021-23764 + RESERVED +CVE-2021-23763 + RESERVED +CVE-2021-23762 + RESERVED +CVE-2021-23761 + RESERVED +CVE-2021-23760 (The package keyget from 0.0.0 are vulnerable to Prototype Pollution vi ...) + NOT-FOR-US: Node keyget +CVE-2021-23759 + RESERVED +CVE-2021-23758 (All versions of package ajaxpro.2 are vulnerable to Deserialization of ...) + NOT-FOR-US: ajaxpro +CVE-2021-23757 + RESERVED +CVE-2021-23756 + RESERVED +CVE-2021-23755 + RESERVED +CVE-2021-23754 + RESERVED +CVE-2021-23753 + RESERVED +CVE-2021-23752 + RESERVED +CVE-2021-23751 + RESERVED +CVE-2021-23750 + RESERVED +CVE-2021-23749 + RESERVED +CVE-2021-23748 + RESERVED +CVE-2021-23747 + RESERVED +CVE-2021-23746 + RESERVED +CVE-2021-23745 + RESERVED +CVE-2021-23744 + RESERVED +CVE-2021-23743 + RESERVED +CVE-2021-23742 + RESERVED +CVE-2021-23741 + RESERVED +CVE-2021-23740 + RESERVED +CVE-2021-23739 + RESERVED +CVE-2021-23738 + RESERVED +CVE-2021-23737 + RESERVED +CVE-2021-23736 + RESERVED +CVE-2021-23735 + RESERVED +CVE-2021-23734 + RESERVED +CVE-2021-23733 + RESERVED +CVE-2021-23732 (This affects all versions of package docker-cli-js. If the command par ...) + NOT-FOR-US: Node docker-cli-js +CVE-2021-23731 + RESERVED +CVE-2021-23730 + RESERVED +CVE-2021-23729 + RESERVED +CVE-2021-23728 + RESERVED +CVE-2021-23727 (This affects the package celery before 5.2.2. It by default trusts the ...) + - celery 5.2.3-1 + [bullseye] - celery <no-dsa> (Minor issue) + [buster] - celery <not-affected> (Vulnerable code not present) + [stretch] - celery <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/celery/celery/commit/5c3f1559df16c32fb8d82918b4497f688d42ad0a (v5.2.3) + NOTE: Introduced by: https://github.com/celery/celery/commit/d20b8a5d469c80f48468e251cbe6451c798d1c29 (4.4.0rc1) +CVE-2021-23726 + RESERVED +CVE-2021-23725 + RESERVED +CVE-2021-23724 + RESERVED +CVE-2021-23723 + RESERVED +CVE-2021-23722 + RESERVED +CVE-2021-23721 + RESERVED +CVE-2021-23720 + RESERVED +CVE-2021-23719 + RESERVED +CVE-2021-23718 (The package ssrf-agent before 1.0.5 are vulnerable to Server-side Requ ...) + NOT-FOR-US: ssrf-agent +CVE-2021-23717 + RESERVED +CVE-2021-23716 + RESERVED +CVE-2021-23715 + RESERVED +CVE-2021-23714 + RESERVED +CVE-2021-23713 + RESERVED +CVE-2021-23712 + RESERVED +CVE-2021-23711 + RESERVED +CVE-2021-23710 + RESERVED +CVE-2021-23709 + RESERVED +CVE-2021-23708 + RESERVED +CVE-2021-23707 + RESERVED +CVE-2021-23706 + RESERVED +CVE-2021-23705 + RESERVED +CVE-2021-23704 + RESERVED +CVE-2021-23703 + RESERVED +CVE-2021-23702 (The package object-extend from 0.0.0 are vulnerable to Prototype Pollu ...) + TODO: check +CVE-2021-23701 + RESERVED +CVE-2021-23700 (All versions of package merge-deep2 are vulnerable to Prototype Pollut ...) + NOT-FOR-US: merge-deep2 (fork of unaffected merge-deep). +CVE-2021-23699 + RESERVED +CVE-2021-23698 + RESERVED +CVE-2021-23697 + RESERVED +CVE-2021-23696 + RESERVED +CVE-2021-23695 + RESERVED +CVE-2021-23694 + RESERVED +CVE-2021-23693 + RESERVED +CVE-2021-23692 + RESERVED +CVE-2021-23691 + RESERVED +CVE-2021-23690 + RESERVED +CVE-2021-23689 + RESERVED +CVE-2021-23688 + RESERVED +CVE-2021-23687 + RESERVED +CVE-2021-23686 + RESERVED +CVE-2021-23685 + RESERVED +CVE-2021-23684 + RESERVED +CVE-2021-23683 + RESERVED +CVE-2021-23682 (This affects the package litespeed.js before 0.3.12; the package appwr ...) + NOT-FOR-US: litespeed.js +CVE-2021-23681 + RESERVED +CVE-2021-23680 + RESERVED +CVE-2021-23679 + RESERVED +CVE-2021-23678 + RESERVED +CVE-2021-23677 + RESERVED +CVE-2021-23676 + RESERVED +CVE-2021-23675 + RESERVED +CVE-2021-23674 + RESERVED +CVE-2021-23673 (This affects all versions of package pekeupload. If an attacker induce ...) + NOT-FOR-US: Node pekeupload +CVE-2021-23672 + RESERVED +CVE-2021-23671 + RESERVED +CVE-2021-23670 + RESERVED +CVE-2021-23669 + RESERVED +CVE-2021-23668 + RESERVED +CVE-2021-23667 + RESERVED +CVE-2021-23666 + RESERVED +CVE-2021-23665 + RESERVED +CVE-2021-23664 (The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to ...) + NOT-FOR-US: cors-proxy +CVE-2021-23663 (All versions of package sey are vulnerable to Prototype Pollution via ...) + NOT-FOR-US: sey - Deprecated Simple JavaScript build tool +CVE-2021-23662 + RESERVED +CVE-2021-23661 + RESERVED +CVE-2021-23660 + RESERVED +CVE-2021-23659 + RESERVED +CVE-2021-23658 + RESERVED +CVE-2021-23657 + RESERVED +CVE-2021-23656 + RESERVED +CVE-2021-23655 + RESERVED +CVE-2021-23654 (This affects all versions of package html-to-csv. When there is a form ...) + NOT-FOR-US: html-to-csv +CVE-2021-23653 + RESERVED +CVE-2021-23652 + RESERVED +CVE-2021-23651 + RESERVED +CVE-2021-23650 + RESERVED +CVE-2021-23649 + RESERVED +CVE-2021-23648 + RESERVED +CVE-2021-23647 + RESERVED +CVE-2021-23646 + RESERVED +CVE-2021-23645 + RESERVED +CVE-2021-23644 + RESERVED +CVE-2021-23643 + RESERVED +CVE-2021-23642 + RESERVED +CVE-2021-23641 + RESERVED +CVE-2021-23640 + RESERVED +CVE-2021-23639 (The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execu ...) + NOT-FOR-US: Node md-to-pdf +CVE-2021-23638 + RESERVED +CVE-2021-23637 + RESERVED +CVE-2021-23636 + RESERVED +CVE-2021-23635 + RESERVED +CVE-2021-23634 + RESERVED +CVE-2021-23633 + RESERVED +CVE-2021-23632 + RESERVED +CVE-2021-23631 (This affects all versions of package convert-svg-core; all versions of ...) + NOT-FOR-US: Node convert-svg +CVE-2021-23630 + RESERVED +CVE-2021-23629 + RESERVED +CVE-2021-23628 + RESERVED +CVE-2021-23627 + RESERVED +CVE-2021-23626 + RESERVED +CVE-2021-23625 + RESERVED +CVE-2021-23624 (This affects the package dotty before 0.1.2. A type confusion vulnerab ...) + NOT-FOR-US: Node dotty +CVE-2021-23623 + RESERVED +CVE-2021-23622 + RESERVED +CVE-2021-23621 + RESERVED +CVE-2021-23620 + RESERVED +CVE-2021-23619 + RESERVED +CVE-2021-23618 + RESERVED +CVE-2021-23617 + RESERVED +CVE-2021-23616 + RESERVED +CVE-2021-23615 + RESERVED +CVE-2021-23614 + RESERVED +CVE-2021-23613 + RESERVED +CVE-2021-23612 + RESERVED +CVE-2021-23611 + RESERVED +CVE-2021-23610 + RESERVED +CVE-2021-23609 + RESERVED +CVE-2021-23608 + RESERVED +CVE-2021-23607 + RESERVED +CVE-2021-23606 + RESERVED +CVE-2021-23605 + RESERVED +CVE-2021-23604 + RESERVED +CVE-2021-23603 + RESERVED +CVE-2021-23602 + RESERVED +CVE-2021-23601 + RESERVED +CVE-2021-23600 + RESERVED +CVE-2021-23599 + RESERVED +CVE-2021-23598 + RESERVED +CVE-2021-23597 (This affects the package fastify-multipart before 5.3.1. By providing ...) + NOT-FOR-US: Node fastify +CVE-2021-23596 + RESERVED +CVE-2021-23595 + RESERVED +CVE-2021-23594 (All versions of package realms-shim are vulnerable to Sandbox Bypass v ...) + NOT-FOR-US: realms-shim +CVE-2021-23593 + RESERVED +CVE-2021-23592 + RESERVED +CVE-2021-23591 + RESERVED +CVE-2021-23590 + RESERVED +CVE-2021-23589 + RESERVED +CVE-2021-23588 + RESERVED +CVE-2021-23587 + RESERVED +CVE-2021-23586 + RESERVED +CVE-2021-23585 + RESERVED +CVE-2021-23584 + RESERVED +CVE-2021-23583 + RESERVED +CVE-2021-23582 + RESERVED +CVE-2021-23581 + RESERVED +CVE-2021-23580 + RESERVED +CVE-2021-23579 + RESERVED +CVE-2021-23578 + RESERVED +CVE-2021-23577 + RESERVED +CVE-2021-23576 + RESERVED +CVE-2021-23575 + RESERVED +CVE-2021-23574 (All versions of package js-data are vulnerable to Prototype Pollution ...) + NOT-FOR-US: Node js-data +CVE-2021-23573 + RESERVED +CVE-2021-23572 + RESERVED +CVE-2021-23571 + RESERVED +CVE-2021-23570 + RESERVED +CVE-2021-23569 + RESERVED +CVE-2021-23568 (The package extend2 before 1.0.1 are vulnerable to Prototype Pollution ...) + NOT-FOR-US: extend2 (fork of node-extend which is not affected) +CVE-2021-23567 (The package colors after 1.4.0 are vulnerable to Denial of Service (Do ...) + - colors.js <not-affected> (Vulnerable code never in a released Debian version) + NOTE: https://github.com/Marak/colors.js/issues/285 + NOTE: Introduced with: https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6 +CVE-2021-23566 (The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Info ...) + NOT-FOR-US: Node nanoid (NaN0-1D) +CVE-2021-23565 + RESERVED +CVE-2021-23564 + RESERVED +CVE-2021-23563 + RESERVED +CVE-2021-23562 (This affects the package plupload before 2.3.9. A file name containing ...) + NOT-FOR-US: Node plupload +CVE-2021-23561 (All versions of package comb are vulnerable to Prototype Pollution via ...) + NOT-FOR-US: Node comb +CVE-2021-23560 + RESERVED +CVE-2021-23559 + RESERVED +CVE-2021-23558 (The package bmoor before 0.10.1 are vulnerable to Prototype Pollution ...) + NOT-FOR-US: Node bmoor +CVE-2021-23557 + RESERVED +CVE-2021-23556 + RESERVED +CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via dire ...) + NOT-FOR-US: Node vm2 +CVE-2021-23554 + RESERVED +CVE-2021-23553 + RESERVED +CVE-2021-23552 + RESERVED +CVE-2021-23551 + RESERVED +CVE-2021-23550 + RESERVED +CVE-2021-23549 + RESERVED +CVE-2021-23548 + RESERVED +CVE-2021-23547 + RESERVED +CVE-2021-23546 + RESERVED +CVE-2021-23545 + RESERVED +CVE-2021-23544 + RESERVED +CVE-2021-23543 (All versions of package realms-shim are vulnerable to Sandbox Bypass v ...) + NOT-FOR-US: realms-shim +CVE-2021-23542 + RESERVED +CVE-2021-23541 + RESERVED +CVE-2021-23540 + RESERVED +CVE-2021-23539 + RESERVED +CVE-2021-23538 + RESERVED +CVE-2021-23537 + RESERVED +CVE-2021-23536 + RESERVED +CVE-2021-23535 + RESERVED +CVE-2021-23534 + RESERVED +CVE-2021-23533 + RESERVED +CVE-2021-23532 + RESERVED +CVE-2021-23531 + RESERVED +CVE-2021-23530 + RESERVED +CVE-2021-23529 + RESERVED +CVE-2021-23528 + RESERVED +CVE-2021-23527 + RESERVED +CVE-2021-23526 + RESERVED +CVE-2021-23525 + RESERVED +CVE-2021-23524 + RESERVED +CVE-2021-23523 + RESERVED +CVE-2021-23522 + RESERVED +CVE-2021-23521 (This affects the package juce-framework/JUCE before 6.1.5. This vulner ...) + - juce 6.1.5~ds0-1 + [bullseye] - juce <no-dsa> (Minor issue) + [buster] - juce <no-dsa> (Minor issue) + [stretch] - juce <no-dsa> (Minor issue) + NOTE: https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f + NOTE: https://security.snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388608 +CVE-2021-23520 (The package juce-framework/juce before 6.1.5 are vulnerable to Arbitra ...) + - juce 6.1.5~ds0-1 + [bullseye] - juce <no-dsa> (Minor issue) + [buster] - juce <no-dsa> (Minor issue) + [stretch] - juce <no-dsa> (Minor issue) + NOTE: https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f + NOTE: https://snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388607 + NOTE: https://snyk.io/research/zip-slip-vulnerability +CVE-2021-23519 + RESERVED +CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable to Protot ...) + - node-cached-path-relative 1.1.0+~1.0.0-1 (bug #1004338) + [bullseye] - node-cached-path-relative <no-dsa> (Minor issue) + [buster] - node-cached-path-relative <no-dsa> (Minor issue) + NOTE: https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760 + NOTE: results from incomplete fix for https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573 + NOTE: which was CVE-2018-16472. +CVE-2021-23517 + RESERVED +CVE-2021-23516 + RESERVED +CVE-2021-23515 + RESERVED +CVE-2021-23514 (This affects the package Crow before 0.3+4. It is possible to traverse ...) + NOT-FOR-US: CrowCpp +CVE-2021-23513 + RESERVED +CVE-2021-23512 + RESERVED +CVE-2021-23511 + RESERVED +CVE-2021-23510 + RESERVED +CVE-2021-23509 (This affects the package json-ptr before 3.0.0. A type confusion vulne ...) + NOT-FOR-US: Node json-ptr +CVE-2021-23508 + RESERVED +CVE-2021-23507 (The package object-path-set before 1.0.2 are vulnerable to Prototype P ...) + NOT-FOR-US: Node object-path-set +CVE-2021-23506 + RESERVED +CVE-2021-23505 + RESERVED +CVE-2021-23504 + RESERVED +CVE-2021-23503 + RESERVED +CVE-2021-23502 + RESERVED +CVE-2021-23501 + RESERVED +CVE-2021-23500 + RESERVED +CVE-2021-23499 + RESERVED +CVE-2021-23498 + RESERVED +CVE-2021-23497 (This affects the package @strikeentco/set before 1.0.2. It allows an a ...) + NOT-FOR-US: Node strikeentco/set +CVE-2021-23496 + RESERVED +CVE-2021-23495 + RESERVED +CVE-2021-23494 + RESERVED +CVE-2021-23493 + RESERVED +CVE-2021-23492 + RESERVED +CVE-2021-23491 + RESERVED +CVE-2021-23490 (The package parse-link-header before 2.0.0 are vulnerable to Regular E ...) + NOT-FOR-US: parse-link-header +CVE-2021-23489 + RESERVED +CVE-2021-23488 + RESERVED +CVE-2021-23487 + RESERVED +CVE-2021-23486 + RESERVED +CVE-2021-23485 + RESERVED +CVE-2021-23484 (The package zip-local before 0.3.5 are vulnerable to Arbitrary File Wr ...) + NOT-FOR-US: zip-local +CVE-2021-23483 + RESERVED +CVE-2021-23482 + RESERVED +CVE-2021-23481 + RESERVED +CVE-2021-23480 + RESERVED +CVE-2021-23479 + RESERVED +CVE-2021-23478 + RESERVED +CVE-2021-23477 + RESERVED +CVE-2021-23476 + RESERVED +CVE-2021-23475 + RESERVED +CVE-2021-23474 + RESERVED +CVE-2021-23473 + RESERVED +CVE-2021-23472 (This affects versions before 1.19.1 of package bootstrap-table. A type ...) + NOT-FOR-US: bootstrap-table + NOTE: URL in CVE has moved. https://github.com/wenzhixin/bootstrap-table/pull/5941 +CVE-2021-23471 + RESERVED +CVE-2021-23470 (This affects the package putil-merge before 3.8.0. The merge() functio ...) + NOT-FOR-US: Node putil-merge +CVE-2021-23469 + RESERVED +CVE-2021-23468 + RESERVED +CVE-2021-23467 + RESERVED +CVE-2021-23466 + RESERVED +CVE-2021-23465 + RESERVED +CVE-2021-23464 + RESERVED +CVE-2021-23463 (The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vuln ...) + - h2database <not-affected> (vulnerable method is not supported; vulnerable code introduced in 1.4.198) + NOTE: https://github.com/h2database/h2database/issues/3195 + NOTE: https://github.com/h2database/h2database/pull/3199 + NOTE: Introduced in: https://github.com/h2database/h2database/commit/1cfd2ffad975b31de3f20711bab19a121bfad20c (version-1.4.198) + NOTE: Fixed by: https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8 (version-2.0.202) +CVE-2021-23462 + RESERVED +CVE-2021-23461 + RESERVED +CVE-2021-23460 (The package min-dash before 3.8.1 are vulnerable to Prototype Pollutio ...) + NOT-FOR-US: bpmn.io min-dash +CVE-2021-23459 + RESERVED +CVE-2021-23458 + RESERVED +CVE-2021-23457 + RESERVED +CVE-2021-23456 + RESERVED +CVE-2021-23455 + RESERVED +CVE-2021-23454 + RESERVED +CVE-2021-23453 + RESERVED +CVE-2021-23452 (This affects all versions of package x-assign. The global proto object ...) + NOT-FOR-US: x-assign JS +CVE-2021-23451 + RESERVED +CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...) + - dojo <unfixed> + NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7 + NOTE: Fixed by: https://github.com/dojo/dojo/commit/b7b8b279f3e082e9d4b54144fe831bdc77b2e0c9 +CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...) + NOT-FOR-US: vm2 JS + NOTE: https://github.com/patriksimek/vm2 +CVE-2021-23448 (All versions of package config-handler are vulnerable to Prototype Pol ...) + NOT-FOR-US: config-handler JS +CVE-2021-23447 (This affects the package teddy before 0.5.9. A type confusion vulnerab ...) + NOT-FOR-US: teddy templating engine +CVE-2021-23446 (The package handsontable before 10.0.0; the package handsontable from ...) + NOT-FOR-US: Node handsontable +CVE-2021-23445 (This affects the package datatables.net before 1.11.3. If an array is ...) + - datatables.js 1.10.21+dfsg-3 (bug #995229) + [bullseye] - datatables.js 1.10.21+dfsg-2+deb11u1 + [buster] - datatables.js <no-dsa> (Minor issue) + [stretch] - datatables.js <no-dsa> (Minor issue) + NOTE: https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b (v1.11.3) +CVE-2021-23444 (This affects the package jointjs before 3.4.2. A type confusion vulner ...) + NOT-FOR-US: Node jointjs +CVE-2021-23443 (This affects the package edge.js before 5.3.2. A type confusion vulner ...) + NOT-FOR-US: Node edge.js +CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global proto o ...) + NOT-FOR-US: Node @cookiex/deep +CVE-2021-23441 + REJECTED +CVE-2021-23440 (This affects the package set-value before <2.0.1, >=3.0.0 <4. ...) + - node-set-value 3.0.1-3 (bug #994448) + [bullseye] - node-set-value 3.0.1-2+deb11u1 + [buster] - node-set-value <no-dsa> (Minor issue) + [stretch] - node-set-value <no-dsa> (Minor issue) + NOTE: https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452 (v4.0.1) + NOTE: https://github.com/jonschlinkert/set-value/pull/33/commits/383b72d47c74a55ae8b6e231da548f9280a4296a + NOTE: https://github.com/jonschlinkert/set-value/pull/33 +CVE-2021-23439 (This affects the package file-upload-with-preview before 4.2.0. A file ...) + NOT-FOR-US: Node file-upload-with-preview +CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion vulnerab ...) + NOT-FOR-US: Node mpath +CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Ex ...) + - pillow 8.3.2-1 + [bullseye] - pillow <no-dsa> (Minor issue) + [buster] - pillow <no-dsa> (Minor issue) + [stretch] - pillow <postponed> (Minor issue, can be fixed in the next DLA) + NOTE: https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b + NOTE: https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443 +CVE-2021-23436 (This affects the package immer before 9.0.6. A type confusion vulnerab ...) + NOT-FOR-US: Node immer +CVE-2021-23435 (This affects the package clearance before 2.5.0. The vulnerability can ...) + NOT-FOR-US: Rails clearance gem +CVE-2021-23434 (This affects the package object-path before 0.11.6. A type confusion v ...) + - node-object-path 0.11.7-1 + [bullseye] - node-object-path 0.11.5-3+deb11u1 + [buster] - node-object-path <no-dsa> (Minor issue) + [stretch] - node-object-path <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453 + NOTE: https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb +CVE-2021-23433 (The package algoliasearch-helper before 3.6.2 are vulnerable to Protot ...) + NOT-FOR-US: Node algoliasearch-helper +CVE-2021-23432 (This affects all versions of package mootools. This is due to the abil ...) + NOT-FOR-US: Node mootools +CVE-2021-23431 (The package joplin before 2.3.2 are vulnerable to Cross-site Request F ...) + NOT-FOR-US: Node joplin +CVE-2021-23430 (All versions of package startserver are vulnerable to Directory Traver ...) + NOT-FOR-US: Node startserver +CVE-2021-23429 (All versions of package transpile are vulnerable to Denial of Service ...) + NOT-FOR-US: Node transpile +CVE-2021-23428 (This affects all versions of package elFinder.NetCore. The Path.Combin ...) + NOT-FOR-US: elFinder.NetCore +CVE-2021-23427 (This affects all versions of package elFinder.NetCore. The ExtractAsyn ...) + NOT-FOR-US: elFinder.NetCore +CVE-2021-23426 (This affects all versions of package Proto. It is possible to inject p ...) + NOT-FOR-US: Node proto +CVE-2021-23425 (All versions of package trim-off-newlines are vulnerable to Regular Ex ...) + NOT-FOR-US: Node trim-off-newlines +CVE-2021-23424 (This affects all versions of package ansi-html. If an attacker provide ...) + NOT-FOR-US: Node ansi-html +CVE-2021-23423 (This affects the package bikeshed before 3.0.0. This can occur when an ...) + NOT-FOR-US: Bikeshed +CVE-2021-23422 (This affects the package bikeshed before 3.0.0. This can occur when an ...) + NOT-FOR-US: Bikeshed +CVE-2021-23421 (All versions of package merge-change are vulnerable to Prototype Pollu ...) + NOT-FOR-US: Node merge-change +CVE-2021-23420 (This affects the package codeception/codeception from 4.0.0 and before ...) + NOT-FOR-US: codeception +CVE-2021-23419 (This affects the package open-graph before 0.2.6. The function parse c ...) + NOT-FOR-US: Node open-graph +CVE-2021-23418 (The package glances before 3.2.1 are vulnerable to XML External Entity ...) + - glances <unfixed> + [bullseye] - glances <no-dsa> (Minor issue) + [buster] - glances <no-dsa> (Minor issue) + [stretch] - glances <no-dsa> (Minor issue) + NOTE: https://github.com/nicolargo/glances/issues/1025 + NOTE: https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94 + NOTE: https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a + NOTE: https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32 +CVE-2021-23417 (All versions of package deepmergefn are vulnerable to Prototype Pollut ...) + NOT-FOR-US: Node deepmergefn +CVE-2021-23416 (This affects all versions of package curly-bracket-parser. When used a ...) + NOT-FOR-US: curly-bracket-parser +CVE-2021-23415 (This affects the package elFinder.AspNet before 1.1.1. The user-contro ...) + NOT-FOR-US: elFinder.AspNet +CVE-2021-23414 (This affects the package video.js before 7.14.3. The src attribute of ...) + NOT-FOR-US: video.js +CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new zip file w ...) + - node-jszip 3.5.0+dfsg-2 + [buster] - node-jszip 3.1.4+dfsg-1+deb10u1 + NOTE: https://github.com/Stuk/jszip/pull/766 + NOTE: https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36 +CVE-2021-23412 (All versions of package gitlogplus are vulnerable to Command Injection ...) + NOT-FOR-US: Node gitlogplus +CVE-2021-23411 (Affected versions of this package are vulnerable to Cross-site Scripti ...) + NOT-FOR-US: Node anchorme +CVE-2021-23410 + REJECTED +CVE-2021-23409 (The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable ...) + - golang-github-pires-go-proxyproto <unfixed> (bug #991498) + [bullseye] - golang-github-pires-go-proxyproto <no-dsa> (Minor issue) + NOTE: https://github.com/pires/go-proxyproto/issues/65 + NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439 + NOTE: https://github.com/pires/go-proxyproto/pull/74 +CVE-2021-23408 (This affects the package com.graphhopper:graphhopper-web-bundle before ...) + NOT-FOR-US: com.graphhopper:graphhopper-web-bundle +CVE-2021-23407 (This affects the package elFinder.Net.Core from 0 and before 1.2.4. Th ...) + NOT-FOR-US: elFinder.Net.Core +CVE-2021-23406 (This affects the package pac-resolver before 5.0.0. This can occur whe ...) + NOT-FOR-US: Node pac-resolver +CVE-2021-23405 (This affects the package pimcore/pimcore before 10.0.7. This issue exi ...) + NOT-FOR-US: Pimcore +CVE-2021-23404 (This affects all versions of package sqlite-web. The SQL dashboard are ...) + NOT-FOR-US: sqlite-web +CVE-2021-23403 (All versions of package ts-nodash are vulnerable to Prototype Pollutio ...) + NOT-FOR-US: Node ts-nodash +CVE-2021-23402 (All versions of package record-like-deep-assign are vulnerable to Prot ...) + NOT-FOR-US: Node record-like-deep-assign +CVE-2021-23401 (This affects all versions of package Flask-User. When using the make_s ...) + NOT-FOR-US: Flask-User +CVE-2021-23400 (The package nodemailer before 6.6.1 are vulnerable to HTTP Header Inje ...) + - node-nodemailer 6.4.17-3 (bug #990485) + NOTE: https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f + NOTE: https://github.com/nodemailer/nodemailer/issues/1289 + NOTE: https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415 +CVE-2021-23399 (This affects all versions of package wincred. If attacker-controlled u ...) + NOT-FOR-US: wincred +CVE-2021-23398 (All versions of package react-bootstrap-table are vulnerable to Cross- ...) + NOT-FOR-US: react-bootstrap-table +CVE-2021-23397 + RESERVED +CVE-2021-23396 (All versions of package lutils are vulnerable to Prototype Pollution v ...) + NOT-FOR-US: Node lutils +CVE-2021-23395 (This affects all versions of package nedb. The library could be tricke ...) + NOT-FOR-US: Node nedb +CVE-2021-23394 (The package studio-42/elfinder before 2.1.58 are vulnerable to Remote ...) + NOT-FOR-US: studio-42/elfinder +CVE-2021-23393 (This affects the package Flask-Unchained before 0.9.0. When using the ...) + NOT-FOR-US: Flask-unchained +CVE-2021-23392 (The package locutus before 2.0.15 are vulnerable to Regular Expression ...) + NOT-FOR-US: Node locutus +CVE-2021-23391 (This affects all versions of package calipso. It is possible for a mal ...) + NOT-FOR-US: Node calipso +CVE-2021-23390 (The package total4 before 0.0.43 are vulnerable to Arbitrary Code Exec ...) + NOT-FOR-US: Node total4 +CVE-2021-23389 (The package total.js before 3.4.9 are vulnerable to Arbitrary Code Exe ...) + NOT-FOR-US: Node total4 +CVE-2021-23388 (The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulner ...) + NOT-FOR-US: Node forms +CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open Redirec ...) + NOT-FOR-US: Node trailing-slash +CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...) + NOT-FOR-US: Node dns-packet +CVE-2021-23385 + RESERVED +CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...) + NOT-FOR-US: Node koa-remove-trailing-slashes before +CVE-2021-23383 (The package handlebars before 4.7.7 are vulnerable to Prototype Pollut ...) + - node-handlebars 3:4.7.6+~4.1.0-2 + [buster] - node-handlebars <no-dsa> (Minor issue; can be fixed via point release) + - libjs-handlebars <removed> + [stretch] - libjs-handlebars <postponed> (Minor issue; can be fixed in next update) + NOTE: https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 + NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029 +CVE-2021-23382 (The package postcss before 8.2.13 are vulnerable to Regular Expression ...) + - node-postcss 8.2.1+~cs5.3.23-7 + [buster] - node-postcss <no-dsa> (Minor issue) + NOTE: https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640 + NOTE: https://github.com/postcss/postcss/commit/2ad1ca9b965dde32223bee28dc259c339cbaaa05 (8.2.13) +CVE-2021-23381 (This affects all versions of package killing. If attacker-controlled u ...) + NOT-FOR-US: Node killing +CVE-2021-23380 (This affects all versions of package roar-pidusage. If attacker-contro ...) + NOT-FOR-US: Node roar-pidusage +CVE-2021-23379 (This affects all versions of package portkiller. If (attacker-controll ...) + NOT-FOR-US: Node portkiller +CVE-2021-23378 (This affects all versions of package picotts. If attacker-controlled u ...) + NOT-FOR-US: Node picotts +CVE-2021-23377 (This affects all versions of package onion-oled-js. If attacker-contro ...) + NOT-FOR-US: Node onion-oled-js +CVE-2021-23376 (This affects all versions of package ffmpegdotjs. If attacker-controll ...) + NOT-FOR-US: Node ffmpegdotjs +CVE-2021-23375 (This affects all versions of package psnode. If attacker-controlled us ...) + NOT-FOR-US: Node psnode +CVE-2021-23374 (This affects all versions of package ps-visitor. If attacker-controlle ...) + NOT-FOR-US: Node ps-visitor +CVE-2021-23373 + RESERVED +CVE-2021-23372 (All versions of package mongo-express are vulnerable to Denial of Serv ...) + NOT-FOR-US: mongo-express +CVE-2021-23371 (This affects the package chrono-node before 2.2.4. It hangs on a date- ...) + NOT-FOR-US: Node chrono-node +CVE-2021-23370 (This affects the package swiper before 6.5.1. ...) + NOT-FOR-US: swiper +CVE-2021-23369 (The package handlebars before 4.7.7 are vulnerable to Remote Code Exec ...) + - node-handlebars 3:4.7.6+~4.1.0-2 + [buster] - node-handlebars 3:4.1.0-1+deb10u3 + - libjs-handlebars <removed> + [stretch] - libjs-handlebars <ignored> (Minor issue and too intrusive to backport) + NOTE: https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8 + NOTE: https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 + NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767 +CVE-2021-23368 (The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Reg ...) + - node-postcss 8.2.1+~cs5.3.23-6 + [buster] - node-postcss <not-affected> (Vulnerable code not present) + NOTE: https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4 + NOTE: https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5 + NOTE: https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595 +CVE-2021-23367 + RESERVED +CVE-2021-23366 + RESERVED +CVE-2021-23365 (The package github.com/tyktechnologies/tyk-identity-broker before 1.1. ...) + NOT-FOR-US: tyk-identity-broker +CVE-2021-23364 (The package browserslist from 4.0.0 and before 4.16.5 are vulnerable t ...) + - node-browserslist 4.16.3+~cs5.4.72-2 (bug #987792) + [buster] - node-browserslist <ignored> (Minor issue; risky backport with regression potential) + NOTE: https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98 + NOTE: https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194 + NOTE: https://github.com/browserslist/browserslist/pull/593 +CVE-2021-23363 (This affects the package kill-by-port before 0.0.2. If (attacker-contr ...) + NOT-FOR-US: Node kill-by-port +CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to Regular Exp ...) + - node-hosted-git-info 3.0.8-1 + [buster] - node-hosted-git-info 2.7.1-1+deb10u1 + [stretch] - node-hosted-git-info <not-affected> (Vulnerable code introduced later) + NOTE: Fixed by: https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3 + NOTE: https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355 +CVE-2021-23361 + REJECTED +CVE-2021-23360 (This affects the package killport before 1.0.2. If (attacker-controlle ...) + NOT-FOR-US: Node killport +CVE-2021-23359 (This affects all versions of package port-killer. If (attacker-control ...) + NOT-FOR-US: Node port-killer +CVE-2021-23358 (The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 a ...) + {DSA-4883-1 DLA-2613-1} + - underscore 1.9.1~dfsg-2 (bug #986171) + NOTE: https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984 +CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway are vul ...) + NOT-FOR-US: tyk/gateway +CVE-2021-23356 (This affects all versions of package kill-process-by-name. If (attacke ...) + NOT-FOR-US: Node kill-process-by-name +CVE-2021-23355 (This affects all versions of package ps-kill. If (attacker-controlled) ...) + NOT-FOR-US: Node ps-kill +CVE-2021-23354 (The package printf before 0.6.1 are vulnerable to Regular Expression D ...) + NOT-FOR-US: Node printf +CVE-2021-23353 (This affects the package jspdf before 2.3.1. ReDoS is possible via the ...) + NOT-FOR-US: Node jspdf +CVE-2021-23352 (This affects the package madge before 4.0.1. It is possible to specify ...) + NOT-FOR-US: Node madge +CVE-2021-23351 (The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable ...) + - golang-github-pires-go-proxyproto 0.4.2-1 (bug #985025) + NOTE: https://github.com/pires/go-proxyproto/issues/69 + NOTE: https://github.com/pires/go-proxyproto/commit/7f48261db810703d173f27f3309a808cc2b49b8b + NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1081577 +CVE-2021-23350 + RESERVED +CVE-2021-23349 + RESERVED +CVE-2021-23348 (This affects the package portprocesses before 1.0.5. If (attacker-cont ...) + NOT-FOR-US: Node portprocesses +CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 ...) + NOT-FOR-US: argo-cd +CVE-2021-23346 (This affects the package html-parse-stringify before 2.0.1; all versio ...) + NOT-FOR-US: html-parse-stringify +CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...) + NOT-FOR-US: gotenberg +CVE-2021-23344 (The package total.js before 3.4.8 are vulnerable to Remote Code Execut ...) + NOT-FOR-US: total.js +CVE-2021-23343 (All versions of package path-parse are vulnerable to Regular Expressio ...) + NOT-FOR-US: Node path-parse +CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible to bypa ...) + NOT-FOR-US: docsify +CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular Expression ...) + - node-prismjs 1.23.0+dfsg-1 (bug #985109) + NOTE: https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609 (v1.23.0) + NOTE: https://github.com/PrismJS/prism/pull/2584 + NOTE: https://github.com/PrismJS/prism/issues/2583 +CVE-2021-23340 (This affects the package pimcore/pimcore before 6.8.8. A Local FIle In ...) + NOT-FOR-US: Pimcore +CVE-2021-23339 (This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of ...) + NOT-FOR-US: com.typesafe.akka:akka-http-core +CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...) + NOT-FOR-US: qlib +CVE-2021-23337 (Lodash versions prior to 4.17.21 are vulnerable to Command Injection v ...) + - node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086) + [buster] - node-lodash <no-dsa> (Minor issue) + [stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724 +CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...) + {DLA-2628-1 DLA-2619-1 DLA-2569-1} + - python-django 2:2.2.19-1 (bug #983090) + [buster] - python-django <no-dsa> (Minor issue; can be fixed via point release) + - python3.9 3.9.2-1 + - python3.8 <removed> + - python3.7 <removed> + [buster] - python3.7 <no-dsa> (Minor issue) + - python3.5 <removed> + - python2.7 <unfixed> + [bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support) + [buster] - python2.7 <no-dsa> (Minor issue) + - pypy3 7.3.3+dfsg-3 + [buster] - pypy3 <no-dsa> (Minor issue) + NOTE: https://github.com/python/cpython/pull/24297 + NOTE: https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master) + NOTE: https://github.com/python/cpython/commit/c9f07813ab8e664d8c34413c4fc2d4f86c061a92 (3.9) + NOTE: https://github.com/python/cpython/commit/d0d4d30882fe3ab9b1badbecf5d15d94326fd13e (3.7) + NOTE: https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/ +CVE-2021-23335 (All versions of package is-user-valid are vulnerable to LDAP Injection ...) + NOT-FOR-US: Node is-user-valid +CVE-2021-23334 + REJECTED +CVE-2021-23333 + RESERVED +CVE-2021-23332 + RESERVED +CVE-2021-23331 (This affects all versions of package com.squareup:connect. The method ...) + NOT-FOR-US: com.squareup:connect +CVE-2021-23330 (All versions of package launchpad are vulnerable to Command Injection ...) + NOT-FOR-US: Node launchpad +CVE-2021-23329 (The package nested-object-assign before 1.0.4 are vulnerable to Protot ...) + NOT-FOR-US: Node nested-object-assign +CVE-2021-23328 (This affects all versions of package iniparserjs. This vulnerability r ...) + NOT-FOR-US: Node iniparserjs +CVE-2021-23327 (The package apexcharts before 3.24.0 are vulnerable to Cross-site Scri ...) + NOT-FOR-US: apexcharts +CVE-2021-23326 (This affects the package @graphql-tools/git-loader before 6.2.6. The u ...) + NOT-FOR-US: graphql-tools/git-loader +CVE-2021-23325 + RESERVED +CVE-2021-23324 + RESERVED +CVE-2021-23323 + RESERVED +CVE-2021-23322 + RESERVED +CVE-2021-23321 + RESERVED +CVE-2021-23320 + RESERVED +CVE-2021-23319 + RESERVED +CVE-2021-23318 + RESERVED +CVE-2021-23317 + RESERVED +CVE-2021-23316 + RESERVED +CVE-2021-23315 + RESERVED +CVE-2021-23314 + RESERVED +CVE-2021-23313 + RESERVED +CVE-2021-23312 + RESERVED +CVE-2021-23311 + RESERVED +CVE-2021-23310 + RESERVED +CVE-2021-23309 + RESERVED +CVE-2021-23308 + RESERVED +CVE-2021-23307 + RESERVED +CVE-2021-23306 + RESERVED +CVE-2021-23305 + RESERVED +CVE-2021-23304 + RESERVED +CVE-2021-23303 + RESERVED +CVE-2021-23302 + RESERVED +CVE-2021-23301 + RESERVED +CVE-2021-23300 + RESERVED +CVE-2021-23299 + RESERVED +CVE-2021-23298 + RESERVED +CVE-2021-23297 + RESERVED +CVE-2021-23296 + RESERVED +CVE-2021-23295 + RESERVED +CVE-2021-23294 + RESERVED +CVE-2021-23293 + RESERVED +CVE-2021-23292 + RESERVED +CVE-2021-23291 + RESERVED +CVE-2021-23290 + RESERVED +CVE-2021-23289 + RESERVED +CVE-2021-23288 + RESERVED +CVE-2021-23287 + RESERVED +CVE-2021-23286 + RESERVED +CVE-2021-23285 + RESERVED +CVE-2021-23284 + RESERVED +CVE-2021-23283 + RESERVED +CVE-2021-23282 + RESERVED +CVE-2021-23281 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...) + NOT-FOR-US: Eaton Intelligent Power Manager (IPM) +CVE-2021-23280 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...) + NOT-FOR-US: Eaton Intelligent Power Manager (IPM) +CVE-2021-23279 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...) + NOT-FOR-US: Eaton Intelligent Power Manager (IPM) +CVE-2021-23278 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...) + NOT-FOR-US: Eaton Intelligent Power Manager (IPM) +CVE-2021-23277 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...) + NOT-FOR-US: Eaton Intelligent Power Manager (IPM) +CVE-2021-23276 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...) + NOT-FOR-US: Eaton Intelligent Power Manager (IPM) +CVE-2021-23275 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Ente ...) + NOT-FOR-US: TIBCO +CVE-2021-23274 (The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Ga ...) + NOT-FOR-US: TIBCO +CVE-2021-23273 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...) + NOT-FOR-US: TIBCO +CVE-2021-23272 (The Application Development Clients component of TIBCO Software Inc.'s ...) + NOT-FOR-US: TIBCO +CVE-2021-23271 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX ...) + NOT-FOR-US: TIBCO +CVE-2021-3113 (Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers ...) + NOT-FOR-US: Netsia SEBA+ +CVE-2021-23270 (In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur tha ...) + NOT-FOR-US: Gargoyle OS +CVE-2021-23269 + RESERVED +CVE-2021-23268 + RESERVED +CVE-2021-23267 + RESERVED +CVE-2021-23266 + RESERVED +CVE-2021-23265 + RESERVED +CVE-2021-23264 (Installations, where crafter-search is not protected, allow unauthenti ...) + NOT-FOR-US: Crafter CMS +CVE-2021-23263 (Unauthenticated remote attackers can read textual content via FreeMark ...) + NOT-FOR-US: Crafter CMS +CVE-2021-23262 (Authenticated administrators may modify the main YAML configuration fi ...) + NOT-FOR-US: Crafter CMS +CVE-2021-23261 (Authenticated administrators may override the system configuration fil ...) + NOT-FOR-US: Crafter CMS +CVE-2021-23260 (Authenticated users with Site roles may inject XSS scripts via file na ...) + NOT-FOR-US: Crafter CMS +CVE-2021-23259 (Authenticated users with Administrator or Developer roles may execute ...) + NOT-FOR-US: Crafter CMS +CVE-2021-23258 (Authenticated users with Administrator or Developer roles may execute ...) + NOT-FOR-US: Crafter CMS +CVE-2021-23257 + RESERVED +CVE-2021-23256 + RESERVED +CVE-2021-23255 + RESERVED +CVE-2021-23254 + RESERVED +CVE-2021-23253 (Opera Mini for Android below 53.1 displays URL left-aligned in the add ...) + NOT-FOR-US: Opera Mini for Android +CVE-2021-23252 + RESERVED +CVE-2021-23251 + RESERVED +CVE-2021-23250 + RESERVED +CVE-2021-23249 + RESERVED +CVE-2021-23248 + RESERVED +CVE-2021-23247 + RESERVED +CVE-2021-23246 + RESERVED +CVE-2021-23245 + RESERVED +CVE-2021-23244 (ColorOS pregrant dangerous permissions to apps which are listed in a w ...) + NOT-FOR-US: OPPO Android Phone +CVE-2021-23243 (In Oppo's battery application, the third-party SDK provides the functi ...) + NOT-FOR-US: OPPO Android Phone +CVE-2021-3112 + RESERVED +CVE-2021-3111 (The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via ...) + NOT-FOR-US: Concrete5 +CVE-2021-3110 (The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL i ...) + NOT-FOR-US: PrestaShop +CVE-2021-3109 (The custom menu item options page in SolarWinds Orion Platform before ...) + NOT-FOR-US: SolarWinds +CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...) + NOT-FOR-US: MERCUSYS Mercury X18G devices +CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...) + NOT-FOR-US: MERCUSYS Mercury X18G devices +CVE-2021-23240 (selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a loc ...) + - sudo 1.9.5-1 (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2 + NOTE: https://www.sudo.ws/repos/sudo/rev/8fcb36ef422a + NOTE: https://www.sudo.ws/alerts/sudoedit_selinux.html + NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1) +CVE-2021-23239 (The sudoedit personality of Sudo before 1.9.5 may allow a local unpriv ...) + - sudo 1.9.5-1 + [buster] - sudo <no-dsa> (Minor issue) + [stretch] - sudo <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2 + NOTE: https://www.sudo.ws/repos/sudo/rev/ea19d0073c02 +CVE-2021-3108 + RESERVED +CVE-2021-3107 + RESERVED +CVE-2021-3106 + RESERVED +CVE-2021-23238 + RESERVED +CVE-2021-23237 + RESERVED +CVE-2021-3105 + RESERVED +CVE-2021-3104 + RESERVED +CVE-2021-3103 + RESERVED +CVE-2021-3102 + RESERVED +CVE-2021-3101 + RESERVED +CVE-2021-3100 + RESERVED +CVE-2021-3099 + RESERVED +CVE-2021-3098 + RESERVED +CVE-2021-3097 + RESERVED +CVE-2021-3096 + RESERVED +CVE-2021-3095 + REJECTED +CVE-2021-3094 + RESERVED +CVE-2021-3093 + RESERVED +CVE-2021-3092 + RESERVED +CVE-2021-3091 + RESERVED +CVE-2021-3090 + REJECTED +CVE-2021-3089 + RESERVED +CVE-2021-3088 + RESERVED +CVE-2021-3087 + RESERVED +CVE-2021-3086 + RESERVED +CVE-2021-3085 + RESERVED +CVE-2021-3084 + RESERVED +CVE-2021-3083 + RESERVED +CVE-2021-3082 + RESERVED +CVE-2021-3081 + RESERVED +CVE-2021-3080 + RESERVED +CVE-2021-3079 + RESERVED +CVE-2021-3078 + RESERVED +CVE-2021-3077 + RESERVED +CVE-2021-3076 + RESERVED +CVE-2021-3075 + RESERVED +CVE-2021-3074 + RESERVED +CVE-2021-3073 + RESERVED +CVE-2021-3072 + RESERVED +CVE-2021-3071 + RESERVED +CVE-2021-3070 + RESERVED +CVE-2021-3069 + RESERVED +CVE-2021-3068 + RESERVED +CVE-2021-3067 + RESERVED +CVE-2021-3066 + RESERVED +CVE-2021-3065 + RESERVED +CVE-2021-3064 (A memory corruption vulnerability exists in Palo Alto Networks GlobalP ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3063 (An improper handling of exceptional conditions vulnerability exists in ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3062 (An improper access control vulnerability in PAN-OS software enables an ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3061 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3060 (An OS command injection vulnerability in the Simple Certificate Enroll ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3059 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3058 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3057 (A stack-based buffer overflow vulnerability exists in the Palo Alto Ne ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3056 (A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalP ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference vulnera ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3054 (A time-of-check to time-of-use (TOCTOU) race condition vulnerability i ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3053 (An improper handling of exceptional conditions vulnerability exists in ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3052 (A reflected cross-site scripting (XSS) vulnerability in the Palo Alto ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3051 (An improper verification of cryptographic signature vulnerability exis ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3050 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2021-3049 (An improper authorization vulnerability in the Palo Alto Networks Cort ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3048 (Certain invalid URL entries contained in an External Dynamic List (EDL ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3047 (A cryptographically weak pseudo-random number generator (PRNG) is used ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3046 (An improper authentication vulnerability exists in Palo Alto Networks ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3045 (An OS command argument injection vulnerability in the Palo Alto Networ ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3044 (An improper authorization vulnerability in Palo Alto Networks Cortex X ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3043 (A reflected cross-site scripting (XSS) vulnerability exists in the Pri ...) + NOT-FOR-US: Prisma Cloud Compute web console (Palo Alto Networks) +CVE-2021-3042 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3041 (A local privilege escalation vulnerability exists in the Palo Alto Net ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3040 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3039 (An information exposure through log file vulnerability exists in the P ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3038 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3037 (An information exposure through log file vulnerability exists in Palo ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3036 (An information exposure through log file vulnerability exists in Palo ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3035 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3034 (An information exposure through log file vulnerability exists in Corte ...) + NOT-FOR-US: Cortex XSOAR software (Palo Alto Networks) +CVE-2021-3033 (An improper verification of cryptographic signature vulnerability exis ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3032 (An information exposure through log file vulnerability exists in Palo ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2021-3031 (Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, P ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-3030 + RESERVED +CVE-2021-23234 + RESERVED +CVE-2021-23135 (Exposure of System Data to an Unauthorized Control Sphere vulnerabilit ...) + NOT-FOR-US: Argo CD +CVE-2021-23134 (Use After Free vulnerability in nfc sockets in the Linux Kernel before ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/4 +CVE-2021-23133 (A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) befo ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f + NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/2 +CVE-2021-23132 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media all ...) + NOT-FOR-US: Joomla! +CVE-2021-23131 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input ...) + NOT-FOR-US: Joomla! +CVE-2021-23130 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...) + NOT-FOR-US: Joomla! +CVE-2021-23129 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...) + NOT-FOR-US: Joomla! +CVE-2021-23128 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core ship ...) + NOT-FOR-US: Joomla! +CVE-2021-23127 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an i ...) + NOT-FOR-US: Joomla! +CVE-2021-23126 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the ...) + NOT-FOR-US: Joomla! +CVE-2021-23125 (An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of e ...) + NOT-FOR-US: Joomla! +CVE-2021-23124 (An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of e ...) + NOT-FOR-US: Joomla! +CVE-2021-23123 (An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of A ...) + NOT-FOR-US: Joomla! +CVE-2021-23122 + RESERVED +CVE-2021-23121 + RESERVED +CVE-2021-23120 + RESERVED +CVE-2021-23119 + RESERVED +CVE-2021-23118 + RESERVED +CVE-2021-23117 + RESERVED +CVE-2021-23116 + RESERVED +CVE-2021-23115 + RESERVED +CVE-2021-23114 + RESERVED +CVE-2021-23113 + RESERVED +CVE-2021-23112 + RESERVED +CVE-2021-23111 + RESERVED +CVE-2021-23110 + RESERVED +CVE-2021-23109 + RESERVED +CVE-2021-23108 + RESERVED +CVE-2021-23107 + RESERVED +CVE-2021-23106 + RESERVED +CVE-2021-23105 + RESERVED +CVE-2021-23104 + RESERVED +CVE-2021-23103 + RESERVED +CVE-2021-23102 + RESERVED +CVE-2021-23101 + RESERVED +CVE-2021-23100 + RESERVED +CVE-2021-23099 + RESERVED +CVE-2021-23098 + RESERVED +CVE-2021-23097 + RESERVED +CVE-2021-23096 + RESERVED +CVE-2021-23095 + RESERVED +CVE-2021-23094 + RESERVED +CVE-2021-23093 + RESERVED +CVE-2021-23092 + RESERVED +CVE-2021-23091 + RESERVED +CVE-2021-23090 + RESERVED +CVE-2021-23089 + RESERVED +CVE-2021-23088 + RESERVED +CVE-2021-23087 + RESERVED +CVE-2021-23086 + RESERVED +CVE-2021-23085 + RESERVED +CVE-2021-23084 + RESERVED +CVE-2021-23083 + RESERVED +CVE-2021-23082 + RESERVED +CVE-2021-23081 + RESERVED +CVE-2021-23080 + RESERVED +CVE-2021-23079 + RESERVED +CVE-2021-23078 + RESERVED +CVE-2021-23077 + RESERVED +CVE-2021-23076 + RESERVED +CVE-2021-23075 + RESERVED +CVE-2021-23074 + RESERVED +CVE-2021-23073 + RESERVED +CVE-2021-23072 + RESERVED +CVE-2021-23071 + RESERVED +CVE-2021-23070 + RESERVED +CVE-2021-23069 + RESERVED +CVE-2021-23068 + RESERVED +CVE-2021-23067 + RESERVED +CVE-2021-23066 + RESERVED +CVE-2021-23065 + RESERVED +CVE-2021-23064 + RESERVED +CVE-2021-23063 + RESERVED +CVE-2021-23062 + RESERVED +CVE-2021-23061 + RESERVED +CVE-2021-23060 + RESERVED +CVE-2021-23059 + RESERVED +CVE-2021-23058 + RESERVED +CVE-2021-23057 + RESERVED +CVE-2021-23056 + RESERVED +CVE-2021-23055 + RESERVED +CVE-2021-23054 (On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23053 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x be ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23052 (On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23051 (On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Develo ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23050 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 a ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23049 (On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, whe ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23048 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23047 (On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 1 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23046 (On all versions of Guided Configuration before 8.0.0, when a configura ...) + NOT-FOR-US: F5 +CVE-2021-23045 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23044 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x b ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23043 (On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23042 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23041 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23040 (On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23039 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23038 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x befo ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23037 (On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23036 (On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe prof ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23035 (On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured o ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23034 (On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23033 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23032 (On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 1 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23031 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23030 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23029 (On version 16.0.x before 16.0.1.2, insufficient permission checks may ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23028 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x befo ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23027 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23026 (BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x be ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23025 (On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x befo ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23024 (On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG ...) + NOT-FOR-US: F5 +CVE-2021-23023 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23022 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, t ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23021 (The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/co ...) + NOT-FOR-US: NGINX Controller +CVE-2021-23020 (The NAAS 3.x before 3.10.0 API keys were generated using an insecure p ...) + NOT-FOR-US: NGINX Controller +CVE-2021-23019 (The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administra ...) + NOT-FOR-US: NGINX Controller +CVE-2021-23018 (Intra-cluster communication does not use TLS. The services within the ...) + NOT-FOR-US: NGINX Controller +CVE-2021-23017 (A security issue in nginx resolver was identified, which might allow a ...) + {DSA-4921-1 DLA-2670-1} + - nginx 1.18.0-6.1 (bug #989095) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/5 + NOTE: Patch: http://nginx.org/download/patch.2021.resolver.txt + NOTE: Fixed by: https://github.com/nginx/nginx/commit/7199ebc203f74fd9e44595474de6bdc41740c5cf (1.20.1) +CVE-2021-23016 (On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 1 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23015 (On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 throu ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23014 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x b ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23013 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23012 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23011 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x befor ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23010 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x befor ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23009 (On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, mal ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23008 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 1 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23007 (On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Mi ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23006 (On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23005 (On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum devi ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23004 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23003 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23002 (When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23001 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x bef ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-23000 (On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22999 (On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22998 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22997 (On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22996 (On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22995 (On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22994 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22993 (On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22992 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22991 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22990 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22989 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22988 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22987 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22986 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22985 (On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22984 (On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22983 (On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, an ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22982 (On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22981 (On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22980 (In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, a ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22979 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22978 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22977 (On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation betwe ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22976 (On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22975 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22974 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22973 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2021-22972 + RESERVED +CVE-2021-22971 + RESERVED +CVE-2021-22970 (Concrete CMS (formerly concrete5) versions 8.5.6 and below and version ...) + NOT-FOR-US: Concrete CMS +CVE-2021-22969 (Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF miti ...) + NOT-FOR-US: Concrete CMS +CVE-2021-22968 (A bypass of adding remote files in Concrete CMS (previously concrete5) ...) + NOT-FOR-US: Concrete CMS +CVE-2021-22967 (In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthe ...) + NOT-FOR-US: Concrete CMS +CVE-2021-22966 (Privilege escalation from Editor to Admin using Groups in Concrete CMS ...) + NOT-FOR-US: Concrete CMS +CVE-2021-22965 (A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2021-22964 (A redirect vulnerability in the `fastify-static` module version >= ...) + NOT-FOR-US: fastify-static +CVE-2021-22963 (A redirect vulnerability in the fastify-static module version < 4.2 ...) + NOT-FOR-US: fastify-static +CVE-2021-22962 + RESERVED +CVE-2021-22961 (A code injection vulnerability exists within the firewall software of ...) + NOT-FOR-US: GlassWire +CVE-2021-22960 (The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk ...) + - nodejs 12.22.7~dfsg-1 + [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-when-parsing-the-body-medium-cve-2021-22960 +CVE-2021-22959 (The parser in accepts requests with a space (SP) right after the heade ...) + - nodejs 12.22.7~dfsg-1 + [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-due-to-spaced-in-headers-medium-cve-2021-22959 +CVE-2021-22958 (A Server-Side Request Forgery vulnerability was found in concrete5 < ...) + NOT-FOR-US: Concrete CMS +CVE-2021-22957 (A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Pr ...) + NOT-FOR-US: UniFi Protect +CVE-2021-22956 (An uncontrolled resource consumption vulnerability exists in Citrix AD ...) + NOT-FOR-US: Citrix +CVE-2021-22955 (A unauthenticated denial of service vulnerability exists in Citrix ADC ...) + NOT-FOR-US: Citrix +CVE-2021-22954 (A cross-site request forgery vulnerability exists in Concrete CMS < ...) + NOT-FOR-US: Concrete CMS +CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to c ...) + NOT-FOR-US: Concrete CMS +CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and earlier pe ...) + NOT-FOR-US: UniFI Talk +CVE-2021-22951 (Unauthorized individuals could view password protected files using vie ...) + NOT-FOR-US: Concrete CMS +CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachme ...) + NOT-FOR-US: Concrete CMS +CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to d ...) + NOT-FOR-US: Concrete CMS +CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserver < ...) + NOT-FOR-US: revive-adserver +CVE-2021-22947 (When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 se ...) + {DLA-2773-1} + - curl 7.79.1-1 + [bullseye] - curl <no-dsa> (Minor issue) + [buster] - curl <no-dsa> (Minor issue) + NOTE: https://curl.se/docs/CVE-2021-22947.html + NOTE: Fixed by: https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68 (curl-7_79_0) +CVE-2021-22946 (A user can tell curl >= 7.20.0 and <= 7.78.0 to require a succes ...) + {DLA-2773-1} + - curl 7.79.1-1 + [bullseye] - curl <no-dsa> (Minor issue) + [buster] - curl <no-dsa> (Minor issue) + NOTE: https://curl.se/docs/CVE-2021-22946.html + NOTE: Fixed by: https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca (curl-7_79_0) +CVE-2021-22945 (When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 c ...) + - curl 7.79.1-1 + [bullseye] - curl <no-dsa> (Minor issue) + [buster] - curl <not-affected> (Vulnerable code introduced later) + [stretch] - curl <not-affected> (Vulnerable code introduced later) + NOTE: https://curl.se/docs/CVE-2021-22945.html + NOTE: Fixed by: https://github.com/curl/curl/commit/43157490a5054bd24256fe12876931e8abc9df49 (curl-7_79_0) +CVE-2021-22944 (A vulnerability found in UniFi Protect application V1.18.1 and earlier ...) + NOT-FOR-US: UniFi Protect application +CVE-2021-22943 (A vulnerability found in UniFi Protect application V1.18.1 and earlier ...) + NOT-FOR-US: UniFi Protect application +CVE-2021-22942 (A possible open redirect vulnerability in the Host Authorization middl ...) + [experimental] - rails 2:6.1.4.1+dfsg-1 + - rails <unfixed> (bug #992586) + [bullseye] - rails <no-dsa> (Minor issue) + [buster] - rails <not-affected> (Vulnerable code not present) + [stretch] - rails <not-affected> (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/20/1 +CVE-2021-22941 (Improper Access Control in Citrix ShareFile storage zones controller b ...) + NOT-FOR-US: Citrix +CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use aft ...) + - nodejs 12.22.5~dfsg-1 + [bullseye] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied) + [buster] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied) + [stretch] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied) + NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22940 +CVE-2021-22939 (If the Node.js https API was used incorrectly and "undefined" was in p ...) + - nodejs 12.22.5~dfsg-1 + [bullseye] - nodejs 12.22.5~dfsg-2~11u1 + [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#incomplete-validation-of-rejectunauthorized-parameter-low-cve-2021-22939 +CVE-2021-22938 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2021-22937 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2021-22936 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow a th ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2021-22935 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2021-22934 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2021-22933 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2021-22932 (An issue has been identified in the CTX269106 mitigation tool for Citr ...) + NOT-FOR-US: Citrix +CVE-2021-22931 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Co ...) + - nodejs <not-affected> (Debian builds nodejs against src:c-ares) + NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931 +CVE-2021-22930 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use aft ...) + - nodejs 12.22.4~dfsg-1 + [bullseye] - nodejs 12.22.5~dfsg-2~11u1 + [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support) + NOTE: https://github.com/nodejs/node/commit/b263f2585ab53f56e0e22b46cf1f8519a8af8a05 + NOTE: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22930 + NOTE: Possible incomplete fix (at least for v12): https://github.com/nodejs/node/issues/38964#issuecomment-889936936 + NOTE: CVE for the incomplete fix tracked as CVE-2021-22940 +CVE-2021-22929 (An information disclosure exists in Brave Browser Desktop prior to ver ...) + - brave-browser <itp> (bug #864795) +CVE-2021-22928 (A vulnerability has been identified in Citrix Virtual Apps and Desktop ...) + NOT-FOR-US: Citrix +CVE-2021-22927 (A session fixation vulnerability exists in Citrix ADC and Citrix Gatew ...) + NOT-FOR-US: Citrix +CVE-2021-22926 (libcurl-using applications can ask for a specific client certificate t ...) + NOT-FOR-US: curl builds on MacOS +CVE-2021-22925 (curl supports the `-t` command line option, known as `CURLOPT_TELNETOP ...) + - curl <not-affected> (Incomplete fix for CVE-2021-22898 not applied) + NOTE: https://curl.se/docs/CVE-2021-22925.html + NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (curl-7_7_alpha2) + NOTE: Fixed by: https://github.com/curl/curl/commit/894f6ec730597eb243618d33cc84d71add8d6a8a (curl-7_78_0) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/4 + NOTE: CVE is assigned because previous attempt to address CVE-2021-22898 resulted to be + NOTE: insufficient and the security vulnerability remained. +CVE-2021-22924 (libcurl keeps previously used connections in a connection pool for sub ...) + {DLA-2734-1} + - curl 7.79.1-1 (bug #991492) + [bullseye] - curl <no-dsa> (Minor issue) + [buster] - curl <no-dsa> (Minor issue) + NOTE: https://curl.se/docs/CVE-2021-22924.html + NOTE: Introduced by: https://github.com/curl/curl/commit/89721ff04af70f527baae1368f3b992777bf6526 (curl-7_10_4) + NOTE: Fixed by: https://github.com/curl/curl/commit/5ea3145850ebff1dc2b13d17440300a01ca38161 (curl-7_78_0) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/3 +CVE-2021-22923 (When curl is instructed to get content using the metalink feature, and ...) + - curl <unfixed> (unimportant) + NOTE: https://curl.se/docs/CVE-2021-22923.html + NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/2 + NOTE: The fix for earlier versions is to rebuild curl with the metalink support + NOTE: switched off. + NOTE: Metalink support not enabled in Debian builds. +CVE-2021-22922 (When curl is instructed to download content using the metalink feature ...) + - curl <unfixed> (unimportant) + NOTE: https://curl.se/docs/CVE-2021-22922.html + NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/1 + NOTE: The fix for earlier versions is to rebuild curl with the metalink support + NOTE: switched off. + NOTE: Metalink support not enabled in Debian builds. +CVE-2021-22921 (Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local pri ...) + - nodejs <not-affected> (Only affects Windows installer) +CVE-2021-22920 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...) + NOT-FOR-US: Citrix +CVE-2021-22919 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...) + NOT-FOR-US: Citrix +CVE-2021-22918 (Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bou ...) + {DSA-4936-1} + - libuv1 1.40.0-2 (bug #990561) + [stretch] - libuv1 <not-affected> (Vulnerable code added later) + NOTE: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/ + NOTE: https://github.com/nodejs/node/commit/d33aead28bcec32a2a450f884907a6d971631829 +CVE-2021-22917 (Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to ...) + - brave-browser <itp> (bug #864795) +CVE-2021-22916 (In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is ...) + - brave-browser <itp> (bug #864795) +CVE-2021-22915 (Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brut ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-22914 (Citrix Cloud Connector before 6.31.0.62192 suffers from insecure stora ...) + NOT-FOR-US: Citrix +CVE-2021-22913 (Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclos ...) + NOT-FOR-US: Nextcloud Deck +CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information disclosure vuln ...) + NOT-FOR-US: Nextcloud iOS +CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...) + NOT-FOR-US: Rocket.Chat +CVE-2021-22910 (A sanitization vulnerability exists in Rocket.Chat server versions < ...) + NOT-FOR-US: Rocket.Chat +CVE-2021-22909 (A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could a ...) + NOT-FOR-US: EdgeMAX EdgeRouter +CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File Resource Profil ...) + NOT-FOR-US: Windows File Resource Profiles +CVE-2021-22907 (An improper access control vulnerability exists in Citrix Workspace Ap ...) + NOT-FOR-US: Citrix +CVE-2021-22906 (Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-22905 (Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnera ...) + NOT-FOR-US: Nextcloud Android App (com.nextcloud.client) +CVE-2021-22904 (The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffer ...) + {DSA-4929-1 DLA-2655-1} + - rails 2:6.0.3.7+dfsg-1 (bug #988214) + NOTE: https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e (main) + NOTE: https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 (v6.0.3.7) + NOTE: https://github.com/rails/rails/commit/3d9e9fdf14e044b3ba66f909582c228a9d4ffb5c (v5.2.4.6) +CVE-2021-22903 (The actionpack ruby gem before 6.1.3.2 suffers from a possible open re ...) + - rails <not-affected> (Vulnerable code introduced in 6.1.0.rc2) + NOTE: Introduced by: https://github.com/rails/rails/commit/9bc7ea5dab34c8657c91d0258bb5afd8bfcd3a8f (main) + NOTE: Fixed by: https://github.com/rails/rails/commit/55e0723846aa77ce6afcb677618578fb859b7fd7 (main) +CVE-2021-22902 (The actionpack ruby gem (a framework for handling and responding to we ...) + - rails 2:6.0.3.7+dfsg-1 (bug #988214) + [buster] - rails <not-affected> (Vulnerable code introduced later) + [stretch] - rails <not-affected> (Vulnerable code introduced later) + NOTE: Fixed by: https://github.com/rails/rails/commit/b61b94181b2a0cecab49d90d8f259bc8e39b662a (main) + NOTE: Fixed by: https://github.com/rails/rails/commit/446afbd15360a347c923ca775b21a286dcb5297a (v6.0.3.7) +CVE-2021-22901 (curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability ...) + - curl <not-affected> (Vulnerable code introduced later) + NOTE: https://curl.se/docs/CVE-2021-22901.html + NOTE: Introduced by: https://github.com/curl/curl/commit/a304051620b92e12b6b1b4e19edc57b34ea332b6 (7.75.0) + NOTE: Fixed by: https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 (7.77.0) +CVE-2021-22900 (A vulnerability allowed multiple unrestricted uploads in Pulse Connect ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure befor ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2021-22898 (curl 7.7 through 7.76.1 suffers from an information disclosure when th ...) + {DLA-2734-1} + - curl 7.79.1-1 (bug #989228) + [bullseye] - curl <no-dsa> (Minor issue) + [buster] - curl <no-dsa> (Minor issue) + NOTE: https://curl.se/docs/CVE-2021-22898.html + NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (7.7) + NOTE: Fixed by: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde (7.77.0) + NOTE: Followup to not make curl vulnerable to CVE-2021-22925: + NOTE: https://github.com/curl/curl/commit/894f6ec730597eb243618d33cc84d71add8d6a8a (curl-7_78_0) +CVE-2021-22897 (curl 7.61.0 through 7.76.1 suffers from exposure of data element to wr ...) + - curl <not-affected> (Windows only) + NOTE: https://curl.se/docs/CVE-2021-22897.html + NOTE: Introduced by: https://github.com/curl/curl/commit/9aefbff30d280c60fc9d8cc3e0b2f19fc70a2f28 (7.61.0) + NOTE: Fixed by: https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511 (7.77.0) + NOTE: Only affect builds with schannel support (which is Windows only) +CVE-2021-22896 (Nextcloud Mail before 1.9.5 suffers from improper access control due t ...) + NOT-FOR-US: Nextcloud Mail +CVE-2021-22895 (Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certif ...) + {DSA-4974-1} + - nextcloud-desktop 3.3.1-1 (bug #989846) + NOTE: https://github.com/nextcloud/desktop/pull/2926 + NOTE: https://github.com/nextcloud/desktop/commit/b1ddd0e491b2af0ed040e658d8bcde2a7a61c9fc (stable-3.1) + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5 +CVE-2021-22894 (A buffer overflow vulnerability exists in Pulse Connect Secure before ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authen ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2021-22892 (An information disclosure vulnerability exists in the Rocket.Chat serv ...) + NOT-FOR-US: Rocket.Chat +CVE-2021-22891 (A missing authorization vulnerability exists in Citrix ShareFile Stora ...) + NOT-FOR-US: Citrix +CVE-2021-22890 (curl 7.63.0 to and including 7.75.0 includes vulnerability that allows ...) + {DSA-4881-1} + - curl 7.74.0-1.2 (bug #986270) + [stretch] - curl <not-affected> (Vulnerable code introduced later) + NOTE: https://curl.se/docs/CVE-2021-22890.html + NOTE: Fixed by: https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844 +CVE-2021-22889 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...) + NOT-FOR-US: Revive Adserver +CVE-2021-22888 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...) + NOT-FOR-US: Revive Adserver +CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) mode ...) + NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 +CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persist ...) + NOT-FOR-US: Rocket.Chat +CVE-2021-22885 (A possible information disclosure / unintended method execution vulner ...) + {DSA-4929-1 DLA-2655-1} + - rails 2:6.0.3.7+dfsg-1 (bug #988214) + NOTE: https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main) + NOTE: https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7) + NOTE: https://github.com/rails/rails/commit/3eb9e74c287750a9fe11f700fc96d3be1e83aa35 (v5.2.4.6) +CVE-2021-22884 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...) + {DSA-4863-1} + - nodejs 12.21.0~dfsg-1 + [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ +CVE-2021-22883 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...) + {DSA-4863-1} + - nodejs 12.21.0~dfsg-1 + [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ +CVE-2021-22882 (UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras ...) + NOT-FOR-US: UniFi Protect +CVE-2021-22881 (The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3 ...) + - rails 2:6.0.3.5+dfsg-1 + [buster] - rails <not-affected> (Vulnerable code not present) + [stretch] - rails <not-affected> (host_authorization.rb added later) + NOTE: https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130 + NOTE: https://hackerone.com/reports/1047447 + NOTE: https://github.com/rails/rails/commit/83a6ac3fee8fd538ce7e0088913ff54f0f9bcb6f (main) + NOTE: https://github.com/rails/rails/commit/e33092740b3cc05f5abee197a5982eac31947e92 (v6.0.3.5) +CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4 ...) + {DSA-4929-1} + - rails 2:6.0.3.5+dfsg-1 + [stretch] - rails <not-affected> (Vulnerable asterisk in regex added later) + NOTE: https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129 + NOTE: https://hackerone.com/reports/1023899 + NOTE: https://github.com/rails/rails/commit/eddda4d8fb6b6508e11196b14494ceac37b57339 (main) + NOTE: https://github.com/rails/rails/commit/879d02107b5b3eb7aeaad1cd1f259bb41f17286b (v6.0.3.5) + NOTE: https://github.com/rails/rails/commit/bf0ef9df1793046241c26b3fb92fac551d1628b4 (5.2-stable) +CVE-2021-22879 (Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource inje ...) + - nextcloud-desktop 3.1.1-2 (bug #987274) + [buster] - nextcloud-desktop <no-dsa> (Minor issue) + NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2021-008 + NOTE: https://github.com/nextcloud/desktop/pull/2906 +CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...) + - nextcloud-server <itp> (bug #941708) +CVE-2021-22876 (curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Pr ...) + {DSA-4881-1 DLA-2664-1} + - curl 7.74.0-1.2 (bug #986269) + NOTE: https://curl.se/docs/CVE-2021-22876.html + NOTE: Fixed by: https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c +CVE-2021-22875 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...) + NOT-FOR-US: Revive Adserver +CVE-2021-22874 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...) + NOT-FOR-US: Revive Adserver +CVE-2021-22873 (Revive Adserver before 5.1.0 is vulnerable to open redirects via the ` ...) + NOT-FOR-US: Revive Adserver +CVE-2021-22872 (Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site s ...) + NOT-FOR-US: Revive Adserver +CVE-2021-22871 (Revive Adserver before 5.1.0 permits any user with a manager account t ...) + NOT-FOR-US: Revive Adserver +CVE-2021-22870 (A path traversal vulnerability was identified in GitHub Pages builds o ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2021-22869 (An improper access control vulnerability in GitHub Enterprise Server a ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2021-22868 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2021-22867 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2021-22866 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2021-22865 (An improper access control vulnerability was identified in GitHub Ente ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2021-22864 (A remote code execution vulnerability was identified in GitHub Enterpr ...) + NOT-FOR-US: GitHub Enterprise +CVE-2021-22863 (An improper access control vulnerability was identified in the GitHub ...) + NOT-FOR-US: GitHub Enterprise +CVE-2021-22862 (An improper access control vulnerability was identified in GitHub Ente ...) + NOT-FOR-US: GitHub Enterprise +CVE-2021-22861 (An improper access control vulnerability was identified in GitHub Ente ...) + NOT-FOR-US: GitHub Enterprise +CVE-2021-22860 (EIC e-document system does not perform completed identity verification ...) + NOT-FOR-US: EIC e-document system +CVE-2021-22859 (The users’ data querying function of EIC e-document system does ...) + NOT-FOR-US: EIC e-document system +CVE-2021-22858 (Attackers can access the CGE account management function without privi ...) + NOT-FOR-US: CGE +CVE-2021-22857 (The CGE page with download function contains a Directory Traversal vul ...) + NOT-FOR-US: CGE +CVE-2021-22856 (The CGE property management system contains SQL Injection vulnerabilit ...) + NOT-FOR-US: CGE +CVE-2021-22855 (The specific function of HR Portal of Soar Cloud System accepts any ty ...) + NOT-FOR-US: HR Portal of Soar Cloud System +CVE-2021-22854 (The HR Portal of Soar Cloud System fails to filter specific parameters ...) + NOT-FOR-US: HR Portal of Soar Cloud System +CVE-2021-22853 (The HR Portal of Soar Cloud System fails to manage access control. Whi ...) + NOT-FOR-US: HR Portal of Soar Cloud System +CVE-2021-22852 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...) + NOT-FOR-US: HGiga EIP +CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...) + NOT-FOR-US: HGiga EIP +CVE-2021-22850 (HGiga EIP product lacks ineffective access control in certain pages th ...) + NOT-FOR-US: HGiga EIP +CVE-2021-22849 (Hyweb HyCMS-J1 backend editing function does not filter special charac ...) + NOT-FOR-US: Hyweb HyCMS-J1 +CVE-2021-22848 (HGiga MailSherlock contains a SQL Injection. Remote attackers can inje ...) + NOT-FOR-US: HGiga MailSherlock +CVE-2021-22847 (Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote at ...) + NOT-FOR-US: Hyweb HyCMS-J1 +CVE-2021-22846 + RESERVED +CVE-2021-22845 + RESERVED +CVE-2021-22844 + RESERVED +CVE-2021-22843 + RESERVED +CVE-2021-22842 + RESERVED +CVE-2021-22841 + RESERVED +CVE-2021-22840 + RESERVED +CVE-2021-22839 + RESERVED +CVE-2021-22838 + RESERVED +CVE-2021-22837 + RESERVED +CVE-2021-22836 + RESERVED +CVE-2021-22835 + RESERVED +CVE-2021-22834 + RESERVED +CVE-2021-22833 + RESERVED +CVE-2021-22832 + RESERVED +CVE-2021-22831 + RESERVED +CVE-2021-22830 + RESERVED +CVE-2021-22829 + RESERVED +CVE-2021-22828 + RESERVED +CVE-2021-22827 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22826 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22825 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22824 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22823 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22822 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22821 (A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22820 (A CWE-614 Insufficient Session Expiration vulnerability exists that co ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22819 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22818 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22817 (A CWE-276: Incorrect Default Permissions vulnerability exists that cou ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22816 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22815 (A CWE-200: Information Exposure vulnerability exists which could cause ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22814 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22813 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22811 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22810 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22809 (A CWE-125:Out-of-Bounds Read vulnerability exists that could cause uni ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22808 (A CWE-416: Use After Free vulnerability exists that could cause arbitr ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22807 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause a ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22806 (A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability e ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22805 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22804 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22803 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22802 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22801 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22800 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that could cause ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22798 (A CWE-522: Insufficiently Protected Credentials vulnerability exists t ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22797 + RESERVED +CVE-2021-22796 (A CWE-287: Improper Authentication vulnerability exists that could all ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22795 + RESERVED +CVE-2021-22794 + RESERVED +CVE-2021-22793 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22792 (A CWE-476: NULL Pointer Dereference vulnerability that could cause a D ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22791 (A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22790 (A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22789 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22788 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause d ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22787 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22786 + RESERVED +CVE-2021-22785 (A CWE-200: Information Exposure vulnerability exists that could cause ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22784 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22783 + RESERVED +CVE-2021-22782 (Missing Encryption of Sensitive Data vulnerability exists in EcoStruxu ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22781 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22780 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22779 (Authentication Bypass by Spoofing vulnerability exists in EcoStruxure ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22778 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22777 (A CWE-502: Deserialization of Untrusted Data vulnerability exists that ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22776 + RESERVED +CVE-2021-22775 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22774 (A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists i ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22773 (A CWE-620: Unverified Password Change vulnerability exists in EVlink C ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22772 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22771 (A CWE-1236: Improper Neutralization of Formula Elements in a CSV File ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22770 (A CWE-200: Information Exposure vulnerability exists in Easergy T300 w ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22769 (A CWE-552: Files or Directories Accessible to External Parties vulnera ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22768 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) + NOT-FOR-US: PowerLogic EGX300 +CVE-2021-22767 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) + NOT-FOR-US: PowerLogic EGX300 +CVE-2021-22766 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) + NOT-FOR-US: PowerLogic EGX300 +CVE-2021-22765 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...) + NOT-FOR-US: PowerLogic +CVE-2021-22764 (A CWE-287: Improper Authentication vulnerability exists in PowerLogic ...) + NOT-FOR-US: PowerLogic +CVE-2021-22763 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...) + NOT-FOR-US: PowerLogic +CVE-2021-22762 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider +CVE-2021-22761 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) + NOT-FOR-US: Schneider +CVE-2021-22760 (A CWE-763: Release of invalid pointer or reference vulnerability exist ...) + NOT-FOR-US: Schneider +CVE-2021-22759 (A CWE-416: Use after free vulnerability exists inIGSS Definition (Def. ...) + NOT-FOR-US: Schneider +CVE-2021-22758 (A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS ...) + NOT-FOR-US: Schneider +CVE-2021-22757 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...) + NOT-FOR-US: Schneider +CVE-2021-22756 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...) + NOT-FOR-US: Schneider +CVE-2021-22755 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) + NOT-FOR-US: Schneider +CVE-2021-22754 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) + NOT-FOR-US: Schneider +CVE-2021-22753 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...) + NOT-FOR-US: Schneider +CVE-2021-22752 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) + NOT-FOR-US: Schneider +CVE-2021-22751 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) + NOT-FOR-US: Schneider +CVE-2021-22750 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...) + NOT-FOR-US: Schneider +CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) + NOT-FOR-US: Schneider +CVE-2021-22748 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider +CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) + NOT-FOR-US: Tricon +CVE-2021-22746 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) + NOT-FOR-US: Tricon +CVE-2021-22745 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) + NOT-FOR-US: Tricon +CVE-2021-22744 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) + NOT-FOR-US: Tricon +CVE-2021-22743 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) + NOT-FOR-US: Tricon +CVE-2021-22742 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...) + NOT-FOR-US: Tricon +CVE-2021-22741 (Use of Password Hash with Insufficient Computational Effort vulnerabil ...) + NOT-FOR-US: Schneider +CVE-2021-22740 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) ...) + NOT-FOR-US: Schneider +CVE-2021-22739 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) ...) + NOT-FOR-US: Schneider +CVE-2021-22738 (Use of a Broken or Risky Cryptographic Algorithm vulnerability exists ...) + NOT-FOR-US: Schneider +CVE-2021-22737 (Insufficiently Protected Credentials vulnerability exists in homeLYnk ...) + NOT-FOR-US: Schneider +CVE-2021-22736 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: Schneider +CVE-2021-22735 (Improper Verification of Cryptographic Signature vulnerability exists ...) + NOT-FOR-US: Schneider +CVE-2021-22734 (Improper Verification of Cryptographic Signature vulnerability exists ...) + NOT-FOR-US: Schneider +CVE-2021-22733 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser ...) + NOT-FOR-US: Schneider +CVE-2021-22732 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser ...) + NOT-FOR-US: Schneider +CVE-2021-22731 (Weak Password Recovery Mechanism for Forgotten Password vulnerability ...) + NOT-FOR-US: Modicon +CVE-2021-22730 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlin ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22729 (A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink C ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22728 (A CWE-200: Information Exposure vulnerability exists in EVlink City (E ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22727 (A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (E ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22726 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22725 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22724 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22723 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22722 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22721 (A CWE-200: Information Exposure vulnerability exists in EVlink City (E ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22720 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22719 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22718 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22717 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22716 (A CWE-269: Improper Privilege Management vulnerability exists in C-Bus ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22715 + RESERVED +CVE-2021-22714 (A CWE-119:Improper restriction of operations within the bounds of a me ...) + NOT-FOR-US: Schneider +CVE-2021-22713 (A CWE-119:Improper restriction of operations within the bounds of a me ...) + NOT-FOR-US: Schneider +CVE-2021-22712 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...) + NOT-FOR-US: Schneider +CVE-2021-22711 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...) + NOT-FOR-US: Schneider +CVE-2021-22710 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...) + NOT-FOR-US: Schneider +CVE-2021-22709 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...) + NOT-FOR-US: Schneider +CVE-2021-22708 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22707 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlin ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22706 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22705 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...) + NOT-FOR-US: Schneider +CVE-2021-22704 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider Electric +CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...) + NOT-FOR-US: PowerLogic +CVE-2021-22702 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...) + NOT-FOR-US: PowerLogic +CVE-2021-22701 (A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLog ...) + NOT-FOR-US: PowerLogic +CVE-2021-22700 + RESERVED +CVE-2021-22699 (Improper Input Validation vulnerability exists in Modicon M241/M251 lo ...) + NOT-FOR-US: Modicon +CVE-2021-22698 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...) + NOT-FOR-US: EcoStruxure Power Build +CVE-2021-22697 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...) + NOT-FOR-US: EcoStruxure Power Build +CVE-2021-3029 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...) + NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging) +CVE-2021-3028 (git-big-picture before 1.0.0 mishandles ' characters in a branch name, ...) + - git-big-picture 1.0.0-1 + [buster] - git-big-picture <no-dsa> (Minor issue) + [stretch] - git-big-picture <no-dsa> (Minor issue) + NOTE: https://github.com/git-big-picture/git-big-picture/pull/62 +CVE-2021-22696 (CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via ...) + NOT-FOR-US: Apache CXF +CVE-2021-3027 (app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected ...) + NOT-FOR-US: LibrIT PaSSHport +CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows XSS durin ...) + NOT-FOR-US: Invision Community IPS Community Suite +CVE-2021-3025 (Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injec ...) + NOT-FOR-US: Invision Community IPS Community +CVE-2021-22695 + RESERVED +CVE-2021-22694 + RESERVED +CVE-2021-22693 + RESERVED +CVE-2021-22692 + RESERVED +CVE-2021-22691 + RESERVED +CVE-2021-22690 + RESERVED +CVE-2021-22689 + RESERVED +CVE-2021-22688 + RESERVED +CVE-2021-22687 + RESERVED +CVE-2021-22686 + RESERVED +CVE-2021-3024 (HashiCorp Vault and Vault Enterprise disclosed the internal IP address ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-3023 + RESERVED +CVE-2021-3022 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) + NOT-FOR-US: LG mobile devices +CVE-2021-3021 (ISPConfig before 3.2.2 allows SQL injection. ...) + NOT-FOR-US: ISPConfig +CVE-2021-3020 + RESERVED +CVE-2021-22685 + RESERVED +CVE-2021-22684 (Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in ...) + NOT-FOR-US: Tizen RT RTOS +CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...) + NOT-FOR-US: Fatek FvDesigner +CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) is configured by default to be ...) + NOT-FOR-US: Cscape +CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, ...) + NOT-FOR-US: Rockwell Automation +CVE-2021-22680 + RESERVED +CVE-2021-22679 (The affected product is vulnerable to an integer overflow while proces ...) + NOT-FOR-US: SimpleLink +CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper validation of use ...) + NOT-FOR-US: Cscape +CVE-2021-22677 (An integer overflow exists in the APIs of the host MCU while trying to ...) + NOT-FOR-US: SimpleLink +CVE-2021-22676 (UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site sc ...) + NOT-FOR-US: WebAccess/SCADA +CVE-2021-22675 (The affected product is vulnerable to integer overflow while parsing m ...) + NOT-FOR-US: SimpleLink +CVE-2021-22674 (The affected product is vulnerable to a relative path traversal condit ...) + NOT-FOR-US: WebAccess/SCADA +CVE-2021-22673 (The affected product is vulnerable to stack-based buffer overflow whil ...) + NOT-FOR-US: SimpleLink +CVE-2021-22672 (Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 ...) + NOT-FOR-US: Delta Electronics +CVE-2021-22671 (Multiple integer overflow issues exist while processing long domain na ...) + NOT-FOR-US: SimpleLink +CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner Version ...) + NOT-FOR-US: Fatek FvDesigner +CVE-2021-22669 (Incorrect permissions are set to default on the ‘Project Managem ...) + NOT-FOR-US: WebAccess/SCADA +CVE-2021-22668 (Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (wit ...) + NOT-FOR-US: Delta Industrial Automation +CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the ...) + NOT-FOR-US: BB-ESWGP506-2SFP-T +CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-bas ...) + NOT-FOR-US: Fatek FvDesigner +CVE-2021-22665 (Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 ...) + NOT-FOR-US: Rockwell Automation +CVE-2021-22664 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds ...) + NOT-FOR-US: CNCSoft-B +CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...) + NOT-FOR-US: Cscape +CVE-2021-22662 (A use after free issue has been identified in Fatek FvDesigner Version ...) + NOT-FOR-US: Fatek FvDesigner +CVE-2021-22661 (Changing the password on the module webpage does not require the user ...) + NOT-FOR-US: ProSoft Technology +CVE-2021-22660 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds ...) + NOT-FOR-US: CNCSoft-B +CVE-2021-22659 (Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a ...) + NOT-FOR-US: Rockwell Automation +CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...) + NOT-FOR-US: Advantech iView +CVE-2021-22657 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API p ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-22656 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to direc ...) + NOT-FOR-US: Advantech iView +CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...) + NOT-FOR-US: Fuji Electric +CVE-2021-22654 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...) + NOT-FOR-US: Advantech iView +CVE-2021-22653 (Multiple out-of-bounds write issues have been identified in the way th ...) + NOT-FOR-US: Fuji Electric +CVE-2021-22652 (Access to the Advantech iView versions prior to v5.7.03.6112 configura ...) + NOT-FOR-US: Advantech iView +CVE-2021-22651 (When loading a specially crafted file, Luxion KeyShot versions prior t ...) + NOT-FOR-US: Luxion +CVE-2021-22650 + RESERVED +CVE-2021-22649 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...) + NOT-FOR-US: Luxion KeyShot +CVE-2021-22648 + RESERVED +CVE-2021-22647 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...) + NOT-FOR-US: Luxion KeyShot +CVE-2021-22646 + RESERVED +CVE-2021-22645 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...) + NOT-FOR-US: Luxion KeyShot +CVE-2021-22644 + RESERVED +CVE-2021-22643 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...) + NOT-FOR-US: Luxion KeyShot +CVE-2021-22642 + RESERVED +CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the way the ...) + NOT-FOR-US: Fuji Electric +CVE-2021-22640 + RESERVED +CVE-2021-22639 (An uninitialized pointer issue has been identified in the way the appl ...) + NOT-FOR-US: Fuji Electric +CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...) + NOT-FOR-US: Fatek FvDesigner +CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...) + NOT-FOR-US: Fuji Electric +CVE-2021-22636 + RESERVED +CVE-2021-22635 + RESERVED +CVE-2021-22634 + RESERVED +CVE-2021-22633 + RESERVED +CVE-2021-22632 + RESERVED +CVE-2021-22631 + RESERVED +CVE-2021-22630 + RESERVED +CVE-2021-22629 + RESERVED +CVE-2021-22628 + RESERVED +CVE-2021-22627 + RESERVED +CVE-2021-22626 + RESERVED +CVE-2021-22625 + RESERVED +CVE-2021-22624 + RESERVED +CVE-2021-22623 + RESERVED +CVE-2021-22622 + RESERVED +CVE-2021-22621 + RESERVED +CVE-2021-22620 + RESERVED +CVE-2021-22619 + RESERVED +CVE-2021-22618 + RESERVED +CVE-2021-22617 + RESERVED +CVE-2021-22616 + RESERVED +CVE-2021-22615 + RESERVED +CVE-2021-22614 + RESERVED +CVE-2021-22613 + RESERVED +CVE-2021-22612 + RESERVED +CVE-2021-22611 + RESERVED +CVE-2021-22610 + RESERVED +CVE-2021-22609 + RESERVED +CVE-2021-22608 + RESERVED +CVE-2021-22607 + RESERVED +CVE-2021-22606 + RESERVED +CVE-2021-22605 + RESERVED +CVE-2021-22604 + RESERVED +CVE-2021-22603 + RESERVED +CVE-2021-22602 + RESERVED +CVE-2021-22601 + RESERVED +CVE-2021-22600 (A double free bug in packet_set_ring() in net/packet/af_packet.c can b ...) + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (5.16-rc6) +CVE-2021-22599 + RESERVED +CVE-2021-22598 + RESERVED +CVE-2021-22597 + RESERVED +CVE-2021-22596 + RESERVED +CVE-2021-22595 + RESERVED +CVE-2021-22594 + RESERVED +CVE-2021-22593 + RESERVED +CVE-2021-22592 + RESERVED +CVE-2021-22591 + RESERVED +CVE-2021-22589 + RESERVED +CVE-2021-22588 + RESERVED +CVE-2021-22587 + RESERVED +CVE-2021-22586 + RESERVED +CVE-2021-22585 + RESERVED +CVE-2021-22584 + RESERVED +CVE-2021-22583 + RESERVED +CVE-2021-22582 + RESERVED +CVE-2021-22581 + RESERVED +CVE-2021-22580 + RESERVED +CVE-2021-22579 + RESERVED +CVE-2021-22578 + RESERVED +CVE-2021-22577 + RESERVED +CVE-2021-22576 + RESERVED +CVE-2021-22575 + RESERVED +CVE-2021-22574 + RESERVED +CVE-2021-22573 + RESERVED +CVE-2021-22572 + RESERVED +CVE-2021-22571 + RESERVED +CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...) + [experimental] - protobuf 3.17.1-1 + - protobuf <unfixed> + [bullseye] - protobuf <no-dsa> (Minor issue) + [buster] - protobuf <no-dsa> (Minor issue) + [stretch] - protobuf <postponed> (Minor issue; clean crash / Dos; patch needs to be isolated) + NOTE: Fixed upstream in v3.15.0: https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0 +CVE-2021-22569 (An issue in protobuf-java allowed the interleaving of com.google.proto ...) + [experimental] - protobuf 3.19.3-1 + - protobuf <unfixed> + [bullseye] - protobuf <no-dsa> (Minor issue) + [buster] - protobuf <no-dsa> (Minor issue) + [stretch] - protobuf <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/12/4 + NOTE: https://cloud.google.com/support/bulletins#gcp-2022-001 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330 (unclear, might be bogus) + NOTE: https://github.com/protocolbuffers/protobuf/pull/9371/commits/5ea2bdf6d7483d64a6b02fcf00ee51fbfb80e847 +CVE-2021-22568 (When using the dart pub publish command to publish a package to a thir ...) + NOT-FOR-US: Dart language +CVE-2021-22567 (Bidirectional Unicode text can be interpreted and compiled differently ...) + NOT-FOR-US: Dart language (different from src:dart) + NOTE: https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41 +CVE-2021-22566 (An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead ...) + NOT-FOR-US: Google fuchsia +CVE-2021-22565 (An attacker could prematurely expire a verification code, making it un ...) + NOT-FOR-US: Google reference COVID19 exposure verification component + NOTE: https://github.com/google/exposure-notifications-verification-server +CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger than an i ...) + - jpeg-xl <not-affected> (Fixed with initial upload to Debian) + NOTE: https://github.com/libjxl/libjxl/issues/708 + NOTE: https://github.com/libjxl/libjxl/pull/775 + NOTE: https://github.com/libjxl/libjxl/commit/9d4a2de2f7a853f072c2a1bd6719e815a09075e9 (v0.6.1) +CVE-2021-22563 (Invalid JPEG XL images using libjxl can cause an out of bounds access ...) + - jpeg-xl <not-affected> (Fixed with initial upload to Debian) + NOTE: https://github.com/libjxl/libjxl/issues/735 + NOTE: https://github.com/libjxl/libjxl/pull/757 + NOTE: https://github.com/libjxl/libjxl/commit/b0b39694d8ba6eb031eae217fcae488ce7403ae7 (v0.6.1) +CVE-2021-22562 + RESERVED +CVE-2021-22561 + RESERVED +CVE-2021-22560 + RESERVED +CVE-2021-22559 + RESERVED +CVE-2021-22558 + RESERVED +CVE-2021-22557 (SLO generator allows for loading of YAML files that if crafted in a sp ...) + NOT-FOR-US: SLO generator +CVE-2021-22556 + RESERVED +CVE-2021-22555 (A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was disco ...) + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + [stretch] - linux 4.9.272-1 + NOTE: https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528 + NOTE: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html +CVE-2021-22554 + RESERVED +CVE-2021-22553 (Any git operation is passed through Jetty and a session is created. No ...) + - gerrit <itp> (bug #589436) +CVE-2021-22552 (An untrusted memory read vulnerability in Asylo versions up to 0.6.1 a ...) + NOT-FOR-US: Asylo +CVE-2021-22551 + RESERVED +CVE-2021-22550 (An attacker can modify the pointers in enclave memory to overwrite arb ...) + NOT-FOR-US: Asylo +CVE-2021-22549 (An attacker can modify the address to point to trusted memory to overw ...) + NOT-FOR-US: Asylo +CVE-2021-22548 (An attacker can change the pointer to untrusted memory to point to tru ...) + NOT-FOR-US: Asylo +CVE-2021-22547 (In IoT Devices SDK, there is an implementation of calloc() that doesn' ...) + NOT-FOR-US: Google Cloud IoT Device SDK +CVE-2021-22546 + RESERVED +CVE-2021-22545 (An attacker can craft a specific IdaPro *.i64 file that will cause the ...) + NOT-FOR-US: IDA Pro +CVE-2021-22544 + RESERVED +CVE-2021-22543 (An issue was discovered in Linux: KVM through Improper handling of VM_ ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.10.46-2 + [buster] - linux 4.19.208-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/3 + NOTE: https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 + NOTE: https://git.kernel.org/linus/f8be156be163a052a067306417cd0ff679068c97 +CVE-2021-22542 + RESERVED +CVE-2021-22541 + RESERVED +CVE-2021-22540 (Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an ...) + NOT-FOR-US: Dart SDK +CVE-2021-22539 (An attacker can place a crafted JSON config file into the project fold ...) + NOT-FOR-US: VScode-bazel +CVE-2021-22538 (A privilege escalation vulnerability impacting the Google Exposure Not ...) + NOT-FOR-US: Google Exposure Notification Verification Server +CVE-2021-22537 + RESERVED +CVE-2021-22536 + RESERVED +CVE-2021-22535 (Unauthorized information security disclosure vulnerability on Micro Fo ...) + NOT-FOR-US: Micro Focus +CVE-2021-22534 + RESERVED +CVE-2021-22533 + RESERVED +CVE-2021-22532 + RESERVED +CVE-2021-22531 + RESERVED +CVE-2021-22530 + RESERVED +CVE-2021-22529 + RESERVED +CVE-2021-22528 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...) + NOT-FOR-US: NetIQ Access Manager +CVE-2021-22527 (Information leakage vulnerability in NetIQ Access Manager prior to 5.0 ...) + NOT-FOR-US: NetIQ Access Manager +CVE-2021-22526 (Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 ...) + NOT-FOR-US: NetIQ Access Manager +CVE-2021-22525 (This release addresses a potential information leakage vulnerability i ...) + NOT-FOR-US: Microfocus +CVE-2021-22524 (Injection attack caused the denial of service vulnerability in NetIQ A ...) + NOT-FOR-US: NetIQ Access Manager +CVE-2021-22523 (XML External Entity vulnerability in Micro Focus Verastream Host Integ ...) + NOT-FOR-US: Micro Focus +CVE-2021-22522 (Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream ...) + NOT-FOR-US: Micro Focus +CVE-2021-22521 (A privileged escalation vulnerability has been identified in Micro Foc ...) + NOT-FOR-US: Micro Focus +CVE-2021-22520 + RESERVED +CVE-2021-22519 (Execute arbitrary code vulnerability in Micro Focus SiteScope product, ...) + NOT-FOR-US: Micro Focus +CVE-2021-22518 + RESERVED +CVE-2021-22517 (A potential unauthorized privilege escalation vulnerability has been i ...) + NOT-FOR-US: Micro Focus +CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability in Micr ...) + NOT-FOR-US: Micro Focus Secure API Manager +CVE-2021-22515 (Multi-Factor Authentication (MFA) functionality can be bypassed, allow ...) + NOT-FOR-US: NetIQ +CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro Focus Applic ...) + NOT-FOR-US: Micro Focus +CVE-2021-22513 (Missing Authorization vulnerability in Micro Focus Application Automat ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-22512 (Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Applica ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-22511 (Improper Certificate Validation vulnerability in Micro Focus Applicati ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-22510 (Reflected XSS vulnerability in Micro Focus Application Automation Tool ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-22509 + RESERVED +CVE-2021-22508 + RESERVED +CVE-2021-22507 (Authentication bypass vulnerability in Micro Focus Operations Bridge M ...) + NOT-FOR-US: Micro Focus +CVE-2021-22506 (Advance configuration exposing Information Leakage vulnerability in Mi ...) + NOT-FOR-US: Micro Focus +CVE-2021-22505 (Escalation of privileges vulnerability in Micro Focus Operations Agent ...) + NOT-FOR-US: Micro Focus +CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus Operations Bridg ...) + NOT-FOR-US: Micro Focus +CVE-2021-22503 + RESERVED +CVE-2021-22502 (Remote Code execution vulnerability in Micro Focus Operation Bridge Re ...) + NOT-FOR-US: Micro Focus +CVE-2021-22501 + RESERVED +CVE-2021-22500 (Cross Site Request Forgery vulnerability in Micro Focus Application Pe ...) + NOT-FOR-US: Micro Focus +CVE-2021-22499 (Persistent Cross-Site scripting vulnerability in Micro Focus Applicati ...) + NOT-FOR-US: Micro Focus +CVE-2021-22498 (XML External Entity Injection vulnerability in Micro Focus Application ...) + NOT-FOR-US: Micro Focus +CVE-2021-22497 (Advanced Authentication versions prior to 6.3 SP4 have a potential bro ...) + NOT-FOR-US: NetIQ +CVE-2021-22496 (Authentication Bypass Vulnerability in Micro Focus Access Manager Prod ...) + NOT-FOR-US: Micro Focus +CVE-2021-22495 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-22494 (An issue was discovered in the fingerprint scanner on Samsung Note20 m ...) + NOT-FOR-US: Samsung Note20 mobile devices +CVE-2021-22493 + REJECTED +CVE-2021-22492 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2021-22491 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-22490 (There is a Permission verification vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-22489 + RESERVED +CVE-2021-22488 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-22487 (There is an Out-of-bounds read vulnerability in Huawei Smartphone. Suc ...) + NOT-FOR-US: Huawei +CVE-2021-22486 (There is a issue of Unstandardized field names in Huawei Smartphone. S ...) + NOT-FOR-US: Huawei +CVE-2021-22485 (There is a SSID vulnerability with Wi-Fi network connections in Huawei ...) + NOT-FOR-US: Huawei +CVE-2021-22484 + RESERVED +CVE-2021-22483 (There is a issue of IP address spoofing in Huawei Smartphone. Successf ...) + NOT-FOR-US: Huawei +CVE-2021-22482 (There is an Uninitialized variable vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-22481 (There is a Verification errors vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-22480 + RESERVED +CVE-2021-22479 + RESERVED +CVE-2021-22478 + RESERVED +CVE-2021-22477 + RESERVED +CVE-2021-22476 + RESERVED +CVE-2021-22475 (There is an Improper permission management vulnerability in Huawei Sma ...) + NOT-FOR-US: Huawei +CVE-2021-22474 (There is an Out-of-bounds memory access in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-22473 (There is an Authentication vulnerability in Huawei Smartphone.Successf ...) + NOT-FOR-US: Huawei +CVE-2021-22472 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-22471 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22470 (A component of the HarmonyOS has a Privileges Controls vulnerability. ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22469 (A component of the HarmonyOS has a Out-of-bounds Read vulnerability. L ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22468 (A component of the HarmonyOS has a Exposure of Sensitive Information t ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22467 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22466 (A component of the HarmonyOS has a Use After Free vulnerability. Local ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22465 (A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerab ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22464 (A component of the HarmonyOS has a Out-of-bounds Read vulnerability. L ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22463 (A component of the HarmonyOS has a Use After Free vulnerability . Loca ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22462 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22461 (A component of the HarmonyOS has a Allocation of Resources Without Lim ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22460 (A component of the HarmonyOS has a Insufficient Verification of Data A ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22459 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22458 (A component of the HarmonyOS has a Improper Restriction of Operations ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22457 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22456 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22455 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22454 (A component of the HarmonyOS has a External Control of System or Confi ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22453 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22452 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22451 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22450 (A component of the HarmonyOS has a Incomplete Cleanup vulnerability. L ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22449 (There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthentica ...) + NOT-FOR-US: Elf-G10HN (Huawei) +CVE-2021-22448 + RESERVED +CVE-2021-22447 (There is an Improper Check for Unusual or Exceptional Conditions Vulne ...) + NOT-FOR-US: Huawei +CVE-2021-22446 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-22445 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-22444 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-22443 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-22442 (There is an Improper Validation of Integrity Check Value Vulnerability ...) + NOT-FOR-US: Huawei +CVE-2021-22441 + RESERVED +CVE-2021-22440 (There is a path traversal vulnerability in some Huawei products. The v ...) + NOT-FOR-US: Huawei +CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice V200R006C ...) + NOT-FOR-US: Huawei +CVE-2021-22438 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) + NOT-FOR-US: Huawei +CVE-2021-22437 + RESERVED +CVE-2021-22436 (There is a Logic Bypass vulnerability in Huawei Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-22435 (There is a Configuration Defect Vulnerability in Huawei Smartphone.Suc ...) + NOT-FOR-US: Huawei +CVE-2021-22434 + RESERVED +CVE-2021-22433 + RESERVED +CVE-2021-22432 + RESERVED +CVE-2021-22431 + RESERVED +CVE-2021-22430 + RESERVED +CVE-2021-22429 + RESERVED +CVE-2021-22428 (There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-22427 (There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartpho ...) + NOT-FOR-US: Huawei +CVE-2021-22426 + RESERVED +CVE-2021-22425 (A component of the HarmonyOS has a Double Free vulnerability. Local at ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22424 (A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22423 (A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22422 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22421 (A component of the HarmonyOS has a Improper Privilege Management vulne ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22420 (A component of the HarmonyOS has a External Control of System or Confi ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22419 (A component of the HarmonyOS has a Insufficient Verification of Data A ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22418 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22417 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22416 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22415 (There is an Incorrect Calculation of Buffer Size Vulnerability in Huaw ...) + NOT-FOR-US: Huawei +CVE-2021-22414 (There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Suc ...) + NOT-FOR-US: Huawei +CVE-2021-22413 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...) + NOT-FOR-US: Huawei +CVE-2021-22412 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...) + NOT-FOR-US: Huawei +CVE-2021-22411 (There is an out-of-bounds write vulnerability in some Huawei products. ...) + NOT-FOR-US: Huawei +CVE-2021-22410 (There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C ...) + NOT-FOR-US: Huawei +CVE-2021-22409 (There is a denial of service vulnerability in some versions of ManageO ...) + NOT-FOR-US: Huawei +CVE-2021-22408 + RESERVED +CVE-2021-22407 (There is a Configuration defects in Huawei Smartphone.Successful explo ...) + NOT-FOR-US: Huawei +CVE-2021-22406 (There is an Uncaught Exception vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-22405 (There is a Configuration defects in Huawei Smartphone.Successful explo ...) + NOT-FOR-US: Huawei +CVE-2021-22404 (There is a Directory traversal vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-22403 (There is a vulnerability of hijacking unverified providers in Huawei S ...) + NOT-FOR-US: Huawei +CVE-2021-22402 (There is a DoS vulnerability in Huawei Smartphone.Successful exploitat ...) + NOT-FOR-US: Huawei +CVE-2021-22401 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...) + NOT-FOR-US: Huawei +CVE-2021-22400 (Some Huawei Smartphones has an insufficient input validation vulnerabi ...) + NOT-FOR-US: Huawei +CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS vulnerabil ...) + NOT-FOR-US: Huawei +CVE-2021-22398 (There is a logic error vulnerability in several smartphones. The softw ...) + NOT-FOR-US: Huawei +CVE-2021-22397 (There is a privilege escalation vulnerability in Huawei ManageOne 8.0. ...) + NOT-FOR-US: Huawei +CVE-2021-22396 (There is a privilege escalation vulnerability in some Huawei products. ...) + NOT-FOR-US: Huawei +CVE-2021-22395 + RESERVED +CVE-2021-22394 + RESERVED +CVE-2021-22393 (There is a denial of service vulnerability in some versions of CloudEn ...) + NOT-FOR-US: CloudEngine (Huawei) +CVE-2021-22392 (There is an Incorrect Calculation of Buffer Size in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-22391 (There is an Incorrect Calculation of Buffer Size in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-22390 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) + NOT-FOR-US: Huawei +CVE-2021-22389 (There is a Permission Control Vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-22388 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...) + NOT-FOR-US: Huawei +CVE-2021-22387 (There is an Improper Control of Dynamically Managing Code Resources Vu ...) + NOT-FOR-US: Huawei +CVE-2021-22386 (A component of the Huawei smartphone has a Double Free vulnerability. ...) + NOT-FOR-US: Huawei / HarmonyOS +CVE-2021-22385 (A component of the Huawei smartphone has a External Control of System ...) + NOT-FOR-US: Huawei / HarmonyOS +CVE-2021-22384 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-22383 (There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 ...) + NOT-FOR-US: Huawei +CVE-2021-22382 (Huawei LTE USB Dongle products have an improper permission assignment ...) + NOT-FOR-US: Huawei +CVE-2021-22381 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-22380 (There is a Cleartext Transmission of Sensitive Information Vulnerabili ...) + NOT-FOR-US: Huawei +CVE-2021-22379 (There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Hu ...) + NOT-FOR-US: Huawei +CVE-2021-22378 (There is a race condition vulnerability in eCNS280_TD V100R005C00 and ...) + NOT-FOR-US: Huawei +CVE-2021-22377 (There is a command injection vulnerability in S12700 V200R019C00SPC500 ...) + NOT-FOR-US: Huawei +CVE-2021-22376 (A component of the HarmonyOS has a Improper Privilege Management vulne ...) + NOT-FOR-US: Huawei +CVE-2021-22375 (There is a Key Management Errors Vulnerability in Huawei Smartphone. S ...) + NOT-FOR-US: Huawei +CVE-2021-22374 (There is an Improper Validation of Array Index Vulnerability in Huawei ...) + NOT-FOR-US: Huawei +CVE-2021-22373 (There is a Defects Introduced in the Design Process Vulnerability in H ...) + NOT-FOR-US: Huawei +CVE-2021-22372 (There is a Security Features Vulnerability in Huawei Smartphone. Succe ...) + NOT-FOR-US: Huawei +CVE-2021-22371 (There is an Improper Permission Management Vulnerability in Huawei Sma ...) + NOT-FOR-US: Huawei +CVE-2021-22370 (There is a Credentials Management Errors Vulnerability in Huawei Smart ...) + NOT-FOR-US: Huawei +CVE-2021-22369 (There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerabi ...) + NOT-FOR-US: Huawei +CVE-2021-22368 (There is a Permission Control Vulnerability in Huawei Smartphone. Succ ...) + NOT-FOR-US: Huawei +CVE-2021-22367 (There is a Key Management Errors Vulnerability in Huawei Smartphone. S ...) + NOT-FOR-US: Huawei +CVE-2021-22366 (There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C ...) + NOT-FOR-US: Huawei +CVE-2021-22365 (There is an out of bounds read vulnerability in eSE620X vESS V100R001C ...) + NOT-FOR-US: Huawei +CVE-2021-22364 (There is a denial of service vulnerability in the versions 10.1.0.126( ...) + NOT-FOR-US: Huawei +CVE-2021-22363 (There is a resource management error vulnerability in eCNS280_TD V100R ...) + NOT-FOR-US: Huawei +CVE-2021-22362 (There is an out of bounds write vulnerability in some Huawei products. ...) + NOT-FOR-US: Huawei +CVE-2021-22361 (There is an improper authorization vulnerability in eCNS280 V100R005C0 ...) + NOT-FOR-US: Huawei +CVE-2021-22360 (There is a resource management error vulnerability in the verisions V5 ...) + NOT-FOR-US: Huawei +CVE-2021-22359 (There is a denial of service vulnerability in the verisions V200R005C0 ...) + NOT-FOR-US: Huawei +CVE-2021-22358 (There is an insufficient input validation vulnerability in FusionCompu ...) + NOT-FOR-US: Huawei +CVE-2021-22357 (There is a denial of service vulnerability in Huawei products. A modul ...) + NOT-FOR-US: Huawei +CVE-2021-22356 (There is a weak secure algorithm vulnerability in Huawei products. A w ...) + NOT-FOR-US: Huawei +CVE-2021-22355 + RESERVED +CVE-2021-22354 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-22353 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) + NOT-FOR-US: Huawei +CVE-2021-22352 (There is a Configuration Defect Vulnerability in Huawei Smartphone. Su ...) + NOT-FOR-US: Huawei +CVE-2021-22351 (There is a Credentials Management Errors Vulnerability in Huawei Smart ...) + NOT-FOR-US: Huawei +CVE-2021-22350 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) + NOT-FOR-US: Huawei +CVE-2021-22349 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...) + NOT-FOR-US: Huawei +CVE-2021-22348 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...) + NOT-FOR-US: Huawei +CVE-2021-22347 (There is an Improper Access Control vulnerability in Huawei Smartphone ...) + NOT-FOR-US: Huawei +CVE-2021-22346 (There is an Improper Permission Management Vulnerability in Huawei Sma ...) + NOT-FOR-US: Huawei +CVE-2021-22345 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...) + NOT-FOR-US: Huawei +CVE-2021-22344 (There is an Improper Access Control vulnerability in Huawei Smartphone ...) + NOT-FOR-US: Huawei +CVE-2021-22343 (There is a Configuration Defect vulnerability in Huawei Smartphone. Su ...) + NOT-FOR-US: Huawei +CVE-2021-22342 (There is an information leak vulnerability in Huawei products. A modul ...) + NOT-FOR-US: Huawei +CVE-2021-22341 (There is a memory leak vulnerability in Huawei products. A resource ma ...) + NOT-FOR-US: Huawei +CVE-2021-22340 (There is a multiple threads race condition vulnerability in Huawei pro ...) + NOT-FOR-US: Huawei +CVE-2021-22339 (There is a denial of service vulnerability in some versions of ManageO ...) + NOT-FOR-US: Huawei +CVE-2021-22338 (There is an XXE injection vulnerability in eCNS280 V100R005C00 and V10 ...) + NOT-FOR-US: Huawei +CVE-2021-22337 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-22336 (There is an Improper Control of Generation of Code vulnerability in Hu ...) + NOT-FOR-US: Huawei +CVE-2021-22335 (There is a Memory Buffer Improper Operation Limit vulnerability in Hua ...) + NOT-FOR-US: Huawei +CVE-2021-22334 (There is an Improper Access Control vulnerability in Huawei Smartphone ...) + NOT-FOR-US: Huawei +CVE-2021-22333 (There is an Improper Validation of Array Index vulnerability in Huawei ...) + NOT-FOR-US: Huawei +CVE-2021-22332 (There is a pointer double free vulnerability in some versions of Cloud ...) + NOT-FOR-US: CloudEngine (Huawei) +CVE-2021-22331 (There is a JavaScript injection vulnerability in certain Huawei smartp ...) + NOT-FOR-US: Huawei +CVE-2021-22330 (There is an out of bounds write vulnerability in Huawei Smartphone HUA ...) + NOT-FOR-US: Huawei +CVE-2021-22329 (There has a license management vulnerability in some Huawei products. ...) + NOT-FOR-US: Huawei +CVE-2021-22328 (There is a denial of service vulnerability in some huawei products. In ...) + NOT-FOR-US: Huawei +CVE-2021-22327 (There is an arbitrary memory write vulnerability in Huawei smart phone ...) + NOT-FOR-US: Huawei +CVE-2021-22326 (A component of the HarmonyOS has a Privilege Dropping / Lowering Error ...) + NOT-FOR-US: Huawei +CVE-2021-22325 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-22324 (There is a Credentials Management Errors vulnerability in Huawei Smart ...) + NOT-FOR-US: Huawei +CVE-2021-22323 (There is an Integer Overflow Vulnerability in Huawei Smartphone. Succe ...) + NOT-FOR-US: Huawei +CVE-2021-22322 (There is a Missing Authentication for Critical Function vulnerability ...) + NOT-FOR-US: Huawei +CVE-2021-22321 (There is a use-after-free vulnerability in a Huawei product. A module ...) + NOT-FOR-US: Huawei +CVE-2021-22320 (There is a denial of service vulnerability in Huawei products. A modul ...) + NOT-FOR-US: Huawei +CVE-2021-22319 + RESERVED +CVE-2021-22318 (A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulner ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22317 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-22316 (There is a Missing Authentication for Critical Function vulnerability ...) + NOT-FOR-US: Huawei +CVE-2021-22315 + RESERVED +CVE-2021-22314 (There is a local privilege escalation vulnerability in some versions o ...) + NOT-FOR-US: Huawei +CVE-2021-22313 (There is a Security Function vulnerability in Huawei Smartphone. Succe ...) + NOT-FOR-US: Huawei +CVE-2021-22312 (There is a memory leak vulnerability in some Huawei products. An authe ...) + NOT-FOR-US: Huawei +CVE-2021-22311 (There is an improper permission assignment vulnerability in Huawei Man ...) + NOT-FOR-US: Huawei +CVE-2021-22310 (There is an information leakage vulnerability in some huawei products. ...) + NOT-FOR-US: Huawei +CVE-2021-22309 (There is insecure algorithm vulnerability in Huawei products. A module ...) + NOT-FOR-US: Huawei +CVE-2021-22308 (There is a Business Logic Errors vulnerability in Huawei Smartphone. T ...) + NOT-FOR-US: Huawei +CVE-2021-22307 (There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7 ...) + NOT-FOR-US: Huawei +CVE-2021-22306 (There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E ...) + NOT-FOR-US: Huawei +CVE-2021-22305 (There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125 ...) + NOT-FOR-US: Huawei +CVE-2021-22304 (There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1 ...) + NOT-FOR-US: Huawei +CVE-2021-22303 (There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1( ...) + NOT-FOR-US: Huawei +CVE-2021-22302 (There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C ...) + NOT-FOR-US: Huawei +CVE-2021-22301 (Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. ...) + NOT-FOR-US: Huawei +CVE-2021-22300 (There is an information leak vulnerability in eCNS280_TD versions V100 ...) + NOT-FOR-US: Huawei +CVE-2021-22299 (There is a local privilege escalation vulnerability in some Huawei pro ...) + NOT-FOR-US: Huawei +CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP Product. An att ...) + NOT-FOR-US: Huawei +CVE-2021-22297 + RESERVED +CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22295 (A component of the HarmonyOS has a permission bypass vulnerability. Lo ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22294 (A component API of the HarmonyOS 2.0 has a permission bypass vulnerabi ...) + NOT-FOR-US: HarmonyOS +CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of HTTP reque ...) + NOT-FOR-US: Huawei +CVE-2021-22292 (There is a denial of service (DoS) vulnerability in eCNS280 versions V ...) + NOT-FOR-US: Huawei +CVE-2021-22291 + RESERVED +CVE-2021-22290 + RESERVED +CVE-2021-22289 + RESERVED +CVE-2021-22288 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...) + NOT-FOR-US: ABB +CVE-2021-22287 + RESERVED +CVE-2021-22286 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...) + NOT-FOR-US: ABB +CVE-2021-22285 (Improper Handling of Exceptional Conditions, Improper Check for Unusua ...) + NOT-FOR-US: ABB +CVE-2021-22284 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) + NOT-FOR-US: ABB +CVE-2021-22283 + RESERVED +CVE-2021-22282 + RESERVED +CVE-2021-22281 + RESERVED +CVE-2021-22280 + RESERVED +CVE-2021-22279 (A Missing Authentication vulnerability in RobotWare for the OmniCore r ...) + NOT-FOR-US: ABB / OmniCore robot controller +CVE-2021-22278 (A certificate validation vulnerability in PCM600 Update Manager allows ...) + NOT-FOR-US: PCM600 Update Manager +CVE-2021-22277 + RESERVED +CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the integrity ...) + NOT-FOR-US: ABB +CVE-2021-22275 + RESERVED +CVE-2021-22274 + RESERVED +CVE-2021-22273 + RESERVED +CVE-2021-22272 (The vulnerability origins in the commissioning process where an attack ...) + NOT-FOR-US: ABB +CVE-2021-22271 + RESERVED +CVE-2021-22270 + RESERVED +CVE-2021-22269 + RESERVED +CVE-2021-22268 + RESERVED +CVE-2021-22267 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...) + NOT-FOR-US: Idelji Web ViewPoint Suite +CVE-2021-22266 + RESERVED +CVE-2021-22265 + RESERVED +CVE-2021-22264 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab <unfixed> +CVE-2021-22263 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab <unfixed> +CVE-2021-22262 (Missing access control in GitLab version 13.10 and above with Jira Clo ...) + - gitlab <unfixed> +CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira integration in ...) + - gitlab <unfixed> +CVE-2021-22260 (A stored Cross-Site Scripting vulnerability in the DataDog integration ...) + - gitlab <unfixed> +CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE starting wit ...) + - gitlab <not-affected> (Specific to EE) +CVE-2021-22258 (The project import/export feature in GitLab 8.9 and greater could be u ...) + - gitlab <unfixed> +CVE-2021-22257 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab <unfixed> +CVE-2021-22256 (Improper authorization in GitLab CE/EE affecting all versions since 12 ...) + - gitlab <unfixed> +CVE-2021-22255 (SSRF in URL file upload in Baserow <1.1.0 allows remote authenticat ...) + NOT-FOR-US: Baserow +CVE-2021-22254 (Under very specific conditions a user could be impersonated using Gitl ...) + - gitlab <unfixed> +CVE-2021-22253 (Improper authorization in GitLab EE affecting all versions since 13.4 ...) + - gitlab <not-affected> (Specific to EE) +CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE affecting all ...) + - gitlab <not-affected> (Vulnerable code introduced later) +CVE-2021-22251 (Improper validation of invited users' email address in GitLab EE affec ...) + - gitlab <not-affected> (Specific to EE) +CVE-2021-22250 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...) + - gitlab <unfixed> +CVE-2021-22249 (A verbose error message in GitLab EE affecting all versions since 12.2 ...) + - gitlab <not-affected> (Specific to EE) +CVE-2021-22248 (Improper authorization on the pipelines page in GitLab CE/EE affecting ...) + - gitlab <not-affected> (Vulnerable code intrododuced later) +CVE-2021-22247 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...) + - gitlab <unfixed> +CVE-2021-22246 (A vulnerability was discovered in GitLab versions before 14.0.2, 13.12 ...) + - gitlab <unfixed> +CVE-2021-22245 (Improper validation of commit author in GitLab CE/EE affecting all ver ...) + - gitlab <unfixed> +CVE-2021-22244 (Improper authorization in the vulnerability report feature in GitLab E ...) + - gitlab <not-affected> (Specific to EE) +CVE-2021-22243 (Under specialized conditions, GitLab CE/EE versions starting 7.10 may ...) + - gitlab <unfixed> +CVE-2021-22242 (Insufficient input sanitization in Mermaid markdown in GitLab CE/EE ve ...) + - gitlab <unfixed> +CVE-2021-22241 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-22240 (Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14 ...) + - gitlab <not-affected> (Specific to EE) +CVE-2021-22239 (An unauthorized user was able to insert metadata when creating new iss ...) + - gitlab <unfixed> + NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/ +CVE-2021-22238 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab <unfixed> +CVE-2021-22237 (Under specialized conditions, GitLab may allow a user with an imperson ...) + - gitlab <unfixed> + NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/ +CVE-2021-22236 (Due to improper handling of OAuth client IDs, new subscriptions genera ...) + - gitlab <unfixed> + NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/ +CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 ...) + {DSA-5019-1 DLA-2849-1} + [experimental] - wireshark 3.4.7-1~exp1 + - wireshark 3.4.7-1 + [buster] - wireshark <no-dsa> (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-06.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17462 + NOTE: Regression fix: https://gitlab.com/wireshark/wireshark/-/merge_requests/3616 +CVE-2021-22234 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions 13.10 an ...) + - gitlab <not-affected> (Specific to EE) +CVE-2021-22232 (HTML injection was possible via the full name field before versions 13 ...) + - gitlab <unfixed> +CVE-2021-22231 (A denial of service in user's profile page is found starting with GitL ...) + - gitlab <unfixed> +CVE-2021-22230 (Improper code rendering while rendering merge requests could be exploi ...) + - gitlab <unfixed> +CVE-2021-22229 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions. Imprope ...) + - gitlab <unfixed> +CVE-2021-22227 (A reflected cross-site script vulnerability in GitLab before versions ...) + - gitlab <unfixed> +CVE-2021-22226 (Under certain conditions, some users were able to push to protected br ...) + - gitlab <unfixed> +CVE-2021-22225 (Insufficient input sanitization in markdown in GitLab version 13.11 an ...) + - gitlab <unfixed> +CVE-2021-22224 (A cross-site request forgery vulnerability in the GraphQL API in GitLa ...) + - gitlab <unfixed> +CVE-2021-22223 (Client-Side code injection through Feature Flag name in GitLab CE/EE s ...) + - gitlab <unfixed> +CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allow ...) + {DSA-5019-1} + [experimental] - wireshark 3.4.6-1~exp1 + - wireshark 3.4.7-1 + [buster] - wireshark <not-affected> (Vulnerability introduced in 3.4) + [stretch] - wireshark <not-affected> (Vulnerability introduced in 3.4) + NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/3130 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-05.html + NOTE: Caused by https://gitlab.com/wireshark/wireshark/-/commit/4bf4ee88f0544727e7f89f3f288c6afd2f650a4c +CVE-2021-22221 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab <unfixed> +CVE-2021-22220 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab <unfixed> +CVE-2021-22219 (GitLab CE/EE since version 9.5 allows a high privilege user to obtain ...) + - gitlab <unfixed> +CVE-2021-22218 (All versions of GitLab CE/EE starting with 12.8 were affected by an is ...) + - gitlab <unfixed> +CVE-2021-22217 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...) + - gitlab <unfixed> +CVE-2021-22216 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...) + - gitlab <unfixed> +CVE-2021-22215 (An information disclosure vulnerability in GitLab EE versions 13.11 an ...) + - gitlab <not-affected> (Specific to EE) +CVE-2021-22214 (When requests to the internal network for webhooks are enabled, a serv ...) + - gitlab <unfixed> +CVE-2021-22213 (A cross-site leak vulnerability in the OAuth flow of all versions of G ...) + - gitlab <unfixed> +CVE-2021-22212 (ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 all ...) + - ntpsec 1.2.0+dfsg1-4 (bug #989847) + [buster] - ntpsec <not-affected> (Only affects 1.2.0) + NOTE: https://gitlab.com/NTPsec/ntpsec/-/issues/699 + NOTE: https://gitlab.com/NTPsec/ntpsec/-/commit/b09be47d650280cc7ebdcd45dfa07eca4b9a52f8 +CVE-2021-22211 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-22210 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-22209 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-22208 (An issue has been discovered in GitLab affecting versions starting wit ...) + - gitlab <unfixed> +CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to ...) + {DSA-5019-1 DLA-2849-1} + [experimental] - wireshark 3.4.6-1~exp1 + - wireshark 3.4.7-1 (bug #987853) + [buster] - wireshark <no-dsa> (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17331 + NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b7a0650e061b5418ab4a8f72c6e4b00317aff623 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-04.html +CVE-2021-22206 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab <unfixed> +CVE-2021-22205 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-22204 (Improper neutralization of user data in the DjVu file format in ExifTo ...) + {DSA-4910-1 DLA-2663-1} + - libimage-exiftool-perl 12.16+dfsg-2 (bug #987505) + NOTE: https://bugs.launchpad.net/bugs/1925985 + NOTE: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 + NOTE: https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html +CVE-2021-22203 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-22202 (An issue has been discovered in GitLab CE/EE affecting all previous ve ...) + - gitlab <unfixed> +CVE-2021-22201 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-22200 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-22199 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab <unfixed> +CVE-2021-22198 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) + - gitlab <unfixed> +CVE-2021-22197 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-22196 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0 and earl ...) + NOT-FOR-US: gitlab-vscode-extension +CVE-2021-22194 (In all versions of GitLab, marshalled session keys were being stored i ...) + - gitlab <unfixed> +CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab <unfixed> +CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab <unfixed> +CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 ...) + - wireshark 3.4.4-1 + [buster] - wireshark <no-dsa> (Minor issue) + [stretch] - wireshark <postponed> (Minor issue, can be fixed along in future update) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-03.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17232 +CVE-2021-22190 (A path traversal vulnerability via the GitLab Workhorse in all version ...) + - gitlab <unfixed> +CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were affected by ...) + [experimental] - gitlab 13.6.7-1 + - gitlab <unfixed> +CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions starting ...) + [experimental] - gitlab 13.6.7-1 + - gitlab <unfixed> +CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...) + - gitlab 13.2.3-2 +CVE-2021-22186 (An authorization issue in GitLab CE/EE version 9.4 and up allowed a gr ...) + [experimental] - gitlab 13.7.8+ds1-1 + - gitlab <unfixed> + NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/ +CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 13.8 and up ...) + - gitlab <not-affected> (Only affects 13.8) + NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/ +CVE-2021-22184 (An information disclosure issue in GitLab starting from version 12.8 a ...) + - gitlab <unfixed> +CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...) + [experimental] - gitlab 13.6.6-1 + - gitlab <unfixed> +CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...) + [experimental] - gitlab 13.7.7-1 + - gitlab <not-affected> (Affected version never uploaded to unstable) +CVE-2021-22181 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...) + - gitlab <unfixed> +CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab <unfixed> +CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab ...) + - gitlab <unfixed> +CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab <unfixed> +CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE version 1 ...) + - gitlab <unfixed> +CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab <unfixed> +CVE-2021-22175 (When requests to the internal network for webhooks are enabled, a serv ...) + - gitlab <unfixed> +CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...) + - wireshark 3.4.3-1 (bug #981791) + [buster] - wireshark <not-affected> (Affected code not present) + [stretch] - wireshark <not-affected> (Affected code not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-02.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17165 +CVE-2021-22173 (Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows de ...) + - wireshark 3.4.3-1 (bug #981791) + [buster] - wireshark <not-affected> (Affected code not present) + [stretch] - wireshark <not-affected> (Affected code not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-01.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17124 +CVE-2021-22172 (Improper authorization in GitLab 12.8+ allows a guest user in a privat ...) + [experimental] - gitlab 13.6.6-1 + - gitlab <unfixed> + NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/ +CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...) + [experimental] - gitlab 13.6.6-1 + - gitlab <unfixed> +CVE-2021-22170 (Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows ...) + - gitlab <unfixed> +CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which leaked intern ...) + - gitlab <not-affected> (Specific to EE) + NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/ +CVE-2021-22168 (A regular expression denial of service issue has been discovered in Nu ...) + [experimental] - gitlab 13.6.6-1 + - gitlab <unfixed> +CVE-2021-22167 (An issue has been discovered in GitLab affecting all versions starting ...) + [experimental] - gitlab 13.6.6-1 + - gitlab <unfixed> +CVE-2021-22166 (An attacker could cause a Prometheus denial of service in GitLab 13.7+ ...) + - gitlab <not-affected> (Only affects Gitlab 13.7.x) + NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/ +CVE-2021-22165 + RESERVED +CVE-2021-22164 + RESERVED +CVE-2021-22163 + RESERVED +CVE-2021-22162 + RESERVED +CVE-2021-22161 (In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop c ...) + NOT-FOR-US: OpenWrt +CVE-2021-22160 (If Apache Pulsar is configured to authenticate clients using tokens ba ...) + NOT-FOR-US: Apache Pulsar +CVE-2021-3019 (ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.p ...) + NOT-FOR-US: ffay lanproxy +CVE-2021-3018 (ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an un ...) + NOT-FOR-US: ipeak Infosystems ibexwebCMS (aka IPeakCMS) +CVE-2021-3017 (The web interface on Intelbras WIN 300 and WRN 342 devices through 202 ...) + NOT-FOR-US: Intelbras +CVE-2021-3016 + RESERVED +CVE-2021-3015 + RESERVED +CVE-2021-22159 (Insider Threat Management Windows Agent Local Privilege Escalation Vul ...) + NOT-FOR-US: The Proofpoint Insider Threat Management +CVE-2021-22158 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) + NOT-FOR-US: Proofpoint Insider Threat Management Server +CVE-2021-22157 (Proofpoint Insider Threat Management Server (formerly ObserveIT Server ...) + NOT-FOR-US: Proofpoint Insider Threat Management Server +CVE-2021-22156 (An integer overflow vulnerability in the calloc() function of the C ru ...) + NOT-FOR-US: BlackBerry +CVE-2021-22155 (An Authentication Bypass vulnerability in the SAML Authentication comp ...) + NOT-FOR-US: BlackBerry Workspaces Server +CVE-2021-22154 (An Information Disclosure vulnerability in the Management Console comp ...) + NOT-FOR-US: BlackBerry UEM +CVE-2021-22153 (A Remote Code Execution vulnerability in the Management Console compon ...) + NOT-FOR-US: BlackBerry UEM +CVE-2021-22152 (A Denial of Service due to Improper Input Validation vulnerability in ...) + NOT-FOR-US: BlackBerry UEM +CVE-2021-22151 + RESERVED +CVE-2021-22150 + RESERVED +CVE-2021-22149 (Elastic Enterprise Search App Search versions before 7.14.0 are vulner ...) + NOT-FOR-US: Elastic Enterprise Search +CVE-2021-22148 (Elastic Enterprise Search App Search versions before 7.14.0 was vulner ...) + NOT-FOR-US: Elastic Enterprise Search +CVE-2021-22147 (Elasticsearch before 7.14.0 did not apply document and field level sec ...) + - elasticsearch <removed> +CVE-2021-22146 (All versions of Elastic Cloud Enterprise has the Elasticsearch “ ...) + NOT-FOR-US: Elastic Cloud +CVE-2021-22145 (A memory disclosure vulnerability was identified in Elasticsearch 7.10 ...) + - elasticsearch <removed> +CVE-2021-22144 (In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled rec ...) + - elasticsearch <removed> +CVE-2021-22143 + RESERVED +CVE-2021-22142 + RESERVED + - kibana <itp> (bug #700337) +CVE-2021-22141 + RESERVED + - kibana <itp> (bug #700337) +CVE-2021-22140 (Elastic App Search versions after 7.11.0 and before 7.12.0 contain an ...) + NOT-FOR-US: Elastic App Search web crawler +CVE-2021-22139 (Kibana versions before 7.12.1 contain a denial of service vulnerabilit ...) + - kibana <itp> (bug #700337) +CVE-2021-22138 (In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS ce ...) + - logstash <itp> (bug #664841) +CVE-2021-22137 (In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosu ...) + - elasticsearch <removed> +CVE-2021-22136 (In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session time ...) + - kibana <itp> (bug #700337) +CVE-2021-22135 (Elasticsearch versions before 7.11.2 and 6.8.15 contain a document dis ...) + - elasticsearch <removed> +CVE-2021-22134 (A document disclosure flaw was found in Elasticsearch versions after 7 ...) + - elasticsearch <removed> +CVE-2021-22133 (The Elastic APM agent for Go versions before 1.11.0 can leak sensitive ...) + NOT-FOR-US: Elastic APM agent +CVE-2021-22132 (Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosu ...) + - elasticsearch <removed> +CVE-2021-22131 + RESERVED +CVE-2021-22130 (A stack-based buffer overflow vulnerability in FortiProxy physical app ...) + NOT-FOR-US: FortiProxy (FortiGuard) +CVE-2021-22129 (Multiple instances of incorrect calculation of buffer size in the Webm ...) + NOT-FOR-US: Fortiguard +CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal ...) + NOT-FOR-US: FortiProxy SSL VPN portal +CVE-2021-22127 + RESERVED +CVE-2021-22126 + RESERVED +CVE-2021-22125 (An instance of improper neutralization of special elements in the snif ...) + NOT-FOR-US: FortiSandbox +CVE-2021-22124 (An uncontrolled resource consumption (denial of service) vulnerability ...) + NOT-FOR-US: FortiSandbox +CVE-2021-22123 (An OS command injection vulnerability in FortiWeb's management interfa ...) + NOT-FOR-US: FortiGuard +CVE-2021-22122 (An improper neutralization of input during web page generation in Fort ...) + NOT-FOR-US: FortiGuard +CVE-2021-22121 + RESERVED +CVE-2021-22120 + RESERVED +CVE-2021-22119 (Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5 ...) + - libspring-security-2.0-java <removed> +CVE-2021-22118 (In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x ...) + - libspring-java <not-affected> (Introduced in v5.0.0.RC1) + NOTE: https://tanzu.vmware.com/security/cve-2021-22118 + NOTE: https://github.com/spring-projects/spring-framework/issues/26931 + NOTE: https://github.com/spring-projects/spring-framework/commit/cce60c479c22101f24b2b4abebb6d79440b120d1 +CVE-2021-22117 (RabbitMQ installers on Windows prior to version 3.8.16 do not harden p ...) + - rabbitmq-server <not-affected> (Windows-specific) +CVE-2021-22116 (RabbitMQ all versions prior to 3.8.16 are prone to a denial of service ...) + {DLA-2710-1} + - rabbitmq-server 3.9.4-1 (bug #989056) + [bullseye] - rabbitmq-server <no-dsa> (Minor issue) + [buster] - rabbitmq-server <no-dsa> (Minor issue) + NOTE: https://tanzu.vmware.com/security/cve-2021-22116 + NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/2953 + NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/f37a31de55229e6c763215500e376fa16803390b (v3.9.0-beta.1) + NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/626d5219115d087a2695c0eb243c7ddb7e154563 (v3.8.15-rc.2) +CVE-2021-22115 (Cloud Controller API versions prior to 1.106.0 logs service broker cre ...) + NOT-FOR-US: Cloud Controller API +CVE-2021-22114 (Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versio ...) + NOT-FOR-US: Spring-integration-zip +CVE-2021-22113 (Applications using the “Sensitive Headers” functionality i ...) + NOT-FOR-US: Spring Cloud Netflix Zuul +CVE-2021-22112 (Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5. ...) + - jenkins <removed> +CVE-2021-22111 + RESERVED +CVE-2021-22110 + RESERVED +CVE-2021-22109 + RESERVED +CVE-2021-22108 + RESERVED +CVE-2021-22107 + RESERVED +CVE-2021-22106 + RESERVED +CVE-2021-22105 + RESERVED +CVE-2021-22104 + RESERVED +CVE-2021-22103 + RESERVED +CVE-2021-22102 + RESERVED +CVE-2021-22101 (Cloud Controller versions prior to 1.118.0 are vulnerable to unauthent ...) + NOT-FOR-US: Cloud Foundry Cloud Controller +CVE-2021-22100 + RESERVED +CVE-2021-22099 + RESERVED +CVE-2021-22098 (UAA server versions prior to 75.4.0 are vulnerable to an open redirect ...) + NOT-FOR-US: UAA server +CVE-2021-22097 (In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring ...) + NOT-FOR-US: Spring AMQP +CVE-2021-22096 (In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older ...) + - libspring-java <unfixed> + [bullseye] - libspring-java <no-dsa> (Minor issue) + [buster] - libspring-java <no-dsa> (Minor issue) + [stretch] - libspring-java <ignored> (Minor issue, no known patch) + NOTE: https://github.com/spring-projects/spring-framework/issues/27647 (patch unidentifiable) +CVE-2021-22095 (In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring ...) + NOT-FOR-US: Spring AMQP +CVE-2021-22094 + RESERVED +CVE-2021-22093 + RESERVED +CVE-2021-22092 + RESERVED +CVE-2021-22091 + RESERVED +CVE-2021-22090 + RESERVED +CVE-2021-22089 + RESERVED +CVE-2021-22088 + RESERVED +CVE-2021-22087 + RESERVED +CVE-2021-22086 + RESERVED +CVE-2021-22085 + RESERVED +CVE-2021-22084 + RESERVED +CVE-2021-22083 + RESERVED +CVE-2021-22082 + RESERVED +CVE-2021-22081 + RESERVED +CVE-2021-22080 + RESERVED +CVE-2021-22079 + RESERVED +CVE-2021-22078 + RESERVED +CVE-2021-22077 + RESERVED +CVE-2021-22076 + RESERVED +CVE-2021-22075 + RESERVED +CVE-2021-22074 + RESERVED +CVE-2021-22073 + RESERVED +CVE-2021-22072 + RESERVED +CVE-2021-22071 + RESERVED +CVE-2021-22070 + RESERVED +CVE-2021-22069 + RESERVED +CVE-2021-22068 + RESERVED +CVE-2021-22067 + RESERVED +CVE-2021-22066 + RESERVED +CVE-2021-22065 + RESERVED +CVE-2021-22064 + RESERVED +CVE-2021-22063 + RESERVED +CVE-2021-22062 + RESERVED +CVE-2021-22061 + RESERVED +CVE-2021-22060 (In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older ...) + - libspring-java <unfixed> + [stretch] - libspring-java <end-of-life> (EOL'd for stretch) + NOTE: follow-up to CVE-2021-22096 + NOTE: https://tanzu.vmware.com/security/cve-2021-22060 +CVE-2021-22059 + RESERVED +CVE-2021-22058 + RESERVED +CVE-2021-22057 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an aut ...) + NOT-FOR-US: VMware +CVE-2021-22056 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity M ...) + NOT-FOR-US: VMware +CVE-2021-22055 + RESERVED +CVE-2021-22054 (VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 pr ...) + NOT-FOR-US: VMware +CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...) + NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf +CVE-2021-22052 + RESERVED +CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...) + NOT-FOR-US: Spring Cloud Gateway +CVE-2021-22050 (ESXi contains a slow HTTP POST denial-of-service vulnerability in rhtt ...) + NOT-FOR-US: VMware +CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Requ ...) + NOT-FOR-US: VMware +CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...) + NOT-FOR-US: VMware +CVE-2021-22047 (In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older ...) + NOT-FOR-US: Spring Data REST +CVE-2021-22046 + RESERVED +CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi6 ...) + NOT-FOR-US: VMware +CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...) + NOT-FOR-US: Spring Cloud OpenFeign +CVE-2021-22043 (VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerabilit ...) + NOT-FOR-US: VMware +CVE-2021-22042 (VMware ESXi contains an unauthorized access vulnerability due to VMX h ...) + NOT-FOR-US: VMware +CVE-2021-22041 (VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerabil ...) + NOT-FOR-US: VMware +CVE-2021-22040 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...) + NOT-FOR-US: VMware +CVE-2021-22039 + RESERVED +CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary ...) + NOT-FOR-US: InstallBuilder +CVE-2021-22037 (Under certain circumstances, when manipulating the Windows registry, I ...) + NOT-FOR-US: InstallBuilder +CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redi ...) + NOT-FOR-US: VMware +CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...) + NOT-FOR-US: VMware +CVE-2021-22034 (Releases prior to VMware vRealize Operations Tenant App 8.6 contain an ...) + NOT-FOR-US: VMware +CVE-2021-22033 (Releases prior to VMware vRealize Operations 8.6 contain a Server Side ...) + NOT-FOR-US: VMware +CVE-2021-22032 + RESERVED +CVE-2021-22031 + RESERVED +CVE-2021-22030 (In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain ...) + NOT-FOR-US: Greenplum +CVE-2021-22029 (VMware Workspace ONE UEM REST API contains a denial of service vulnera ...) + NOT-FOR-US: VMware +CVE-2021-22028 (In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplu ...) + NOT-FOR-US: Greenplum +CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...) + NOT-FOR-US: VMware +CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...) + NOT-FOR-US: VMware +CVE-2021-22025 (The vRealize Operations Manager API (8.x prior to 8.5) contains a brok ...) + NOT-FOR-US: VMware +CVE-2021-22024 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...) + NOT-FOR-US: VMware +CVE-2021-22023 (The vRealize Operations Manager API (8.x prior to 8.5) has insecure ob ...) + NOT-FOR-US: VMware +CVE-2021-22022 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...) + NOT-FOR-US: VMware +CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site S ...) + NOT-FOR-US: VMware +CVE-2021-22020 (The vCenter Server contains a denial-of-service vulnerability in the A ...) + NOT-FOR-US: VMware +CVE-2021-22019 (The vCenter Server contains a denial-of-service vulnerability in VAPI ...) + NOT-FOR-US: VMware +CVE-2021-22018 (The vCenter Server contains an arbitrary file deletion vulnerability i ...) + NOT-FOR-US: VMware +CVE-2021-22017 (Rhttproxy as used in vCenter Server contains a vulnerability due to im ...) + NOT-FOR-US: VMware +CVE-2021-22016 (The vCenter Server contains a reflected cross-site scripting vulnerabi ...) + NOT-FOR-US: VMware +CVE-2021-22015 (The vCenter Server contains multiple local privilege escalation vulner ...) + NOT-FOR-US: VMware +CVE-2021-22014 (The vCenter Server contains an authenticated code execution vulnerabil ...) + NOT-FOR-US: VMware +CVE-2021-22013 (The vCenter Server contains a file path traversal vulnerability leadin ...) + NOT-FOR-US: VMware +CVE-2021-22012 (The vCenter Server contains an information disclosure vulnerability du ...) + NOT-FOR-US: VMware +CVE-2021-22011 (vCenter Server contains an unauthenticated API endpoint vulnerability ...) + NOT-FOR-US: VMware +CVE-2021-22010 (The vCenter Server contains a denial-of-service vulnerability in VPXD ...) + NOT-FOR-US: VMware +CVE-2021-22009 (The vCenter Server contains multiple denial-of-service vulnerabilities ...) + NOT-FOR-US: VMware +CVE-2021-22008 (The vCenter Server contains an information disclosure vulnerability in ...) + NOT-FOR-US: VMware +CVE-2021-22007 (The vCenter Server contains a local information disclosure vulnerabili ...) + NOT-FOR-US: VMware +CVE-2021-22006 (The vCenter Server contains a reverse proxy bypass vulnerability due t ...) + NOT-FOR-US: VMware +CVE-2021-22005 (The vCenter Server contains an arbitrary file upload vulnerability in ...) + NOT-FOR-US: VMware +CVE-2021-22004 (An issue was discovered in SaltStack Salt before 3003.3. The salt mini ...) + - salt 3002.7+dfsg1-1 (unimportant; bug #994016) + NOTE: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/ + NOTE: Windows-specific +CVE-2021-22003 (VMware Workspace ONE Access and Identity Manager, unintentionally prov ...) + NOT-FOR-US: VMware +CVE-2021-22002 (VMware Workspace ONE Access and Identity Manager, allow the /cfg web a ...) + NOT-FOR-US: VMware +CVE-2021-22001 (In UAA versions prior to 75.3.0, sensitive information like relaying s ...) + NOT-FOR-US: CloudFoundry +CVE-2021-22000 (VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vul ...) + NOT-FOR-US: VMware +CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Conso ...) + NOT-FOR-US: VMware +CVE-2021-21998 (VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 ...) + NOT-FOR-US: VMware +CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of ...) + NOT-FOR-US: VMware +CVE-2021-21996 (An issue was discovered in SaltStack Salt before 3003.3. A user who ha ...) + {DSA-5011-1 DLA-2823-1} + - salt 3002.7+dfsg1-1 (bug #994016) + NOTE: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/ + NOTE: Fixed by https://github.com/saltstack/salt/commit/0b75ba190fda9c04cc026ad1aa4a6d572f40349b + NOTE: https://github.com/openSUSE/salt/commit/57ed9c41a177f57e3d56465662750617ac36cc95 +CVE-2021-21995 (OpenSLP as used in ESXi has a denial-of-service vulnerability due a he ...) + NOT-FOR-US: VMware +CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an authenticatio ...) + NOT-FOR-US: VMware +CVE-2021-21993 (The vCenter Server contains an SSRF (Server Side Request Forgery) vuln ...) + NOT-FOR-US: VMware +CVE-2021-21992 (The vCenter Server contains a denial-of-service vulnerability due to i ...) + NOT-FOR-US: VMware +CVE-2021-21991 (The vCenter Server contains a local privilege escalation vulnerability ...) + NOT-FOR-US: VMware +CVE-2021-21990 (VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior t ...) + NOT-FOR-US: VMware +CVE-2021-21989 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...) + NOT-FOR-US: VMware +CVE-2021-21988 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...) + NOT-FOR-US: VMware +CVE-2021-21987 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...) + NOT-FOR-US: VMware +CVE-2021-21986 (The vSphere Client (HTML5) contains a vulnerability in a vSphere authe ...) + NOT-FOR-US: VMware +CVE-2021-21985 (The vSphere Client (HTML5) contains a remote code execution vulnerabil ...) + NOT-FOR-US: VMware +CVE-2021-21984 (VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remot ...) + NOT-FOR-US: VMware +CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations Manager API ...) + NOT-FOR-US: vRealize Operations Manager API (Vmware) +CVE-2021-21982 (VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an aut ...) + NOT-FOR-US: VMware Carbon Black Cloud Workload appliance +CVE-2021-21981 (VMware NSX-T contains a privilege escalation vulnerability due to an i ...) + NOT-FOR-US: VMware +CVE-2021-21980 (The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary ...) + NOT-FOR-US: VMware +CVE-2021-21979 (In Bitnami Containers, all Laravel container versions prior to: 6.20.0 ...) + NOT-FOR-US: Bitnami Containers +CVE-2021-21978 (VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remot ...) + NOT-FOR-US: VMware View Planner +CVE-2021-21977 + RESERVED +CVE-2021-21976 (vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8. ...) + NOT-FOR-US: vSphere Replication +CVE-2021-21975 (Server Side Request Forgery in vRealize Operations Manager API (CVE-20 ...) + NOT-FOR-US: vRealize Operations Manager API (Vmware) +CVE-2021-21974 (OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESX ...) + NOT-FOR-US: VMware + NOTE: Might affect src:openslp-dfsg, but removed years ago +CVE-2021-21973 (The vSphere Client (HTML5) contains an SSRF (Server Side Request Forge ...) + NOT-FOR-US: VMware +CVE-2021-21972 (The vSphere Client (HTML5) contains a remote code execution vulnerabil ...) + NOT-FOR-US: VMware +CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page is vul ...) + NOT-FOR-US: MikroTik RouterOS +CVE-2021-3013 (ripgrep before 13 on Windows allows attackers to trigger execution of ...) + - rust-ripgrep <not-affected> (Only affects ripgrep on Windows) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0071.html +CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link of doc ...) + NOT-FOR-US: ESRI ArcGIS Online +CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...) + NOT-FOR-US: NXP +CVE-2021-3010 (There are multiple persistent cross-site scripting (XSS) vulnerabiliti ...) + NOT-FOR-US: OpenText Content Server +CVE-2021-3009 + RESERVED +CVE-2021-3008 + RESERVED +CVE-2021-21971 (An out-of-bounds write vulnerability exists in the URL_decode function ...) + NOT-FOR-US: Sealevel Systems +CVE-2021-21970 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...) + NOT-FOR-US: Sealevel Systems +CVE-2021-21969 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...) + NOT-FOR-US: Sealevel Systems +CVE-2021-21968 (A file write vulnerability exists in the OTA update task functionality ...) + NOT-FOR-US: Sealevel Systems +CVE-2021-21967 + RESERVED +CVE-2021-21966 (An information disclosure vulnerability exists in the HTTP Server /pin ...) + NOT-FOR-US: Texas Instruments +CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...) + NOT-FOR-US: Sealevel Systems +CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...) + NOT-FOR-US: Sealevel Systems +CVE-2021-21963 (An information disclosure vulnerability exists in the Web Server funct ...) + NOT-FOR-US: Sealevel Systems +CVE-2021-21962 (A heap-based buffer overflow vulnerability exists in the OTA Update u- ...) + NOT-FOR-US: Sealevel Systems +CVE-2021-21961 (A stack-based buffer overflow vulnerability exists in the NBNS functio ...) + NOT-FOR-US: Sealevel Systems +CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the LLMNR f ...) + NOT-FOR-US: Sealevel Systems +CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...) + NOT-FOR-US: Sealevel Systems +CVE-2021-21958 (A heap-based buffer overflow vulnerability exists in the Hword HwordAp ...) + NOT-FOR-US: Hancom Office 2020 +CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...) + NOT-FOR-US: Dream Report ODS Remote Connector +CVE-2021-21956 + RESERVED +CVE-2021-21955 (An authentication bypass vulnerability exists in the get_aes_key_info_ ...) + NOT-FOR-US: Anker Eufy Homebase +CVE-2021-21954 (A command execution vulnerability exists in the wifi_country_code_upda ...) + NOT-FOR-US: Anker Eufy Homebase +CVE-2021-21953 (An authentication bypass vulnerability exists in the process_msg() fun ...) + NOT-FOR-US: Anker Eufy Homebase 2 +CVE-2021-21952 (An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RS ...) + NOT-FOR-US: Anker Eufy Homebase 2 +CVE-2021-21951 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...) + NOT-FOR-US: Anker Eufy Homebase +CVE-2021-21950 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...) + NOT-FOR-US: Anker Eufy Homebase +CVE-2021-21949 + RESERVED +CVE-2021-21948 + RESERVED +CVE-2021-21947 + RESERVED +CVE-2021-21946 + RESERVED +CVE-2021-21945 + RESERVED +CVE-2021-21944 + RESERVED +CVE-2021-21943 + RESERVED +CVE-2021-21942 + RESERVED +CVE-2021-21941 (A use-after-free vulnerability exists in the pushMuxer CreatePushThrea ...) + NOT-FOR-US: Anker Eufy Homebase +CVE-2021-21940 (A heap-based buffer overflow vulnerability exists in the pushMuxer pro ...) + NOT-FOR-US: Anker Eufy Homebase +CVE-2021-21939 + RESERVED +CVE-2021-21938 + RESERVED +CVE-2021-21937 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21936 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21935 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21934 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21933 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21932 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21931 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21930 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21929 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21928 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21927 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21926 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21925 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21924 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21923 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21922 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21921 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21920 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21919 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21918 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...) + NOT-FOR-US: Advantech +CVE-2021-21917 (An exploitable SQL injection vulnerability exist in the ‘group_l ...) + NOT-FOR-US: Advantech +CVE-2021-21916 (An exploitable SQL injection vulnerability exist in the ‘group_l ...) + NOT-FOR-US: Advantech +CVE-2021-21915 (An exploitable SQL injection vulnerability exist in the ‘group_l ...) + NOT-FOR-US: Advantech +CVE-2021-21914 + RESERVED +CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi Smart Mesh ...) + NOT-FOR-US: D-LINK +CVE-2021-21912 (A privilege escalation vulnerability exists in the Windows version of ...) + NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet +CVE-2021-21911 (A privilege escalation vulnerability exists in the Windows version of ...) + NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet +CVE-2021-21910 (A privilege escalation vulnerability exists in the Windows version of ...) + NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet +CVE-2021-21909 (Specially-crafted command line arguments can lead to arbitrary file de ...) + NOT-FOR-US: Garrett Metal Detectors iC Module CMA +CVE-2021-21908 (Specially-crafted command line arguments can lead to arbitrary file de ...) + NOT-FOR-US: Garrett Metal Detectors iC Module CMA +CVE-2021-21907 (A directory traversal vulnerability exists in the CMA CLI getenv comma ...) + NOT-FOR-US: Garrett Metal Detectors iC Module CMA +CVE-2021-21906 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...) + NOT-FOR-US: Garrett Metal Detectors iC Module CMA +CVE-2021-21905 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...) + NOT-FOR-US: Garrett Metal Detectors iC Module CMA +CVE-2021-21904 (A directory traversal vulnerability exists in the CMA CLI setenv comma ...) + NOT-FOR-US: Garrett Metal Detectors iC Module CMA +CVE-2021-21903 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...) + NOT-FOR-US: Garrett Metal Detectors iC Module CMA +CVE-2021-21902 (An authentication bypass vulnerability exists in the CMA run_server_68 ...) + NOT-FOR-US: Garrett Metal Detectors iC Module CMA +CVE-2021-21901 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...) + NOT-FOR-US: Garrett Metal Detectors iC Module CMA +CVE-2021-21900 (A code execution vulnerability exists in the dxfRW::processLType() fun ...) + {DSA-5077-1 DLA-2838-1} + - librecad 2.1.3-2 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1351 + NOTE: librecad bundles libdxfrw + NOTE: https://github.com/LibreCAD/libdxfrw/commit/fcd977cc7f8f6cc7f012e5b72d33cf7d77b3fa69 +CVE-2021-21899 (A code execution vulnerability exists in the dwgCompressor::copyCompBy ...) + {DSA-5077-1 DLA-2838-1} + - librecad 2.1.3-2 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350 + NOTE: librecad bundles libdxfrw + NOTE: https://github.com/LibreCAD/libdxfrw/commit/6417118874333309aa10c4e59f954c3905a6e8b5 +CVE-2021-21898 (A code execution vulnerability exists in the dwgCompressor::decompress ...) + {DSA-5077-1 DLA-2838-1} + - librecad 2.1.3-2 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349 + NOTE: librecad bundles libdxfrw + NOTE: https://github.com/LibreCAD/libdxfrw/commit/ba3fa95648bef948e008dfbdd31a4d21badd71f0 +CVE-2021-21897 (A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ...) + - dxflib 3.26.4-1 + [bullseye] - dxflib <no-dsa> (Minor issue) + [buster] - dxflib <no-dsa> (Minor issue) + [stretch] - dxflib <no-dsa> (Minor issue) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346 + NOTE: https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8 + TODO: check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those +CVE-2021-21896 (A directory traversal vulnerability exists in the Web Manager FsBrowse ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21895 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21894 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21893 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2021-21892 (A stack-based buffer overflow vulnerability exists in the Web Manager ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21891 (A stack-based buffer overflow vulnerability exists in the Web Manager ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21890 (A stack-based buffer overflow vulnerability exists in the Web Manager ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21889 (A stack-based buffer overflow vulnerability exists in the Web Manager ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21888 (An OS command injection vulnerability exists in the Web Manager SslGen ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21887 (A stack-based buffer overflow vulnerability exists in the Web Manager ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21886 (A directory traversal vulnerability exists in the Web Manager FSBrowse ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21885 (A directory traversal vulnerability exists in the Web Manager FsMove f ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21884 (An OS command injection vulnerability exists in the Web Manager SslGen ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21883 (An OS command injection vulnerability exists in the Web Manager Diagno ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21882 (An OS command injection vulnerability exists in the Web Manager FsUnmo ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21881 (An OS command injection vulnerability exists in the Web Manager Wirele ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21880 (A directory traversal vulnerability exists in the Web Manager FsCopyFi ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21879 (A directory traversal vulnerability exists in the Web Manager File Upl ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21878 (A local file inclusion vulnerability exists in the Web Manager Applica ...) + NOT-FOR-US: Lantronix PremierWave +CVE-2021-21877 (Specially-crafted HTTP requests can lead to arbitrary command executio ...) + NOT-FOR-US: Lantronix +CVE-2021-21876 (Specially-crafted HTTP requests can lead to arbitrary command executio ...) + NOT-FOR-US: Lantronix +CVE-2021-21875 (A specially-crafted HTTP request can lead to arbitrary command executi ...) + NOT-FOR-US: Lantronix +CVE-2021-21874 (A specially-crafted HTTP request can lead to arbitrary command executi ...) + NOT-FOR-US: Lantronix +CVE-2021-21873 (A specially-crafted HTTP request can lead to arbitrary command executi ...) + NOT-FOR-US: Lantronix +CVE-2021-21872 (An OS command injection vulnerability exists in the Web Manager Diagno ...) + NOT-FOR-US: Lantronix +CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File Format Handle ...) + NOT-FOR-US: PowerISO +CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2021-21869 (An unsafe deserialization vulnerability exists in the Engine.plugin Pr ...) + NOT-FOR-US: CODESYS +CVE-2021-21868 (An unsafe deserialization vulnerability exists in the ObjectManager.pl ...) + NOT-FOR-US: CODESYS +CVE-2021-21867 (An unsafe deserialization vulnerability exists in the ObjectManager.pl ...) + NOT-FOR-US: CODESYS +CVE-2021-21866 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...) + NOT-FOR-US: CODESYS +CVE-2021-21865 (A unsafe deserialization vulnerability exists in the PackageManagement ...) + NOT-FOR-US: CODESYS +CVE-2021-21864 (A unsafe deserialization vulnerability exists in the ComponentModel Co ...) + NOT-FOR-US: CODESYS +CVE-2021-21863 (A unsafe deserialization vulnerability exists in the ComponentModel Pr ...) + NOT-FOR-US: CODESYS +CVE-2021-21862 (Multiple exploitable integer truncation vulnerabilities exist within t ...) + - gpac <not-affected> (Vulnerable code not present) + NOTE: Introduced in https://github.com/gpac/gpac/commit/69ae9059fc + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 + NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21861 (An exploitable integer truncation vulnerability exists within the MPEG ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 + NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21860 (An exploitable integer truncation vulnerability exists within the MPEG ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 + NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21859 (An exploitable integer truncation vulnerability exists within the MPEG ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298 + NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21858 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 + NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21857 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 + NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21856 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + - gpac <not-affected> (Vulnerable code not present) + NOTE: Introduced in https://github.com/gpac/gpac/commit/35c4644cb5 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 + NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21855 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 + NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21854 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 + NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21853 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299 + NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21852 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor <no-dsa> (Minor issue) + [buster] - ccextractor <no-dsa> (Minor issue) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/commit/592ba2689a3f2fc787371eda490fde4f84e60315 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21851 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + - gpac <not-affected> (Vulnerable code not present) + NOTE: Introduced in https://github.com/gpac/gpac/commit/0f9761c48541bc01f0c619b7d02916d28e87dea9 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21850 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21849 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21848 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21847 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21846 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21845 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21844 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21843 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21842 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21841 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21840 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21839 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21838 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21837 (Multiple exploitable integer overflow vulnerabilities exist within the ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21836 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21835 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) + - gpac <not-affected> (Vulnerable code not present) + NOTE: Introduced in https://github.com/gpac/gpac/commit/0f9761c48541bc01f0c619b7d02916d28e87dea9 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21834 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...) + {DSA-4966-1} + - gpac 1.0.1+dfsg1-5 + [buster] - gpac <not-affected> (Vulnerable code not present) + [stretch] - gpac <not-affected> (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297 + NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351 + NOTE: https://github.com/gpac/gpac/issues/1814 +CVE-2021-21833 (An improper array index validation vulnerability exists in the TIF IP_ ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2021-21832 (A memory corruption vulnerability exists in the ISO Parsing functional ...) + NOT-FOR-US: Disc Soft Ltd Deamon Tools Pro +CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2021-21830 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) + NOT-FOR-US: Xmill (AT&T Labs) +CVE-2021-21829 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) + NOT-FOR-US: Xmill (AT&T Labs) +CVE-2021-21828 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) + NOT-FOR-US: AT&T Labs Xmill +CVE-2021-21827 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) + NOT-FOR-US: AT&T Labs Xmill +CVE-2021-21826 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) + NOT-FOR-US: AT&T Labs Xmill +CVE-2021-21825 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...) + NOT-FOR-US: AT&T Labs Xmill +CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2021-21823 (An information disclosure vulnerability exists in the Friend finder fu ...) + NOT-FOR-US: GmbH Komoot +CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2021-21821 (A stack-based buffer overflow vulnerability exists in the PDF process_ ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2021-21820 (A hard-coded password vulnerability exists in the Libcli Test Environm ...) + NOT-FOR-US: D-LINK +CVE-2021-21819 (A code execution vulnerability exists in the Libcli Test Environment f ...) + NOT-FOR-US: D-LINK +CVE-2021-21818 (A hard-coded password vulnerability exists in the Zebra IP Routing Man ...) + NOT-FOR-US: D-LINK +CVE-2021-21817 (An information disclosure vulnerability exists in the Zebra IP Routing ...) + NOT-FOR-US: D-LINK +CVE-2021-21816 (An information disclosure vulnerability exists in the Syslog functiona ...) + NOT-FOR-US: D-LINK +CVE-2021-21815 (A stack-based buffer overflow vulnerability exists in the command-line ...) + NOT-FOR-US: Xmill (AT&T Labs) +CVE-2021-21814 (Within the function HandleFileArg the argument filepattern is under co ...) + NOT-FOR-US: Xmill (AT&T Labs) +CVE-2021-21813 (Within the function HandleFileArg the argument filepattern is under co ...) + NOT-FOR-US: Xmill (AT&T Labs) +CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the command-line ...) + NOT-FOR-US: Xmill (AT&T Labs) +CVE-2021-21811 (A memory corruption vulnerability exists in the XML-parsing CreateLabe ...) + NOT-FOR-US: Xmill (AT&T Labs) +CVE-2021-21810 (A memory corruption vulnerability exists in the XML-parsing ParseAttri ...) + NOT-FOR-US: AT&T Labs Xmill +CVE-2021-21809 (A command execution vulnerability exists in the default legacy spellch ...) + NOT-FOR-US: Moodle plugin +CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_proces ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2021-21807 (An integer overflow vulnerability exists in the DICOM parse_dicom_meta ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2021-21806 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...) + {DSA-4877-1} + - webkit2gtk 2.30.6-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.6-1 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214 +CVE-2021-21805 (An OS Command Injection vulnerability exists in the ping.php script fu ...) + NOT-FOR-US: Advantech R-SeeNet +CVE-2021-21804 (A local file inclusion (LFI) vulnerability exists in the options.php s ...) + NOT-FOR-US: Advantech R-SeeNet +CVE-2021-21803 (This vulnerability is present in device_graph_page.php script, which i ...) + NOT-FOR-US: Advantech R-SeeNet +CVE-2021-21802 (This vulnerability is present in device_graph_page.php script, which i ...) + NOT-FOR-US: Advantech R-SeeNet +CVE-2021-21801 (This vulnerability is present in device_graph_page.php script, which i ...) + NOT-FOR-US: Advantech R-SeeNet +CVE-2021-21800 (Cross-site scripting vulnerabilities exist in the ssh_form.php script ...) + NOT-FOR-US: Advantech R-SeeNet +CVE-2021-21799 (Cross-site scripting vulnerabilities exist in the telnet_form.php scri ...) + NOT-FOR-US: Advantech R-SeeNet +CVE-2021-21798 (An exploitable return of stack variable address vulnerability exists i ...) + NOT-FOR-US: Nitro Pro PDF +CVE-2021-21797 (An exploitable double-free vulnerability exists in the JavaScript impl ...) + NOT-FOR-US: Nitro Pro PDF +CVE-2021-21796 (An exploitable use-after-free vulnerability exists in the JavaScript i ...) + NOT-FOR-US: Nitro Pro PDF +CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD read_icc_ ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2021-21794 (An out-of-bounds write vulnerability exists in the TIF bits_per_sample ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2021-21793 (An out-of-bounds write vulnerability exists in the JPG sof_nb_comp hea ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2021-21792 (An information disclosure vulnerability exists in the the way IOBit Ad ...) + NOT-FOR-US: IOBit +CVE-2021-21791 (An information disclosure vulnerability exists in the the way IOBit Ad ...) + NOT-FOR-US: IOBit +CVE-2021-21790 (An information disclosure vulnerability exists in the the way IOBit Ad ...) + NOT-FOR-US: IOBit +CVE-2021-21789 (A privilege escalation vulnerability exists in the way IOBit Advanced ...) + NOT-FOR-US: IOBit +CVE-2021-21788 (A privilege escalation vulnerability exists in the way IOBit Advanced ...) + NOT-FOR-US: IOBit +CVE-2021-21787 (A privilege escalation vulnerability exists in the way IOBit Advanced ...) + NOT-FOR-US: IOBit +CVE-2021-21786 (A privilege escalation vulnerability exists in the IOCTL 0x9c406144 ha ...) + NOT-FOR-US: IOBit +CVE-2021-21785 (An information disclosure vulnerability exists in the IOCTL 0x9c40a148 ...) + NOT-FOR-US: IOBit +CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format SOF mark ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugin func ...) + - gsoap <unfixed> (unimportant) + NOTE: Mis-assignment/report, see #987273. Should be rejected + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245 +CVE-2021-21782 (An out-of-bounds write vulnerability exists in the SGI format buffer s ...) + NOT-FOR-US: ImageGear +CVE-2021-21781 (An information disclosure vulnerability exists in the ARM SIGPAGE func ...) + {DLA-2713-1} + - linux 5.10.19-1 + [buster] - linux 4.19.177-1 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243 + NOTE: https://git.kernel.org/linus/9c698bff66ab4914bb3d71da7dc6112519bde23e +CVE-2021-21780 + RESERVED +CVE-2021-21779 (A use-after-free vulnerability exists in the way Webkit’s Graphi ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [bullseye] - webkit2gtk <postponed> (Fix along with next update round) + [buster] - webkit2gtk <postponed> (Fix along with next update round) + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + [bullseye] - wpewebkit <postponed> (Minor issue, fix along with next update) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238 +CVE-2021-21778 (A denial of service vulnerability exists in the ASDU message processin ...) + NOT-FOR-US: MZ Automation GmbH lib60870.NET +CVE-2021-21777 (An information disclosure vulnerability exists in the Ethernet/IP UDP ...) + NOT-FOR-US: EIP Stack Group OpENer +CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format Buffer S ...) + NOT-FOR-US: ImageGear +CVE-2021-21775 (A use-after-free vulnerability exists in the way certain events are pr ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [bullseye] - webkit2gtk <postponed> (Fix along with next update round) + [buster] - webkit2gtk <postponed> (Fix along with next update round) + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + [bullseye] - wpewebkit <postponed> (Minor issue, fix along with next update) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229 +CVE-2021-21774 + REJECTED +CVE-2021-21773 (An out-of-bounds write vulnerability exists in the TIFF header count-p ...) + NOT-FOR-US: ImageGear +CVE-2021-21772 (A use-after-free vulnerability exists in the NMR::COpcPackageReader::r ...) + {DSA-4887-1} + - lib3mf 1.8.1+ds-4 (bug #985092) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1226 +CVE-2021-21771 + RESERVED +CVE-2021-21770 + RESERVED +CVE-2021-21769 + RESERVED +CVE-2021-21768 + RESERVED +CVE-2021-21767 + RESERVED +CVE-2021-21766 + RESERVED +CVE-2021-21765 + RESERVED +CVE-2021-21764 + RESERVED +CVE-2021-21763 + RESERVED +CVE-2021-21762 + RESERVED +CVE-2021-21761 + RESERVED +CVE-2021-21760 + RESERVED +CVE-2021-21759 + RESERVED +CVE-2021-21758 + RESERVED +CVE-2021-21757 + RESERVED +CVE-2021-21756 + RESERVED +CVE-2021-21755 + RESERVED +CVE-2021-21754 + RESERVED +CVE-2021-21753 + RESERVED +CVE-2021-21752 + RESERVED +CVE-2021-21751 (ZTE BigVideo analysis product has an input verification vulnerability. ...) + NOT-FOR-US: ZTE +CVE-2021-21750 (ZTE BigVideo Analysis product has a privilege escalation vulnerability ...) + NOT-FOR-US: ZTE +CVE-2021-21749 (ZTE MF971R product has two stack-based buffer overflow vulnerabilities ...) + NOT-FOR-US: ZTE +CVE-2021-21748 (ZTE MF971R product has two stack-based buffer overflow vulnerabilities ...) + NOT-FOR-US: ZTE +CVE-2021-21747 (ZTE MF971R product has reflective XSS vulnerability. An attacker could ...) + NOT-FOR-US: ZTE +CVE-2021-21746 (ZTE MF971R product has reflective XSS vulnerability. An attacker could ...) + NOT-FOR-US: ZTE +CVE-2021-21745 (ZTE MF971R product has a Referer authentication bypass vulnerability. ...) + NOT-FOR-US: ZTE +CVE-2021-21744 (ZTE MF971R product has a configuration file control vulnerability. An ...) + NOT-FOR-US: ZTE +CVE-2021-21743 (ZTE MF971R product has a CRLF injection vulnerability. An attacker cou ...) + NOT-FOR-US: ZTE +CVE-2021-21742 (There is an information leak vulnerability in the message service app ...) + NOT-FOR-US: ZTE +CVE-2021-21741 (A conference management system of ZTE is impacted by a command executi ...) + NOT-FOR-US: ZTE +CVE-2021-21740 (There is an information leak vulnerability in the digital media player ...) + NOT-FOR-US: ZTE +CVE-2021-21739 (A ZTE's product of the transport network access layer has a security v ...) + NOT-FOR-US: ZTE +CVE-2021-21738 (ZTE's big video business platform has two reflective cross-site script ...) + NOT-FOR-US: ZTE +CVE-2021-21737 (A smart STB product of ZTE is impacted by a permission and access cont ...) + NOT-FOR-US: ZTE +CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and access c ...) + NOT-FOR-US: ZTE +CVE-2021-21735 (A ZTE product has an information leak vulnerability. Due to improper p ...) + NOT-FOR-US: ZTE +CVE-2021-21734 (Some PON MDU devices of ZTE stored sensitive information in plaintext, ...) + NOT-FOR-US: ZTE +CVE-2021-21733 (The management system of ZXCDN is impacted by the information leak vul ...) + NOT-FOR-US: ZXCDN +CVE-2021-21732 (A mobile phone of ZTE is impacted by improper access control vulnerabi ...) + NOT-FOR-US: ZTE +CVE-2021-21731 (A CSRF vulnerability exists in the management page of a ZTE product.Th ...) + NOT-FOR-US: ZTE +CVE-2021-21730 (A ZTE product is impacted by improper access control vulnerability. Th ...) + NOT-FOR-US: ZTE +CVE-2021-21729 (Some ZTE products have CSRF vulnerability. Because some pages lack CSR ...) + NOT-FOR-US: ZTE +CVE-2021-21728 (A ZTE product has a configuration error vulnerability. Because a certa ...) + NOT-FOR-US: ZTE +CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...) + NOT-FOR-US: ZTE +CVE-2021-21726 (Some ZTE products have an input verification vulnerability in the diag ...) + NOT-FOR-US: ZTE +CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with ...) + NOT-FOR-US: ZTE +CVE-2021-21724 (A ZTE product has a memory leak vulnerability. Due to the product's im ...) + NOT-FOR-US: ZTE +CVE-2021-21723 (Some ZTE products have a DoS vulnerability. Due to the improper handli ...) + NOT-FOR-US: ZTE +CVE-2021-21722 (A ZTE Smart STB is impacted by an information leak vulnerability. The ...) + NOT-FOR-US: ZTE +CVE-2021-21721 + RESERVED +CVE-2021-21720 + RESERVED +CVE-2021-21719 + RESERVED +CVE-2021-21718 + RESERVED +CVE-2021-21717 + RESERVED +CVE-2021-21716 + RESERVED +CVE-2021-21715 + RESERVED +CVE-2021-21714 + RESERVED +CVE-2021-21713 + RESERVED +CVE-2021-21712 + RESERVED +CVE-2021-21711 + RESERVED +CVE-2021-21710 + RESERVED +CVE-2021-21709 + RESERVED +CVE-2021-21708 + RESERVED + {DSA-5082-1} + - php8.1 <unfixed> + - php7.4 <removed> + - php7.3 <removed> + - php7.0 <removed> + NOTE: Fixed in 8.1.3, 7.4.28 + NOTE: PHP Bug: https://bugs.php.net/81708 +CVE-2021-21707 (In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...) + {DSA-5082-1} + - php8.1 8.1.0-1 + - php8.0 <removed> + - php7.4 7.4.26-1 + - php7.3 <removed> + [buster] - php7.3 <no-dsa> (Minor issue, fix along with next DSA) + - php7.0 <removed> + [stretch] - php7.0 <no-dsa> (Minor issue, fix along with next DLA) + NOTE: Fixed in 8.1.0, 8.0.13, 7.4.26, 7.3.33 + NOTE: PHP Bug: https://bugs.php.net/79971 + NOTE: https://github.com/php/php-src/commit/f15f8fc573eb38c3c73e23e0930063a6f6409ed4 +CVE-2021-21706 (In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below ...) + - php8.0 <not-affected> (Windows specific issue) + - php7.4 <not-affected> (Windows specific issue) + - php7.3 <not-affected> (Windows specific issue) + - php7.0 <not-affected> (Windows specific issue) + NOTE: Fixed in 8.0.11, 7.4.24, 7.3.31 + NOTE: PHP Bug: https://bugs.php.net/81420 +CVE-2021-21705 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...) + {DSA-4935-1 DLA-2708-1} + - php8.0 8.0.8-1 (bug #990575) + - php7.4 7.4.21-1+deb11u1 + - php7.3 <removed> + - php7.0 <removed> + NOTE: Fixed in 8.0.8, 7.4.21, 7.3.29 + NOTE: PHP Bug: https://bugs.php.net/81122 +CVE-2021-21704 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...) + {DSA-4935-1 DLA-2708-1} + - php8.0 8.0.8-1 (bug #990575) + - php7.4 7.4.21-1+deb11u1 + - php7.3 <removed> + - php7.0 <removed> + NOTE: Fixed in 8.0.8, 7.4.21, 7.3.29 + NOTE: PHP Bug: https://bugs.php.net/76448 + NOTE: PHP Bug: https://bugs.php.net/76449 + NOTE: PHP Bug: https://bugs.php.net/76450 + NOTE: PHP Bug: https://bugs.php.net/76452 +CVE-2021-21703 (In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 a ...) + {DSA-4993-1 DSA-4992-1 DLA-2794-1} + - php8.0 <removed> + - php7.4 7.4.26-1 (bug #997003) + - php7.3 <removed> + - php7.0 <removed> + NOTE: Fixed in 8.0.12, 7.4.25 + NOTE: PHP Bug: http://bugs.php.net/81026 + NOTE: https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b + NOTE: https://www.ambionics.io/blog/php-fpm-local-root + NOTE: https://www.openwall.com/lists/oss-security/2021/10/26/7 +CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...) + {DSA-4856-1 DLA-2708-1} + - php8.0 8.0.2-1 + - php7.4 7.4.15-1 + - php7.3 <removed> + - php7.0 <removed> + NOTE: Fixed in PHP 8.0.2, 7.4.15, 7.3.27 + NOTE: PHP Bug: https://bugs.php.net/80672 +CVE-2021-21701 (Jenkins Performance Plugin 3.20 and earlier does not configure its XML ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21700 (Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of s ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21699 (Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the pa ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21698 (Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the nam ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21697 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to ...) + - jenkins <removed> +CVE-2021-21696 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agen ...) + - jenkins <removed> +CVE-2021-21695 (FilePath#listFiles lists files outside directories that agents are all ...) + - jenkins <removed> +CVE-2021-21694 (FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isD ...) + - jenkins <removed> +CVE-2021-21693 (When creating temporary files, agent-to-controller access to create th ...) + - jenkins <removed> +CVE-2021-21692 (FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and ...) + - jenkins <removed> +CVE-2021-21691 (Creating symbolic links is possible without the 'symlink' agent-to-con ...) + - jenkins <removed> +CVE-2021-21690 (Agent processes are able to completely bypass file path filtering by w ...) + - jenkins <removed> +CVE-2021-21689 (FilePath#unzip and FilePath#untar were not subject to any agent-to-con ...) + - jenkins <removed> +CVE-2021-21688 (The agent-to-controller security check FilePath#reading(FileVisitor) i ...) + - jenkins <removed> +CVE-2021-21687 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agen ...) + - jenkins <removed> +CVE-2021-21686 (File path filters in the agent-to-controller security subsystem of Jen ...) + - jenkins <removed> +CVE-2021-21685 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agen ...) + - jenkins <removed> +CVE-2021-21684 (Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 che ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21683 (The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier ...) + - jenkins <removed> +CVE-2021-21682 (Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jo ...) + - jenkins <removed> +CVE-2021-21681 (Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencry ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21680 (Jenkins Nested View Plugin 1.20 and earlier does not configure its XML ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21679 (Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21678 (Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs t ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21677 (Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenk ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21676 (Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a pe ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21675 (A cross-site request forgery (CSRF) vulnerability in Jenkins requests- ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21674 (A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21673 (Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redi ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21672 (Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21671 (Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate ...) + - jenkins <removed> +CVE-2021-21670 (Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to can ...) + - jenkins <removed> +CVE-2021-21669 (Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not confi ...) + NOT-FOR-US: Jenkins Generic Webhook Trigger Plugin +CVE-2021-21668 (Jenkins Scriptler Plugin 3.1 and earlier does not escape script conten ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21667 (Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter nam ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21666 (Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query paramete ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21665 (A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21664 (An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10 ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21663 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21662 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0. ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21661 (Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform perm ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21660 (Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21659 (Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21658 (Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21657 (Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21656 (Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21655 (A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21654 (Jenkins P4 Plugin 1.11.4 and earlier does not perform permission check ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21653 (Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21652 (A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Te ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21651 (Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a perm ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21650 (Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Ar ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21649 (Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs re ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21648 (Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-con ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21647 (Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a perm ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21646 (Jenkins Templating Engine Plugin 2.1 and earlier does not protect its ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21645 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21644 (A cross-site request forgery (CSRF) vulnerability in Jenkins Config Fi ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21643 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not correct ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21642 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not configu ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21641 (A cross-site request forgery (CSRF) vulnerability in Jenkins promoted ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21640 (Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly c ...) + - jenkins <removed> +CVE-2021-21639 (Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate t ...) + - jenkins <removed> +CVE-2021-21638 (A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foun ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21637 (A missing permission check in Jenkins Team Foundation Server Plugin 5. ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21636 (A missing permission check in Jenkins Team Foundation Server Plugin 5. ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21635 (Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21634 (Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier sto ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21633 (A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dep ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21632 (A missing permission check in Jenkins OWASP Dependency-Track Plugin 3. ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21631 (Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a pe ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21630 (Jenkins Extra Columns Plugin 1.22 and earlier does not escape paramete ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21629 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build Wit ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21628 (Jenkins Build With Parameters Plugin 1.5 and earlier does not escape p ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21627 (A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt A ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21626 (Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not per ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21625 (Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not per ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21624 (An incorrect permission check in Jenkins Role-based Authorization Stra ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21623 (An incorrect permission check in Jenkins Matrix Authorization Strategy ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21622 (Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does no ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21621 (Jenkins Support Core Plugin 2.72 and earlier provides the serialized u ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21620 (A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plu ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21619 (Jenkins Claim Plugin 2.18.1 and earlier does not escape the user displ ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21618 (Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21617 (A cross-site request forgery (CSRF) vulnerability in Jenkins Configura ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21616 (Jenkins Active Choices Plugin 2.5.2 and earlier does not escape refere ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21615 (Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the ...) + - jenkins <removed> +CVE-2021-21614 (Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials u ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21613 (Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS servic ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21612 (Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credenti ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-21611 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape dis ...) + - jenkins <removed> +CVE-2021-21610 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement ...) + - jenkins <removed> +CVE-2021-21609 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly ...) + - jenkins <removed> +CVE-2021-21608 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape but ...) + - jenkins <removed> +CVE-2021-21607 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit size ...) + - jenkins <removed> +CVE-2021-21606 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validate ...) + - jenkins <removed> +CVE-2021-21605 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with A ...) + - jenkins <removed> +CVE-2021-21604 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers wi ...) + - jenkins <removed> +CVE-2021-21603 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape not ...) + - jenkins <removed> +CVE-2021-21602 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbi ...) + - jenkins <removed> +CVE-2021-21601 (Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and p ...) + NOT-FOR-US: EMC +CVE-2021-21600 (Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource co ...) + NOT-FOR-US: EMC +CVE-2021-21599 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS comma ...) + NOT-FOR-US: EMC +CVE-2021-21598 (Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive ...) + NOT-FOR-US: Dell Wyse ThinOS +CVE-2021-21597 (Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclo ...) + NOT-FOR-US: Dell Wyse ThinOS +CVE-2021-21596 (Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenMan ...) + NOT-FOR-US: Dell OpenManage Enterprise +CVE-2021-21595 (Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper ...) + NOT-FOR-US: EMC +CVE-2021-21594 (Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get re ...) + NOT-FOR-US: Dell +CVE-2021-21593 + RESERVED +CVE-2021-21592 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an ...) + NOT-FOR-US: EMC +CVE-2021-21591 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...) + NOT-FOR-US: EMC +CVE-2021-21590 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...) + NOT-FOR-US: EMC +CVE-2021-21589 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...) + NOT-FOR-US: EMC +CVE-2021-21588 (Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vu ...) + NOT-FOR-US: EMC +CVE-2021-21587 (Dell Wyse Management Suite versions 3.2 and earlier contain a full pat ...) + NOT-FOR-US: Dell +CVE-2021-21586 (Wyse Management Suite versions 3.2 and earlier contain an absolute pat ...) + NOT-FOR-US: Dell +CVE-2021-21585 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS comma ...) + NOT-FOR-US: Dell OpenManage Enterprise +CVE-2021-21584 (Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modul ...) + NOT-FOR-US: Dell OpenManage Enterprise +CVE-2021-21583 + RESERVED +CVE-2021-21582 + RESERVED +CVE-2021-21581 (Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scri ...) + NOT-FOR-US: EMC +CVE-2021-21580 (Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 ver ...) + NOT-FOR-US: EMC +CVE-2021-21579 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect ...) + NOT-FOR-US: EMC +CVE-2021-21578 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect ...) + NOT-FOR-US: EMC +CVE-2021-21577 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross ...) + NOT-FOR-US: EMC +CVE-2021-21576 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross ...) + NOT-FOR-US: EMC +CVE-2021-21575 + RESERVED +CVE-2021-21574 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...) + NOT-FOR-US: Dell +CVE-2021-21573 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...) + NOT-FOR-US: Dell +CVE-2021-21572 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...) + NOT-FOR-US: Dell +CVE-2021-21571 (Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature a ...) + NOT-FOR-US: Dell +CVE-2021-21570 (Dell NetWorker, versions 18.x and 19.x contain an Information disclosu ...) + NOT-FOR-US: Dell +CVE-2021-21569 (Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulner ...) + NOT-FOR-US: Dell +CVE-2021-21568 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficie ...) + NOT-FOR-US: EMC +CVE-2021-21567 (Dell PowerScale OneFS 9.1.0.x contains an improper privilege managemen ...) + NOT-FOR-US: Dell +CVE-2021-21566 + RESERVED +CVE-2021-21565 (Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of ...) + NOT-FOR-US: Dell +CVE-2021-21564 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper ...) + NOT-FOR-US: Dell +CVE-2021-21563 (Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper C ...) + NOT-FOR-US: EMC +CVE-2021-21562 (Dell EMC PowerScale OneFS contains an untrusted search path vulnerabil ...) + NOT-FOR-US: EMC +CVE-2021-21561 (Dell PowerScale OneFS version 8.1.2 contains a sensitive information e ...) + NOT-FOR-US: Dell +CVE-2021-21560 + RESERVED +CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19 ...) + NOT-FOR-US: EMC +CVE-2021-21558 (Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, co ...) + NOT-FOR-US: EMC +CVE-2021-21557 (Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain ...) + NOT-FOR-US: Dell +CVE-2021-21556 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) + NOT-FOR-US: Dell +CVE-2021-21555 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) + NOT-FOR-US: Dell +CVE-2021-21554 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...) + NOT-FOR-US: Dell +CVE-2021-21553 (Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User M ...) + NOT-FOR-US: Dell +CVE-2021-21552 (Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier ...) + NOT-FOR-US: Dell +CVE-2021-21551 (Dell dbutil_2_3.sys driver contains an insufficient access control vul ...) + NOT-FOR-US: Dell +CVE-2021-21550 (Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralizati ...) + NOT-FOR-US: EMC +CVE-2021-21549 (Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Reque ...) + NOT-FOR-US: EMC +CVE-2021-21548 + RESERVED +CVE-2021-21547 (Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 ...) + NOT-FOR-US: EMC +CVE-2021-21546 (Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 c ...) + NOT-FOR-US: EMC +CVE-2021-21545 (Dell Peripheral Manager 1.3.1 or greater contains remediation for a lo ...) + NOT-FOR-US: Dell +CVE-2021-21544 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authe ...) + NOT-FOR-US: EMC +CVE-2021-21543 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored c ...) + NOT-FOR-US: EMC +CVE-2021-21542 (Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored c ...) + NOT-FOR-US: EMC +CVE-2021-21541 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross ...) + NOT-FOR-US: EMC +CVE-2021-21540 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based ove ...) + NOT-FOR-US: EMC +CVE-2021-21539 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check T ...) + NOT-FOR-US: EMC +CVE-2021-21538 (Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00 ...) + NOT-FOR-US: EMC +CVE-2021-21537 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...) + NOT-FOR-US: Dell Hybrid Client +CVE-2021-21536 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...) + NOT-FOR-US: Dell Hybrid Client +CVE-2021-21535 (Dell Hybrid Client versions prior to 1.5 contain a missing authenticat ...) + NOT-FOR-US: Dell Hybrid Client +CVE-2021-21534 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...) + NOT-FOR-US: Dell Hybrid Client +CVE-2021-21533 (Wyse Management Suite versions up to 3.2 contains a vulnerability wher ...) + NOT-FOR-US: Wyse Management Suite +CVE-2021-21532 (Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper manageme ...) + NOT-FOR-US: Dell Wyse ThinOS +CVE-2021-21531 (Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Autho ...) + NOT-FOR-US: Dell +CVE-2021-21530 (Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 c ...) + NOT-FOR-US: Dell +CVE-2021-21529 (Dell System Update (DSU) 1.9 and earlier versions contain a denial of ...) + NOT-FOR-US: Dell System Update (DSU) +CVE-2021-21528 (Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an ...) + NOT-FOR-US: EMC +CVE-2021-21527 (Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization o ...) + NOT-FOR-US: Dell +CVE-2021-21526 (Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in ...) + NOT-FOR-US: Dell PowerScale OneFS +CVE-2021-21525 + RESERVED +CVE-2021-21524 (Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5. ...) + NOT-FOR-US: Dell +CVE-2021-21523 + RESERVED +CVE-2021-21522 (Dell BIOS contains a Credentials Management issue. A local authenticat ...) + NOT-FOR-US: Dell +CVE-2021-21521 + RESERVED +CVE-2021-21520 + RESERVED +CVE-2021-21519 + RESERVED +CVE-2021-21518 (Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4. ...) + NOT-FOR-US: Dell SupportAssist Client for Consumer PCs +CVE-2021-21517 (SRS Policy Manager 6.X is affected by an XML External Entity Injection ...) + NOT-FOR-US: SRS Policy Manager +CVE-2021-21516 + RESERVED +CVE-2021-21515 (Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross ...) + NOT-FOR-US: EMC +CVE-2021-21514 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior ...) + NOT-FOR-US: EMC +CVE-2021-21513 (Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft ...) + NOT-FOR-US: EMC +CVE-2021-21512 (Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an In ...) + NOT-FOR-US: EMC +CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Aut ...) + NOT-FOR-US: EMC Avamar Server +CVE-2021-21510 (Dell iDRAC8 versions prior to 2.75.100.75 contain a host header inject ...) + NOT-FOR-US: Dell iDRAC8 +CVE-2021-21509 + RESERVED +CVE-2021-21508 + RESERVED +CVE-2021-21507 (Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and De ...) + NOT-FOR-US: EMC +CVE-2021-21506 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...) + NOT-FOR-US: PowerScale OneFS +CVE-2021-21505 (Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 190 ...) + NOT-FOR-US: EMC +CVE-2021-21504 + RESERVED +CVE-2021-21503 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...) + NOT-FOR-US: PowerScale OneFS +CVE-2021-21502 (Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of S ...) + NOT-FOR-US: Dell +CVE-2021-21501 (Improper configuration will cause ServiceComb ServiceCenter Directory ...) + NOT-FOR-US: Apache ServiceComb +CVE-2021-21500 + RESERVED +CVE-2021-21499 + RESERVED +CVE-2021-21498 + RESERVED +CVE-2021-21497 + RESERVED +CVE-2021-21496 + RESERVED +CVE-2021-3007 (** DISPUTED ** Laminas Project laminas-http before 2.14.2, and Zend Fr ...) + NOT-FOR-US: laminas-http +CVE-2021-21495 (MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the ce ...) + NOT-FOR-US: MK-AUTH +CVE-2021-21494 (MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo ...) + NOT-FOR-US: MK-AUTH +CVE-2021-3006 (The breed function in the smart contract implementation for Farm in Se ...) + NOT-FOR-US: Farm in Seal Finance (Seal) Ethereum token +CVE-2021-3005 (MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: MK-AUTH +CVE-2021-3004 (The _deposit function in the smart contract implementation for Stable ...) + NOT-FOR-US: Stable Yield Credit (yCREDIT) Ethereum token +CVE-2021-3003 (Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenzi ...) + NOT-FOR-US: Agenzia delle Entrate Desktop Telematico +CVE-2021-3002 (Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?se ...) + NOT-FOR-US: Seo Panel +CVE-2021-3001 + RESERVED +CVE-2021-21493 (When a user opens manipulated Graphics Interchange Format (.GIF) forma ...) + NOT-FOR-US: SAP +CVE-2021-21492 (SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, ...) + NOT-FOR-US: SAP +CVE-2021-21491 (SAP Netweaver Application Server Java (Applications based on WebDynpro ...) + NOT-FOR-US: SAP +CVE-2021-21490 (SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, ...) + NOT-FOR-US: SAP +CVE-2021-21489 (SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.3 ...) + NOT-FOR-US: SAP +CVE-2021-21488 (Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allow ...) + NOT-FOR-US: Knowledge Management +CVE-2021-21487 (SAP Payment Engine version 500, does not perform necessary authorizati ...) + NOT-FOR-US: SAP +CVE-2021-21486 (SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 6 ...) + NOT-FOR-US: SAP +CVE-2021-21485 (An unauthorized attacker may be able to entice an administrator to inv ...) + NOT-FOR-US: SAP +CVE-2021-21484 (LDAP authentication in SAP HANA Database version 2.0 can be bypassed i ...) + NOT-FOR-US: SAP +CVE-2021-21483 (Under certain conditions SAP Solution Manager, version - 720, allows a ...) + NOT-FOR-US: SAP +CVE-2021-21482 (SAP NetWeaver Master Data Management, versions - 710, 710.750, allows ...) + NOT-FOR-US: SAP +CVE-2021-21481 (The MigrationService, which is part of SAP NetWeaver versions 7.10, 7. ...) + NOT-FOR-US: SAP +CVE-2021-21480 (SAP MII allows users to create dashboards and save them as JSP through ...) + NOT-FOR-US: SAP +CVE-2021-21479 (In SCIMono before 0.0.19, it is possible for an attacker to inject and ...) + NOT-FOR-US: SAP +CVE-2021-21478 (SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious ...) + NOT-FOR-US: SAP +CVE-2021-21477 (SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certa ...) + NOT-FOR-US: SAP +CVE-2021-21476 (SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1 ...) + NOT-FOR-US: SAP +CVE-2021-21475 (Under specific circumstances SAP Master Data Management, versions - 71 ...) + NOT-FOR-US: SAP +CVE-2021-21474 (SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 d ...) + NOT-FOR-US: SAP +CVE-2021-21473 (SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711 ...) + NOT-FOR-US: SAP +CVE-2021-21472 (SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Manag ...) + NOT-FOR-US: SAP +CVE-2021-21471 (In CLA-Assistant, versions before 2.8.5, due to improper access contro ...) + NOT-FOR-US: CLA-Assistant +CVE-2021-21470 (SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in ...) + NOT-FOR-US: SAP +CVE-2021-21469 (When security guidelines for SAP NetWeaver Master Data Management runn ...) + NOT-FOR-US: SAP +CVE-2021-21468 (The BW Database Interface does not perform necessary authorization che ...) + NOT-FOR-US: SAP +CVE-2021-21467 (SAP Banking Services (Generic Market Data) does not perform necessary ...) + NOT-FOR-US: SAP +CVE-2021-21466 (SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 75 ...) + NOT-FOR-US: SAP +CVE-2021-21465 (The BW Database Interface allows an attacker with low privileges to ex ...) + NOT-FOR-US: SAP +CVE-2021-21464 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21463 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21462 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21461 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21460 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21459 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21458 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21457 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21456 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21455 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21454 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21453 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21452 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21451 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21450 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21449 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-21448 (SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon ...) + NOT-FOR-US: SAP +CVE-2021-21447 (SAP BusinessObjects Business Intelligence platform, versions 410, 420, ...) + NOT-FOR-US: SAP +CVE-2021-21446 (SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, all ...) + NOT-FOR-US: SAP +CVE-2021-21445 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an ...) + NOT-FOR-US: SAP +CVE-2021-21444 (SAP Business Objects BI Platform, versions - 410, 420, 430, allows mul ...) + NOT-FOR-US: SAP +CVE-2021-21443 (Agents are able to list customer user emails without required permissi ...) + - otrs2 6.0.32-6 (bug #991593) + [buster] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <no-dsa> (Non-free not supported) + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-13/ + NOTE: https://github.com/znuny/Znuny/commit/48ee5532911be5453cc8bed1e437a64c21bcc072 + NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) +CVE-2021-21442 (In the project create screen it's possible to inject malicious JS code ...) + NOT-FOR-US: OTRS TimeAccounting module +CVE-2021-21441 (There is a XSS vulnerability in the ticket overview screens. It's poss ...) + - otrs2 6.0.32-5 (bug #989992) + [buster] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <no-dsa> (Non-free not supported) + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-11/ + NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye + NOTE: src:otrs2 is the znuny fork) +CVE-2021-21440 (Generated Support Bundles contains private S/MIME and PGP keys if cont ...) + - otrs2 6.0.32-6 (bug #991593) + [buster] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <no-dsa> (Non-free not supported) + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/ + NOTE: https://github.com/znuny/Znuny/commit/c5c90087d4187da5c456a80289fa088a19511934 + NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) +CVE-2021-21439 (DoS attack can be performed when an email contains specially designed ...) + - otrs2 6.0.32-5 (bug #989992) + [buster] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <no-dsa> (Non-free not supported) + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-09/ + NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye + NOTE: src:otrs2 is the znuny fork) +CVE-2021-21438 (Agents are able to see linked FAQ articles without permissions (define ...) + NOT-FOR-US: OTRS FAQ addon (and OTRS 7 which is proprietary) +CVE-2021-21437 (Agents are able to see linked Config Items without permissions, which ...) + NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon) +CVE-2021-21436 (Agents are able to see and link Config Items without permissions, whic ...) + NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon) +CVE-2021-21435 (Article Bcc fields and agent personal information are shown when custo ...) + - otrs2 <not-affected> (Doesn't affect OTRS as packaged in Debian, see bug #982586) + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-02/ +CVE-2021-21434 (Survey administrator can craft a survey in such way that malicious cod ...) + NOT-FOR-US: OTRS Survey addon +CVE-2021-21433 (Discord Recon Server is a bot that allows you to do your reconnaissanc ...) + NOT-FOR-US: Discord Recon Server +CVE-2021-21432 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) + NOT-FOR-US: Vela +CVE-2021-21431 (sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior ...) + NOT-FOR-US: sopel-channelmgnt +CVE-2021-21430 (OpenAPI Generator allows generation of API client libraries (SDK gener ...) + NOT-FOR-US: OpenAPI Generator +CVE-2021-21429 (OpenAPI Generator allows generation of API client libraries, server st ...) + NOT-FOR-US: OpenAPI Generator +CVE-2021-21428 (Openapi generator is a java tool which allows generation of API client ...) + NOT-FOR-US: OpenAPI Generator +CVE-2021-21427 (Magento-lts is a long-term support alternative to Magento Community Ed ...) + NOT-FOR-US: Magento LTS (alternative to Magento Community Edition) +CVE-2021-21426 (Magento-lts is a long-term support alternative to Magento Community Ed ...) + NOT-FOR-US: Magento LTS (alternative to Magento Community Edition) +CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a way to con ...) + NOT-FOR-US: Grav Admin Plugin +CVE-2021-21424 (Symfony is a PHP framework for web and console applications and a set ...) + - symfony 4.4.19+dfsg-2 + [buster] - symfony <no-dsa> (Minor issue; can be fixed via point release) + [stretch] - symfony <postponed> (Minor issue) + NOTE: https://symfony.com/blog/cve-2021-21424-prevent-user-enumeration-in-authentication-mechanisms + NOTE: https://github.com/symfony/symfony/commit/f012eee6c6034a94566dff596fe4e16dfc5d9c1f +CVE-2021-21423 (`projen` is a project generation tool that synthesizes project configu ...) + NOT-FOR-US: projen +CVE-2021-21422 (mongo-express is a web-based MongoDB admin interface, written with Nod ...) + NOT-FOR-US: mongo-express +CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client. Applications that a ...) + NOT-FOR-US: node-etsy-client +CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A vulnerability ...) + NOT-FOR-US: vscode-stripe Visual Studio Code extension +CVE-2021-21419 (Eventlet is a concurrent networking library for Python. A websocket pe ...) + - python-eventlet 0.26.1-7 (bug #988342) + [buster] - python-eventlet <no-dsa> (Minor issue) + [stretch] - python-eventlet <no-dsa> (Minor issue) + NOTE: https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2 + NOTE: Fixed by: https://github.com/eventlet/eventlet/commit/1412f5e4125b4313f815778a1acb4d3336efcd07 + NOTE: Issue present as well in versions before introduction of per-message-defalte extension + NOTE: or compression extension support. + NOTE: Patch for 0.20 by SuSE: https://bugzilla.suse.com/attachment.cgi?id=849402&action=diff +CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the Prest ...) + NOT-FOR-US: PrestaShop +CVE-2021-21417 (fluidsynth is a software synthesizer based on the SoundFont 2 specific ...) + {DLA-2697-1} + - fluidsynth 2.1.7-1.1 + [buster] - fluidsynth 1.1.11-1+deb10u1 + NOTE: https://github.com/FluidSynth/fluidsynth/issues/808 + NOTE: https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9 +CVE-2021-21416 (django-registration is a user registration package for Django. The dja ...) + - python-django-registration <unfixed> (bug #987366) + [stretch] - python-django-registration <no-dsa> (Minor issue) + NOTE: https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh + NOTE: https://github.com/ubernostrum/django-registration/commit/8206af081e239598cfd15d165d4d8ab9849ee23c +CVE-2021-21415 (Prisma VS Code a VSCode extension for Prisma schema files. This is a R ...) + NOT-FOR-US: Prisma VS Code a VSCode extension +CVE-2021-21414 (Prisma is an open source ORM for Node.js & TypeScript. As of today ...) + NOT-FOR-US: Prisma +CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...) + NOT-FOR-US: Node isolated-vm +CVE-2021-21412 (Potential for arbitrary code execution in npm package @thi.ng/egf `#gp ...) + NOT-FOR-US: Node @thi.ng/egf +CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides authenticat ...) + - oauth2-proxy <itp> (bug #982891) +CVE-2021-21410 (Contiki-NG is an open-source, cross-platform operating system for Next ...) + NOT-FOR-US: Contiki-NG +CVE-2021-21409 (Netty is an open-source, asynchronous event-driven network application ...) + {DSA-4885-1} + - netty 1:4.1.48-4 (bug #986217) + [stretch] - netty <ignored> (Minor issue, fix requires major changes of HTTP2 module) + NOTE: Fixed by: https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432 + NOTE: https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32 + NOTE: Is a followup to: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj +CVE-2021-21408 (Smarty is a template engine for PHP, facilitating the separation of pr ...) + - smarty3 <unfixed> + NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m + NOTE: https://github.com/smarty-php/smarty/commit/28519ca00fe6890ef2d464f8400a16188c4b6f36 (3.1.43) +CVE-2021-21407 (Combodo iTop is an open source, web based IT Service Management tool. ...) + NOT-FOR-US: Combodo iTop +CVE-2021-21406 (Combodo iTop is an open source, web based IT Service Management tool. ...) + NOT-FOR-US: Combodo iTop +CVE-2021-21405 (Lotus is an Implementation of the Filecoin protocol written in Go. BLS ...) + NOT-FOR-US: Lotus +CVE-2021-21404 (Syncthing is a continuous file synchronization program. In Syncthing b ...) + - syncthing 1.12.1~ds1-3 (bug #986593) + [buster] - syncthing <no-dsa> (Minor issue) + [stretch] - syncthing <postponed> (Minor issue; can be fixed in next update) + NOTE: https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h + NOTE: https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97 +CVE-2021-21403 (In github.com/kongchuanhujiao/server before version 1.3.21 there is an ...) + NOT-FOR-US: kongchuanhujiao +CVE-2021-21402 (Jellyfin is a Free Software Media System. In Jellyfin before version 1 ...) + NOT-FOR-US: Jellyfin +CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in ansi C. ...) + - nanopb 0.4.4-2 (bug #985844) + NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-7mv5-5mxh-qg88 + NOTE: https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261 +CVE-2021-21400 (wire-webapp is an open-source front end for Wire, a secure collaborati ...) + NOT-FOR-US: wire-webapp +CVE-2021-21399 (Ampache is a web based audio/video streaming application and file mana ...) + - ampache <removed> +CVE-2021-21398 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...) + NOT-FOR-US: PrestaShop +CVE-2021-21397 + RESERVED +CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure collaboratio ...) + NOT-FOR-US: wire-server +CVE-2021-21395 + RESERVED +CVE-2021-21394 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) + - matrix-synapse 1.28.0-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362 +CVE-2021-21393 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) + - matrix-synapse 1.28.0-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88 +CVE-2021-21392 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) + - matrix-synapse 1.28.0-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78 +CVE-2021-21391 (CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the f ...) + - ckeditor <unfixed> + [bullseye] - ckeditor <no-dsa> (Minor issue) + [buster] - ckeditor <no-dsa> (Minor issue) + [stretch] - ckeditor <not-affected> (Introduced in ckeditor5 rewrite) + NOTE: https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj +CVE-2021-21390 (MinIO is an open-source high performance object storage service and it ...) + NOT-FOR-US: MinIO +CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a community sit ...) + NOT-FOR-US: BuddyPress WordPress plugin +CVE-2021-21388 (systeminformation is an open source system and OS information library ...) + NOT-FOR-US: Node systeminformation +CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS an ...) + NOT-FOR-US: Wrongthink +CVE-2021-21386 (APKLeaks is an open-source project for scanning APK file for URIs, end ...) + NOT-FOR-US: APKLeaks +CVE-2021-21385 (Mifos-Mobile Android Application for MifosX is an Android Application ...) + NOT-FOR-US: Mifos-Mobile Android Application +CVE-2021-21384 (shescape is a simple shell escape package for JavaScript. In shescape ...) + NOT-FOR-US: shescape +CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js before versi ...) + NOT-FOR-US: Wiki.js +CVE-2021-21382 (Restund is an open source NAT traversal server. The restund TURN serve ...) + - restund <itp> (bug #804846) +CVE-2021-21380 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...) + - envoyproxy <itp> (bug #987544) +CVE-2021-21377 (OMERO.web is open source Django-based software for managing microscopy ...) + NOT-FOR-US: OMERO.web +CVE-2021-21376 (OMERO.web is open source Django-based software for managing microscopy ...) + NOT-FOR-US: OMERO.web +CVE-2021-21375 (PJSIP is a free and open source multimedia communication library writt ...) + {DLA-2665-1 DLA-2636-1} + - pjproject <removed> + - ring 20210112.2.b757bac~ds1-1 (bug #986815) + [buster] - ring 20190215.1.f152c98~ds1-1+deb10u1 + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp + NOTE: https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365 +CVE-2021-21374 (Nimble is a package manager for the Nim programming language. In Nim r ...) + - nim 1.4.6+really1.4.2-1 (bug #987272) + [buster] - nim <no-dsa> (Minor issue) + [stretch] - nim <postponed> (Minor issue; can be fixed in next update) + NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ + NOTE: Initially fixed in 1.4.6-1, but then reverted to 1.4.2 due to bullseye freeze +CVE-2021-21373 (Nimble is a package manager for the Nim programming language. In Nim r ...) + - nim 1.4.6+really1.4.2-1 (bug #987272) + [buster] - nim <no-dsa> (Minor issue) + [stretch] - nim <postponed> (Minor issue; can be fixed in next update) + NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ + NOTE: Initially fixed in 1.4.6-1, but then reverted to 1.4.2 due to bullseye freeze +CVE-2021-21372 (Nimble is a package manager for the Nim programming language. In Nim r ...) + - nim 1.4.6+really1.4.2-1 (bug #987272) + [buster] - nim <no-dsa> (Minor issue) + [stretch] - nim <postponed> (Minor issue; can be fixed in next update) + NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ + NOTE: Initially fixed in 1.4.6-1, but then reverted to 1.4.2 due to bullseye freeze +CVE-2021-21371 (Tenable for Jira Cloud is an open source project designed to pull Tena ...) + NOT-FOR-US: Tenable for Jira Cloud +CVE-2021-21370 (TYPO3 is an open source PHP based web content management system. In TY ...) + NOT-FOR-US: TYPO3 +CVE-2021-21369 (Hyperledger Besu is an open-source, MainNet compatible, Ethereum clien ...) + NOT-FOR-US: Hyperledger Besu +CVE-2021-21368 (msgpack5 is a msgpack v5 implementation for node.js and the browser. I ...) + NOT-FOR-US: Node msgpack5 +CVE-2021-21367 (Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and be ...) + NOT-FOR-US: Switchboard Bluetooth Plug for elementary OS +CVE-2021-21366 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...) + - node-xmldom 0.5.0-1 + [buster] - node-xmldom <no-dsa> (Minor issue) + NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv + NOTE: https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135 +CVE-2021-21365 (Bootstrap Package is a theme for TYPO3. It has been discovered that re ...) + NOT-FOR-US: Typo3 theme +CVE-2021-21364 (swagger-codegen is an open-source project which contains a template-dr ...) + - swagger-codegen <itp> (bug #950318) +CVE-2021-21363 (swagger-codegen is an open-source project which contains a template-dr ...) + - swagger-codegen <itp> (bug #950318) +CVE-2021-21362 (MinIO is an open-source high performance object storage service and it ...) + NOT-FOR-US: MinIO +CVE-2021-21361 (The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an inf ...) + NOT-FOR-US: gradle-vagrant-plugin +CVE-2021-21360 (Products.GenericSetup is a mini-framework for expressing the configure ...) + NOT-FOR-US: Products.GenericSetup +CVE-2021-21359 (TYPO3 is an open source PHP based web content management system. In TY ...) + NOT-FOR-US: TYPO3 +CVE-2021-21358 (TYPO3 is an open source PHP based web content management system. In TY ...) + NOT-FOR-US: TYPO3 +CVE-2021-21357 (TYPO3 is an open source PHP based web content management system. In TY ...) + NOT-FOR-US: TYPO3 +CVE-2021-21356 + RESERVED +CVE-2021-21355 (TYPO3 is an open source PHP based web content management system. In TY ...) + NOT-FOR-US: TYPO3 +CVE-2021-21354 (Pollbot is open source software which "frees its human masters from th ...) + NOT-FOR-US: Pollbot +CVE-2021-21353 (Pug is an npm package which is a high-performance template engine. In ...) + NOT-FOR-US: Node pug +CVE-2021-21352 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) + NOT-FOR-US: Anuko Time Tracker +CVE-2021-21351 (XStream is a Java library to serialize objects to XML and back again. ...) + {DLA-2616-1} + - libxstream-java 1.4.15-2 (bug #985843) + [buster] - libxstream-java 1.4.11.1-1+deb10u3 + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hrcp-8f3q-4w2c +CVE-2021-21350 (XStream is a Java library to serialize objects to XML and back again. ...) + {DLA-2616-1} + - libxstream-java 1.4.15-2 (bug #985843) + [buster] - libxstream-java 1.4.11.1-1+deb10u3 + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-43gc-mjxg-gvrq +CVE-2021-21349 (XStream is a Java library to serialize objects to XML and back again. ...) + {DLA-2616-1} + - libxstream-java 1.4.15-2 (bug #985843) + [buster] - libxstream-java 1.4.11.1-1+deb10u3 + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-f6hm-88x3-mfjv +CVE-2021-21348 (XStream is a Java library to serialize objects to XML and back again. ...) + {DLA-2616-1} + - libxstream-java 1.4.15-2 (bug #985843) + [buster] - libxstream-java 1.4.11.1-1+deb10u3 + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-56p8-3fh9-4cvq +CVE-2021-21347 (XStream is a Java library to serialize objects to XML and back again. ...) + {DLA-2616-1} + - libxstream-java 1.4.15-2 (bug #985843) + [buster] - libxstream-java 1.4.11.1-1+deb10u3 + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qpfq-ph7r-qv6f +CVE-2021-21346 (XStream is a Java library to serialize objects to XML and back again. ...) + {DLA-2616-1} + - libxstream-java 1.4.15-2 (bug #985843) + [buster] - libxstream-java 1.4.11.1-1+deb10u3 + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-4hrm-m67v-5cxr +CVE-2021-21345 (XStream is a Java library to serialize objects to XML and back again. ...) + {DLA-2616-1} + - libxstream-java 1.4.15-2 (bug #985843) + [buster] - libxstream-java 1.4.11.1-1+deb10u3 + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4 +CVE-2021-21344 (XStream is a Java library to serialize objects to XML and back again. ...) + {DLA-2616-1} + - libxstream-java 1.4.15-2 (bug #985843) + [buster] - libxstream-java 1.4.11.1-1+deb10u3 + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-59jw-jqf4-3wq3 +CVE-2021-21343 (XStream is a Java library to serialize objects to XML and back again. ...) + {DLA-2616-1} + - libxstream-java 1.4.15-2 (bug #985843) + [buster] - libxstream-java 1.4.11.1-1+deb10u3 + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-74cv-f58x-f9wf +CVE-2021-21342 (XStream is a Java library to serialize objects to XML and back again. ...) + {DLA-2616-1} + - libxstream-java 1.4.15-2 (bug #985843) + [buster] - libxstream-java 1.4.11.1-1+deb10u3 + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hvv8-336g-rx3m +CVE-2021-21341 (XStream is a Java library to serialize objects to XML and back again. ...) + {DLA-2616-1} + - libxstream-java 1.4.15-2 (bug #985843) + [buster] - libxstream-java 1.4.11.1-1+deb10u3 + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2p3x-qw9c-25hh +CVE-2021-21340 (TYPO3 is an open source PHP based web content management system. In TY ...) + NOT-FOR-US: TYPO3 +CVE-2021-21339 (TYPO3 is an open source PHP based web content management system. In TY ...) + NOT-FOR-US: TYPO3 +CVE-2021-21338 (TYPO3 is an open source PHP based web content management system. In TY ...) + NOT-FOR-US: TYPO3 +CVE-2021-21337 (Products.PluggableAuthService is a pluggable Zope authentication and a ...) + NOT-FOR-US: Products.PluggableAuthService +CVE-2021-21336 (Products.PluggableAuthService is a pluggable Zope authentication and a ...) + NOT-FOR-US: Products.PluggableAuthService +CVE-2021-21335 (In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-n ...) + NOT-FOR-US: Nginx addon for SPNEGO auth +CVE-2021-21334 (In containerd (an industry-standard container runtime) before versions ...) + - containerd 1.4.4~ds1-1 + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4 +CVE-2021-21333 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) + - matrix-synapse 1.27.0-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-c5f8-35qr-q4fm +CVE-2021-21332 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) + - matrix-synapse 1.27.0-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899 +CVE-2021-21331 (The Java client for the Datadog API before version 1.0.0-beta.9 has a ...) + NOT-FOR-US: Java client for Datadog API +CVE-2021-21330 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) + {DSA-4864-1} + - python-aiohttp 3.7.4-1 + [stretch] - python-aiohttp <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/aio-libs/aiohttp/issues/5497 + NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg + NOTE: https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25 + NOTE: https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b +CVE-2021-21329 (RATCF is an open-source framework for hosting Cyber-Security Capture t ...) + NOT-FOR-US: RATCF +CVE-2021-21328 (Vapor is a web framework for Swift. In Vapor before version 4.40.1, th ...) + NOT-FOR-US: Vapor +CVE-2021-21327 (GLPI is an open-source asset and IT management software package that p ...) + - glpi <removed> + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qmw7-w2m4-rjwp +CVE-2021-21326 (GLPI is an open-source asset and IT management software package that p ...) + - glpi <removed> + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-vmj9-cg56-p7wh +CVE-2021-21325 (GLPI is an open-source asset and IT management software package that p ...) + - glpi <removed> + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-m574-f3jw-pwrf +CVE-2021-21324 (GLPI is an open-source asset and IT management software package that p ...) + - glpi <removed> + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-jvwm-gq36-3v7v +CVE-2021-21323 (Brave is an open source web browser with a focus on privacy and securi ...) + - brave-browser <itp> (bug #864795) +CVE-2021-21322 (fastify-http-proxy is an npm package which is a fastify plugin for pro ...) + NOT-FOR-US: fastify-http-proxy +CVE-2021-21321 (fastify-reply-from is an npm package which is a fastify plugin to forw ...) + NOT-FOR-US: Node fastify-reply-from +CVE-2021-21320 (matrix-react-sdk is an npm package which is a Matrix SDK for React Jav ...) + NOT-FOR-US: Node matrix-react-sdk +CVE-2021-21319 (Galette is a membership management web application geared towards non ...) + - galette <removed> +CVE-2021-21318 (Opencast is a free, open-source platform to support the management of ...) + NOT-FOR-US: Opencast +CVE-2021-21317 (uap-core in an open-source npm package which contains the core of Brow ...) + NOT-FOR-US: Node uap-core +CVE-2021-21316 (less-openui5 is an npm package which enables building OpenUI5 themes w ...) + NOT-FOR-US: less-openui5 npm package +CVE-2021-21315 (The System Information Library for Node.JS (npm package "systeminforma ...) + NOT-FOR-US: Node systeminformation +CVE-2021-21314 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...) + - glpi <removed> + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2w7j-xgj7-3xgg +CVE-2021-21313 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...) + - glpi <removed> + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-h4hj-mrpg-xfgx +CVE-2021-21312 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...) + - glpi <removed> + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-c7f6-3mr7-3rq2 +CVE-2021-21311 (Adminer is an open-source database management in a single PHP file. In ...) + {DLA-2580-1} + - adminer 4.7.9-1 + [buster] - adminer <no-dsa> (Minor issue) + NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 + NOTE: https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 (v4.7.9) +CVE-2021-21310 (NextAuth.js (next-auth) is am open source authentication solution for ...) + NOT-FOR-US: NextAuth.js +CVE-2021-21309 (Redis is an open-source, in-memory database that persists on disk. In ...) + {DLA-2576-1} + - redis 5:6.0.11-1 (bug #983446) + [buster] - redis 5:5.0.3-4+deb10u3 + NOTE: https://github.com/redis/redis/pull/8522 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf +CVE-2021-21308 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...) + NOT-FOR-US: PrestaShop +CVE-2021-21307 (Lucee Server is a dynamic, Java based (JSR-223), tag and scripting lan ...) + NOT-FOR-US: Lucee Server +CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm package "ma ...) + - node-marked <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96 + NOTE: https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd +CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple and flex ...) + - ruby-carrierwave <unfixed> (bug #982551) + [buster] - ruby-carrierwave <no-dsa> (Minor issue) + [stretch] - ruby-carrierwave <ignored> (No reverse dependencies) + NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4 + NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7 +CVE-2021-21304 (Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dy ...) + NOT-FOR-US: Dynamoose +CVE-2021-21303 (Helm is open-source software which is essentially "The Kubernetes Pack ...) + - helm-kubernetes <itp> (bug #910799) +CVE-2021-21302 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...) + NOT-FOR-US: PrestaShop +CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (iPhone ...) + NOT-FOR-US: Wire +CVE-2021-21300 (Git is an open-source distributed revision control system. In affected ...) + - git 1:2.30.2-1 (bug #985120) + [buster] - git <no-dsa> (Minor issue) + [stretch] - git <no-dsa> (Minor issue) + NOTE: https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/ + NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?h=v2.30.2&id=684dd4c2b414bcf648505e74498a608f28de4592 +CVE-2021-21298 (Node-Red is a low-code programming for event-driven applications built ...) + NOT-FOR-US: Node-Red +CVE-2021-21297 (Node-Red is a low-code programming for event-driven applications built ...) + NOT-FOR-US: Node-Red +CVE-2021-21296 (Fleet is an open source osquery manager. In Fleet before version 3.7.0 ...) + NOT-FOR-US: Fleet +CVE-2021-21295 (Netty is an open-source, asynchronous event-driven network application ...) + {DSA-4885-1} + - netty 1:4.1.48-3 (bug #984948) + [stretch] - netty <ignored> (Minor issue, fix requires major changes of HTTP2 module) + NOTE: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj + NOTE: https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4 +CVE-2021-21294 (Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface f ...) + NOT-FOR-US: Http4s +CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines, with a f ...) + NOT-FOR-US: blaez +CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar before versi ...) + NOT-FOR-US: Traccar +CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file server th ...) + - oauth2-proxy <itp> (bug #982891) +CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network application ...) + {DSA-4885-1 DLA-2555-1} + - netty 1:4.1.48-2 (bug #982580) + NOTE: https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2 + NOTE: https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec +CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated web inte ...) + {DLA-2561-1} + - ruby-mechanize 2.7.7-1 + [buster] - ruby-mechanize 2.7.6-1+deb10u1 + NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g + NOTE: https://github.com/sparklemotion/mechanize/commit/aae0b13514a1a0caf93b1cf233733c50e679069a (v2.7.7) + NOTE: https://github.com/sparklemotion/mechanize/commit/2ac906b26f4a565a0af92df5fb9c8a36c2b75375 (v2.7.7) + NOTE: https://github.com/sparklemotion/mechanize/commit/f43a3952ab39341136656b0a8b2c8597ba1b4adc (v2.7.7) + NOTE: https://github.com/sparklemotion/mechanize/commit/b48b12f5db33c5a94a14dfcab8adf3e73cfa0388 (v2.7.7) + NOTE: https://github.com/sparklemotion/mechanize/commit/63f8779e49664d5e95fae8d42d04c8e373162b3c (v2.7.7) + NOTE: Test warnings fixup: https://github.com/sparklemotion/mechanize/commit/5b30aed33cbac9825e8978f8e36dd221cbd4c093 (v2.7.7) +CVE-2021-21288 (CarrierWave is an open-source RubyGem which provides a simple and flex ...) + - ruby-carrierwave 1.3.2-1 (bug #982552) + [buster] - ruby-carrierwave <no-dsa> (Minor issue) + [stretch] - ruby-carrierwave <ignored> (No reverse dependencies) + NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5 + NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0 +CVE-2021-21287 (MinIO is a High Performance Object Storage released under Apache Licen ...) + - minio <itp> (bug #859207) +CVE-2021-21286 (AVideo Platform is an open-source Audio and Video platform. It is simi ...) + NOT-FOR-US: AVideo Platform +CVE-2021-21285 (In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in ...) + {DSA-4865-1} + - docker.io 20.10.3+dfsg1-1 + NOTE: https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8 + NOTE: https://github.com/moby/moby/commit/420b1d36250f9cfdc561f086f25a213ecb669b6f (v19.03) +CVE-2021-21284 (In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in ...) + {DSA-4865-1} + - docker.io 20.10.3+dfsg1-1 + NOTE: https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc + NOTE: https://github.com/moby/moby/commit/1342c51d5e809d2994e6f7e490c8d2b3b12c28ae (v19.03) + NOTE: https://github.com/moby/moby/commit/5eff67a2c294b7e72607e0949ebc0de21710e4d3 (v19.03) + NOTE: https://github.com/moby/moby/commit/67de83e70bca92ae6a08e28a03b3fc8fcca9f3f1 (v19.03) +CVE-2021-21283 (Flarum is an open source discussion platform for websites. The "Flarum ...) + NOT-FOR-US: Flarum +CVE-2021-21282 (Contiki-NG is an open-source, cross-platform operating system for inte ...) + NOT-FOR-US: Contiki-NG +CVE-2021-21281 (Contiki-NG is an open-source, cross-platform operating system for inte ...) + NOT-FOR-US: Contiki-NG +CVE-2021-21280 (Contiki-NG is an open-source, cross-platform operating system for inte ...) + NOT-FOR-US: Contiki-NG +CVE-2021-21279 (Contiki-NG is an open-source, cross-platform operating system for inte ...) + NOT-FOR-US: Contiki-NG +CVE-2021-21278 (RSSHub is an open source, easy to use, and extensible RSS feed generat ...) + NOT-FOR-US: RSSHub +CVE-2021-21277 (angular-expressions is "angular's nicest part extracted as a standalon ...) + NOT-FOR-US: angular-expressions +CVE-2021-21276 (Polr is an open source URL shortener. in Polr before version 2.3.0, a ...) + NOT-FOR-US: Polr +CVE-2021-21275 (The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSR ...) + NOT-FOR-US: MediaWiki Report extention +CVE-2021-21274 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) + - matrix-synapse 1.25.0-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8 + NOTE: https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6 +CVE-2021-21273 (Synapse is a Matrix reference homeserver written in python (pypi packa ...) + - matrix-synapse 1.25.0-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-v936-j8gp-9q3p + NOTE: https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746 +CVE-2021-21272 (ORAS is open source software which enables a way to push OCI Artifacts ...) + NOT-FOR-US: ORAS +CVE-2021-21271 (Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middl ...) + NOT-FOR-US: Tendermint +CVE-2021-21270 (OctopusDSC is a PowerShell module with DSC resources that can be used ...) + NOT-FOR-US: OctopusDSC +CVE-2021-21269 (Keymaker is a Mastodon Community Finder based Matrix Community serverl ...) + NOT-FOR-US: Keymaker +CVE-2021-21268 + RESERVED +CVE-2021-21267 (Schema-Inspector is an open-source tool to sanitize and validate JS ob ...) + NOT-FOR-US: Node schema-inspector +CVE-2021-21266 (openHAB is a vendor and technology agnostic open source automation sof ...) + NOT-FOR-US: openHAB +CVE-2021-21265 (October is a free, open-source, self-hosted CMS platform based on the ...) + NOT-FOR-US: October CMS +CVE-2021-21264 (October is a free, open-source, self-hosted CMS platform based on the ...) + NOT-FOR-US: October CMS +CVE-2021-21262 + RESERVED +CVE-2021-21260 (Online Invoicing System (OIS) is open source software which is a lean ...) + NOT-FOR-US: Online Invoicing System (OIS) +CVE-2021-21259 (HedgeDoc is open source software which lets you create real-time colla ...) + NOT-FOR-US: HedgeDoc +CVE-2021-21258 (GLPI is an open-source asset and IT management software package that p ...) + - glpi <removed> + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-j4xj-4qmc-mmmx + NOTE: https://github.com/glpi-project/glpi/commit/e7802fc051696de1f76108ea8dc3bd4e2c880f15 +CVE-2021-21257 (Contiki-NG is an open-source, cross-platform operating system for inte ...) + NOT-FOR-US: Contiki-NG +CVE-2021-21256 + RESERVED +CVE-2021-21255 (GLPI is an open-source asset and IT management software package that p ...) + - glpi <removed> + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-v3m5-r3mx-ff9j + NOTE: https://github.com/glpi-project/glpi/commit/aade65b7f67d46f23d276a8acb0df70651c3b1dc +CVE-2021-21254 (CKEditor 5 is an open source rich text editor framework with a modular ...) + NOT-FOR-US: CKEditor 5 Markdown plugin +CVE-2021-21253 (OnlineVotingSystem is an open source project hosted on GitHub. OnlineV ...) + NOT-FOR-US: OnlineVotingSystem +CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for your exis ...) + - civicrm <unfixed> (bug #980892) + [bullseye] - civicrm <no-dsa> (Minor issue) + - otrs2 6.0.32-4 (bug #980891) + [buster] - otrs2 <ignored> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) + - phpmyadmin 4:5.0.4+dfsg2-2 + [stretch] - phpmyadmin <no-dsa> (Minor issue; barely an issue in the phpmyadmin package) + NOTE: https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm + NOTE: not packaged, but civicrm, otrs2, and phpmyadmin embed a copy + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/401eedd288c4e83d69287b97a9f574f231156171 +CVE-2021-21251 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) + NOT-FOR-US: OneDev +CVE-2021-21250 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) + NOT-FOR-US: OneDev +CVE-2021-21249 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) + NOT-FOR-US: OneDev +CVE-2021-21248 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) + NOT-FOR-US: OneDev +CVE-2021-21247 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) + NOT-FOR-US: OneDev +CVE-2021-21246 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) + NOT-FOR-US: OneDev +CVE-2021-21245 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) + NOT-FOR-US: OneDev +CVE-2021-21244 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) + NOT-FOR-US: OneDev +CVE-2021-21243 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) + NOT-FOR-US: OneDev +CVE-2021-21242 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...) + NOT-FOR-US: OneDev +CVE-2021-21241 (The Python "Flask-Security-Too" package is used for adding security fe ...) + - flask-security 4.0.0-1 (bug #980189) + [buster] - flask-security <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-hh7m-rx4f-4vpv + NOTE: https://github.com/Flask-Middleware/flask-security/issues/421 + NOTE: https://github.com/Flask-Middleware/flask-security/pull/422 + NOTE: https://github.com/Flask-Middleware/flask-security/commit/c05afe837e83f20f59c0fb409ce1240341d1ec41 (master) + NOTE: https://github.com/Flask-Middleware/flask-security/commit/61d313150b5f620d0b800896c4f2199005e84b1f (3.4.5) +CVE-2021-21240 (httplib2 is a comprehensive HTTP client library for Python. In httplib ...) + - python-httplib2 0.20.2-1 (bug #982738) + [bullseye] - python-httplib2 <no-dsa> (Minor issue) + [buster] - python-httplib2 <no-dsa> (Minor issue) + [stretch] - python-httplib2 <no-dsa> (Minor issue) + NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m + NOTE: https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc (v0.19.0) + NOTE: https://github.com/httplib2/httplib2/pull/182 +CVE-2021-21239 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...) + {DLA-2577-1} + - python-pysaml2 6.5.1-1 (bug #980772) + NOTE: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62 + NOTE: https://github.com/IdentityPython/pysaml2/commit/751dbf50a51131b13d55989395f9b115045f9737 +CVE-2021-21238 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...) + - python-pysaml2 6.5.1-1 (bug #980773) + [stretch] - python-pysaml2 <ignored> (python3-xmlschema not available in stretch for fix) + NOTE: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9 + NOTE: https://github.com/IdentityPython/pysaml2/commit/3b707723dcf1bf60677b424aac398c0c3557641d +CVE-2021-21237 (Git LFS is a command line extension for managing large files with Git. ...) + - git-lfs <not-affected> (Windows-specific) + NOTE: https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5 +CVE-2021-21236 (CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter base ...) + - cairosvg 2.5.0-1.1 (bug #979597) + [buster] - cairosvg <not-affected> (Vulnerable code introduced in 2.0.0rc6) + [stretch] - cairosvg <not-affected> (Vulnerable code introduced in 2.0.0rc6) + NOTE: https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf + NOTE: Introduced by: https://github.com/Kozea/CairoSVG/commit/4f14d2e8f2d7f9b534c5342e26519b7c27386a81 + NOTE: Fixed by: https://github.com/Kozea/CairoSVG/commit/063185b60588a41d4df661ad70f9f7b699901abc (2.5.1) +CVE-2021-21235 (kamadak-exif is an exif parsing library written in pure Rust. In kamad ...) + - rust-kamadak-exif <unfixed> (bug #985309) + NOTE: https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2 +CVE-2021-21234 (spring-boot-actuator-logview in a library that adds a simple logfile v ...) + NOT-FOR-US: Spring actuator logview +CVE-2021-21233 (Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90. ...) + {DSA-4911-1} + - chromium 90.0.4430.93-1 (bug #987715) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21232 (Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 all ...) + {DSA-4911-1} + - chromium 90.0.4430.93-1 (bug #987715) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21231 (Insufficient data validation in V8 in Google Chrome prior to 90.0.4430 ...) + {DSA-4911-1} + - chromium 90.0.4430.93-1 (bug #987715) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21230 (Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a ...) + {DSA-4911-1} + - chromium 90.0.4430.93-1 (bug #987715) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21229 (Incorrect security UI in downloads in Google Chrome on Android prior t ...) + {DSA-4911-1} + - chromium 90.0.4430.93-1 (bug #987715) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21228 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) + {DSA-4911-1} + - chromium 90.0.4430.93-1 (bug #987715) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21227 (Insufficient data validation in V8 in Google Chrome prior to 90.0.4430 ...) + {DSA-4911-1} + - chromium 90.0.4430.93-1 (bug #987715) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21226 (Use after free in navigation in Google Chrome prior to 90.0.4430.85 al ...) + {DSA-4906-1} + - chromium 90.0.4430.85-1 (bug #987358) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21225 (Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430. ...) + {DSA-4906-1} + - chromium 90.0.4430.85-1 (bug #987358) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21224 (Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a ...) + {DSA-4906-1} + - chromium 90.0.4430.85-1 (bug #987358) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21223 (Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowe ...) + {DSA-4906-1} + - chromium 90.0.4430.85-1 (bug #987358) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21222 (Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allo ...) + {DSA-4906-1} + - chromium 90.0.4430.85-1 (bug #987358) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21221 (Insufficient validation of untrusted input in Mojo in Google Chrome pr ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21220 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...) + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21219 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21218 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21217 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21216 (Inappropriate implementation in Autofill in Google Chrome prior to 90. ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21215 (Inappropriate implementation in Autofill in Google Chrome prior to 90. ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21214 (Use after free in Network API in Google Chrome prior to 90.0.4430.72 a ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21213 (Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allow ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21212 (Incorrect security UI in Network Config UI in Google Chrome on ChromeO ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21211 (Inappropriate implementation in Navigation in Google Chrome on iOS pri ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21210 (Inappropriate implementation in Network in Google Chrome prior to 90.0 ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21209 (Inappropriate implementation in storage in Google Chrome prior to 90.0 ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21208 (Insufficient data validation in QR scanner in Google Chrome on iOS pri ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21207 (Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 all ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21206 (Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowe ...) + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21205 (Insufficient policy enforcement in navigation in Google Chrome on iOS ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21204 (Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21203 (Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21202 (Use after free in extensions in Google Chrome prior to 90.0.4430.72 al ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21201 (Use after free in permissions in Google Chrome prior to 90.0.4430.72 a ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21200 + RESERVED +CVE-2021-21199 (Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.11 ...) + {DSA-4886-1} + - chromium 89.0.4389.114-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21198 (Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allo ...) + {DSA-4886-1} + - chromium 89.0.4389.114-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21197 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.1 ...) + {DSA-4886-1} + - chromium 89.0.4389.114-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21196 (Heap buffer overflow in TabStrip in Google Chrome on Windows prior to ...) + {DSA-4886-1} + - chromium 89.0.4389.114-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21195 (Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a ...) + {DSA-4886-1} + - chromium 89.0.4389.114-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21194 (Use after free in screen sharing in Google Chrome prior to 89.0.4389.1 ...) + {DSA-4886-1} + - chromium 89.0.4389.114-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21193 (Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed ...) + {DSA-4886-1} + - chromium 89.0.4389.90-1 (bug #985142) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21192 (Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389 ...) + {DSA-4886-1} + - chromium 89.0.4389.90-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21191 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowe ...) + {DSA-4886-1} + - chromium 89.0.4389.90-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21190 (Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 al ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21189 (Insufficient policy enforcement in payments in Google Chrome prior to ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21188 (Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21187 (Insufficient data validation in URL formatting in Google Chrome prior ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21186 (Insufficient policy enforcement in QR scanning in Google Chrome on iOS ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21185 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21184 (Inappropriate implementation in performance APIs in Google Chrome prio ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21183 (Inappropriate implementation in performance APIs in Google Chrome prio ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21182 (Insufficient policy enforcement in navigations in Google Chrome prior ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21181 (Side-channel information leakage in autofill in Google Chrome prior to ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21180 (Use after free in tab search in Google Chrome prior to 89.0.4389.72 al ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21179 (Use after free in Network Internals in Google Chrome on Linux prior to ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21178 (Inappropriate implementation in Compositing in Google Chrome on Linux ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21177 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21176 (Inappropriate implementation in full screen mode in Google Chrome prio ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21175 (Inappropriate implementation in Site isolation in Google Chrome prior ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21174 (Inappropriate implementation in Referrer in Google Chrome prior to 89. ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21173 (Side-channel information leakage in Network Internals in Google Chrome ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21172 (Insufficient policy enforcement in File System API in Google Chrome on ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21171 (Incorrect security UI in TabStrip and Navigation in Google Chrome on A ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21170 (Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21169 (Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389. ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21168 (Insufficient policy enforcement in appcache in Google Chrome prior to ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21167 (Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 all ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21166 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21165 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21164 (Insufficient data validation in Chrome on iOS in Google Chrome on iOS ...) + - chromium <not-affected> (MacOS specific) +CVE-2021-21163 (Insufficient data validation in Reader Mode in Google Chrome on iOS pr ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21162 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowe ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21161 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21160 (Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.7 ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21159 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...) + {DSA-4886-1} + - chromium 89.0.4389.82-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21158 + RESERVED + - chromium <not-affected> (MacOS specific) +CVE-2021-21157 (Use after free in Web Sockets in Google Chrome on Linux prior to 88.0. ...) + {DSA-4858-1} + - chromium 88.0.4324.182-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21156 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 all ...) + {DSA-4858-1} + - chromium 88.0.4324.182-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21155 (Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to ...) + {DSA-4858-1} + - chromium 88.0.4324.182-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21154 (Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324. ...) + {DSA-4858-1} + - chromium 88.0.4324.182-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21153 (Stack buffer overflow in GPU Process in Google Chrome on Linux prior t ...) + {DSA-4858-1} + - chromium 88.0.4324.182-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21152 (Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0. ...) + {DSA-4858-1} + - chromium 88.0.4324.182-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21151 (Use after free in Payments in Google Chrome prior to 88.0.4324.182 all ...) + {DSA-4858-1} + - chromium 88.0.4324.182-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21150 (Use after free in Downloads in Google Chrome on Windows prior to 88.0. ...) + {DSA-4858-1} + - chromium 88.0.4324.182-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21149 (Stack buffer overflow in Data Transfer in Google Chrome on Linux prior ...) + {DSA-4858-1} + - chromium 88.0.4324.182-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21148 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 all ...) + {DSA-4858-1} + - chromium 88.0.4324.150-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21147 (Inappropriate implementation in Skia in Google Chrome prior to 88.0.43 ...) + {DSA-4846-1} + - chromium 88.0.4324.146-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21146 (Use after free in Navigation in Google Chrome prior to 88.0.4324.146 a ...) + {DSA-4846-1} + - chromium 88.0.4324.146-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21145 (Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowe ...) + {DSA-4846-1} + - chromium 88.0.4324.146-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21144 (Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324 ...) + {DSA-4846-1} + - chromium 88.0.4324.146-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21143 (Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324 ...) + {DSA-4846-1} + - chromium 88.0.4324.146-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21142 (Use after free in Payments in Google Chrome on Mac prior to 88.0.4324. ...) + {DSA-4846-1} + - chromium 88.0.4324.146-1 + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21141 (Insufficient policy enforcement in File System API in Google Chrome pr ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21140 (Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowe ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21139 (Inappropriate implementation in iframe sandbox in Google Chrome prior ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21138 (Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allo ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21137 (Inappropriate implementation in DevTools in Google Chrome prior to 88. ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21136 (Insufficient policy enforcement in WebView in Google Chrome on Android ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21135 (Inappropriate implementation in Performance API in Google Chrome prior ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21134 (Incorrect security UI in Page Info in Google Chrome on iOS prior to 88 ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21133 (Insufficient policy enforcement in Downloads in Google Chrome prior to ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21132 (Inappropriate implementation in DevTools in Google Chrome prior to 88. ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21131 (Insufficient policy enforcement in File System API in Google Chrome pr ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21130 (Insufficient policy enforcement in File System API in Google Chrome pr ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21129 (Insufficient policy enforcement in File System API in Google Chrome pr ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21128 (Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 a ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21127 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21126 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21125 (Insufficient policy enforcement in File System API in Google Chrome on ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21124 (Potential user after free in Speech Recognizer in Google Chrome on And ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21123 (Insufficient data validation in File System API in Google Chrome prior ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21122 (Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21121 (Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324 ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21120 (Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowe ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21119 (Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21118 (Insufficient data validation in V8 in Google Chrome prior to 88.0.4324 ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21117 (Insufficient policy enforcement in Cryptohome in Google Chrome prior t ...) + {DSA-4846-1} + - chromium 88.0.4324.96-0.1 (bug #980564) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21116 (Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 ...) + {DSA-4832-1} + - chromium 87.0.4280.141-0.1 (bug #979533) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21115 (User after free in safe browsing in Google Chrome prior to 87.0.4280.1 ...) + {DSA-4832-1} + - chromium 87.0.4280.141-0.1 (bug #979533) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21114 (Use after free in audio in Google Chrome prior to 87.0.4280.141 allowe ...) + {DSA-4832-1} + - chromium 87.0.4280.141-0.1 (bug #979533) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21113 (Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 a ...) + {DSA-4832-1} + - chromium 87.0.4280.141-0.1 (bug #979533) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21112 (Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowe ...) + {DSA-4832-1} + - chromium 87.0.4280.141-0.1 (bug #979533) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21111 (Insufficient policy enforcement in WebUI in Google Chrome prior to 87. ...) + {DSA-4832-1} + - chromium 87.0.4280.141-0.1 (bug #979533) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21110 (Use after free in safe browsing in Google Chrome prior to 87.0.4280.14 ...) + {DSA-4832-1} + - chromium 87.0.4280.141-0.1 (bug #979533) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21109 (Use after free in payments in Google Chrome prior to 87.0.4280.141 all ...) + {DSA-4832-1} + - chromium 87.0.4280.141-0.1 (bug #979533) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21108 (Use after free in media in Google Chrome prior to 87.0.4280.141 allowe ...) + {DSA-4832-1} + - chromium 87.0.4280.141-0.1 (bug #979533) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21107 (Use after free in drag and drop in Google Chrome on Linux prior to 87. ...) + {DSA-4832-1} + - chromium 87.0.4280.141-0.1 (bug #979533) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21106 (Use after free in autofill in Google Chrome prior to 87.0.4280.141 all ...) + {DSA-4832-1} + - chromium 87.0.4280.141-0.1 (bug #979533) + [stretch] - chromium <end-of-life> (see DSA 4562) +CVE-2021-21105 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...) + NOT-FOR-US: Adobe +CVE-2021-21104 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...) + NOT-FOR-US: Adobe +CVE-2021-21103 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...) + NOT-FOR-US: Adobe +CVE-2021-21102 (Adobe Illustrator version 25.2 (and earlier) is affected by a Path Tra ...) + NOT-FOR-US: Adobe +CVE-2021-21101 (Adobe Illustrator version 25.2 (and earlier) is affected by an Out-of- ...) + NOT-FOR-US: Adobe +CVE-2021-21100 (Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected ...) + NOT-FOR-US: Adobe +CVE-2021-21099 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-21098 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-21097 + RESERVED +CVE-2021-21096 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2021-21095 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2021-21094 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2021-21093 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2021-21092 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2021-21091 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2021-21090 (Adobe InCopy version 16.0 (and earlier) is affected by an path travers ...) + NOT-FOR-US: Adobe +CVE-2021-21089 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Acrobat +CVE-2021-21088 + RESERVED +CVE-2021-21087 (Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 1 ...) + NOT-FOR-US: Adobe +CVE-2021-21086 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21085 (Adobe Connect version 11.0.7 (and earlier) is affected by an Input Val ...) + NOT-FOR-US: Adobe +CVE-2021-21084 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...) + NOT-FOR-US: Adobe +CVE-2021-21083 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...) + NOT-FOR-US: Adobe +CVE-2021-21082 (Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2021-21081 + RESERVED +CVE-2021-21080 (Adobe Connect version 11.0.7 (and earlier) is affected by a reflected ...) + NOT-FOR-US: Adobe +CVE-2021-21079 (Adobe Connect version 11.0.7 (and earlier) is affected by a reflected ...) + NOT-FOR-US: Adobe +CVE-2021-21078 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...) + NOT-FOR-US: Adobe +CVE-2021-21077 (Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based ...) + NOT-FOR-US: Adobe +CVE-2021-21076 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-21075 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-21074 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-21073 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-21072 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-21071 (Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Cor ...) + NOT-FOR-US: Adobe +CVE-2021-21070 (Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncont ...) + NOT-FOR-US: Adobe +CVE-2021-21069 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...) + NOT-FOR-US: Adobe +CVE-2021-21068 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...) + NOT-FOR-US: Adobe +CVE-2021-21067 (Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2021-21066 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...) + NOT-FOR-US: Adobe +CVE-2021-21065 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...) + NOT-FOR-US: Adobe +CVE-2021-21064 (Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path t ...) + NOT-FOR-US: Magento +CVE-2021-21063 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21062 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21061 (Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.00 ...) + NOT-FOR-US: Adobe +CVE-2021-21060 (Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.3 ...) + NOT-FOR-US: Adobe +CVE-2021-21059 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21058 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21057 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21056 (Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out- ...) + NOT-FOR-US: Adobe +CVE-2021-21055 (Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) i ...) + NOT-FOR-US: Adobe +CVE-2021-21054 (Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of- ...) + NOT-FOR-US: Adobe +CVE-2021-21053 (Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of- ...) + NOT-FOR-US: Adobe +CVE-2021-21052 (Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-21051 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2021-21050 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2021-21049 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2021-21048 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2021-21047 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2021-21046 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21045 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21044 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross ...) + NOT-FOR-US: Adobe +CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.3001 ...) + NOT-FOR-US: Adobe +CVE-2021-21041 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21040 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21039 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21038 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21037 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21036 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21035 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21034 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21033 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21032 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21031 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21030 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21029 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21028 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21027 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21026 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21025 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21024 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21023 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21022 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21021 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21020 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21019 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21018 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21017 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-21016 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21015 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21014 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Magento +CVE-2021-21013 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Adobe +CVE-2021-21012 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...) + NOT-FOR-US: Adobe +CVE-2021-21011 (Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2021-21010 (InCopy version 15.1.1 (and earlier) for Windows is affected by an unco ...) + NOT-FOR-US: Adobe +CVE-2021-21009 (Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and ear ...) + NOT-FOR-US: Adobe +CVE-2021-21008 (Adobe Animate version 21.0 (and earlier) is affected by an uncontrolle ...) + NOT-FOR-US: Adobe +CVE-2021-21007 (Adobe Illustrator version 25.0 (and earlier) is affected by an uncontr ...) + NOT-FOR-US: Adobe +CVE-2021-21006 (Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffe ...) + NOT-FOR-US: Adobe +CVE-2021-21005 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...) + NOT-FOR-US: Phoenix Contact FL SWITCH SMCS series products +CVE-2021-21004 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...) + NOT-FOR-US: Phoenix Contact FL SWITCH SMCS series products +CVE-2021-21003 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...) + NOT-FOR-US: Phoenix Contact FL SWITCH SMCS series products +CVE-2021-21002 (In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Mo ...) + NOT-FOR-US: Phoenix Contact FL COMSERVER UNI +CVE-2021-21001 (On WAGO PFC200 devices in different firmware versions with special cra ...) + NOT-FOR-US: WAGO +CVE-2021-21000 (On WAGO PFC200 devices in different firmware versions with special cra ...) + NOT-FOR-US: WAGO +CVE-2021-20999 (In Weidmüller u-controls and IoT-Gateways in versions up to 1.12. ...) + NOT-FOR-US: Weidmueller u-controls and IoT Gateways +CVE-2021-20998 (In multiple managed switches by WAGO in different versions without aut ...) + NOT-FOR-US: WAGO +CVE-2021-20997 (In multiple managed switches by WAGO in different versions it is possi ...) + NOT-FOR-US: WAGO +CVE-2021-20996 (In multiple managed switches by WAGO in different versions special cra ...) + NOT-FOR-US: WAGO +CVE-2021-20995 (In multiple managed switches by WAGO in different versions the webserv ...) + NOT-FOR-US: WAGO +CVE-2021-20994 (In multiple managed switches by WAGO in different versions an attacker ...) + NOT-FOR-US: WAGO +CVE-2021-20993 (In multiple managed switches by WAGO in different versions the activat ...) + NOT-FOR-US: WAGO +CVE-2021-20992 (In Fibaro Home Center 2 and Lite devices in all versions provide a web ...) + NOT-FOR-US: Fibaro Home Center +CVE-2021-20991 (In Fibaro Home Center 2 and Lite devices with firmware version 4.540 a ...) + NOT-FOR-US: Fibaro Home Center +CVE-2021-20990 (In Fibaro Home Center 2 and Lite devices with firmware version 4.600 a ...) + NOT-FOR-US: Fibaro Home Center +CVE-2021-20989 (Fibaro Home Center 2 and Lite devices with firmware version 4.600 and ...) + NOT-FOR-US: Fibaro Home Center +CVE-2021-20988 (In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet ...) + NOT-FOR-US: Hilscher rcX RTOS +CVE-2021-20987 (A denial of service and memory corruption vulnerability was found in H ...) + NOT-FOR-US: Hilscher EtherNet/IP Core +CVE-2021-20986 (A Denial of Service vulnerability was found in Hilscher PROFINET IO De ...) + NOT-FOR-US: Hilscher +CVE-2021-20985 + RESERVED +CVE-2021-20984 + RESERVED +CVE-2021-20983 + RESERVED +CVE-2021-20982 + RESERVED +CVE-2021-20981 + RESERVED +CVE-2021-20980 + RESERVED +CVE-2021-20979 + RESERVED +CVE-2021-20978 + RESERVED +CVE-2021-20977 + RESERVED +CVE-2021-20976 + RESERVED +CVE-2021-20975 + RESERVED +CVE-2021-20974 + RESERVED +CVE-2021-20973 + RESERVED +CVE-2021-20972 + RESERVED +CVE-2021-20971 + RESERVED +CVE-2021-20970 + RESERVED +CVE-2021-20969 + RESERVED +CVE-2021-20968 + RESERVED +CVE-2021-20967 + RESERVED +CVE-2021-20966 + RESERVED +CVE-2021-20965 + RESERVED +CVE-2021-20964 + RESERVED +CVE-2021-20963 + RESERVED +CVE-2021-20962 + RESERVED +CVE-2021-20961 + RESERVED +CVE-2021-20960 + RESERVED +CVE-2021-20959 + RESERVED +CVE-2021-20958 + RESERVED +CVE-2021-20957 + RESERVED +CVE-2021-20956 + RESERVED +CVE-2021-20955 + RESERVED +CVE-2021-20954 + RESERVED +CVE-2021-20953 + RESERVED +CVE-2021-20952 + RESERVED +CVE-2021-20951 + RESERVED +CVE-2021-20950 + RESERVED +CVE-2021-20949 + RESERVED +CVE-2021-20948 + RESERVED +CVE-2021-20947 + RESERVED +CVE-2021-20946 + RESERVED +CVE-2021-20945 + RESERVED +CVE-2021-20944 + RESERVED +CVE-2021-20943 + RESERVED +CVE-2021-20942 + RESERVED +CVE-2021-20941 + RESERVED +CVE-2021-20940 + RESERVED +CVE-2021-20939 + RESERVED +CVE-2021-20938 + RESERVED +CVE-2021-20937 + RESERVED +CVE-2021-20936 + RESERVED +CVE-2021-20935 + RESERVED +CVE-2021-20934 + RESERVED +CVE-2021-20933 + RESERVED +CVE-2021-20932 + RESERVED +CVE-2021-20931 + RESERVED +CVE-2021-20930 + RESERVED +CVE-2021-20929 + RESERVED +CVE-2021-20928 + RESERVED +CVE-2021-20927 + RESERVED +CVE-2021-20926 + RESERVED +CVE-2021-20925 + RESERVED +CVE-2021-20924 + RESERVED +CVE-2021-20923 + RESERVED +CVE-2021-20922 + RESERVED +CVE-2021-20921 + RESERVED +CVE-2021-20920 + RESERVED +CVE-2021-20919 + RESERVED +CVE-2021-20918 + RESERVED +CVE-2021-20917 + RESERVED +CVE-2021-20916 + RESERVED +CVE-2021-20915 + RESERVED +CVE-2021-20914 + RESERVED +CVE-2021-20913 + RESERVED +CVE-2021-20912 + RESERVED +CVE-2021-20911 + RESERVED +CVE-2021-20910 + RESERVED +CVE-2021-20909 + RESERVED +CVE-2021-20908 + RESERVED +CVE-2021-20907 + RESERVED +CVE-2021-20906 + RESERVED +CVE-2021-20905 + RESERVED +CVE-2021-20904 + RESERVED +CVE-2021-20903 + RESERVED +CVE-2021-20902 + RESERVED +CVE-2021-20901 + RESERVED +CVE-2021-20900 + RESERVED +CVE-2021-20899 + RESERVED +CVE-2021-20898 + RESERVED +CVE-2021-20897 + RESERVED +CVE-2021-20896 + RESERVED +CVE-2021-20895 + RESERVED +CVE-2021-20894 + RESERVED +CVE-2021-20893 + RESERVED +CVE-2021-20892 + RESERVED +CVE-2021-20891 + RESERVED +CVE-2021-20890 + RESERVED +CVE-2021-20889 + RESERVED +CVE-2021-20888 + RESERVED +CVE-2021-20887 + RESERVED +CVE-2021-20886 + RESERVED +CVE-2021-20885 + RESERVED +CVE-2021-20884 + RESERVED +CVE-2021-20883 + RESERVED +CVE-2021-20882 + RESERVED +CVE-2021-20881 + RESERVED +CVE-2021-20880 + RESERVED +CVE-2021-20879 + RESERVED +CVE-2021-20878 + RESERVED +CVE-2021-20877 (Cross-site scripting vulnerability in Canon laser printers and small o ...) + NOT-FOR-US: Canon printer firmware +CVE-2021-20876 (Path traversal vulnerability in GroupSession Free edition ver5.1.1 and ...) + NOT-FOR-US: GroupSession +CVE-2021-20875 (Open redirect vulnerability in GroupSession Free edition ver5.1.1 and ...) + NOT-FOR-US: GroupSession +CVE-2021-20874 (Incorrect permission assignment for critical resource vulnerability in ...) + NOT-FOR-US: GroupSession +CVE-2021-20873 (Yappli is an application development platform which provides the funct ...) + NOT-FOR-US: Yappli +CVE-2021-20872 (Protection mechanism failure vulnerability in KONICA MINOLTA bizhub se ...) + NOT-FOR-US: KONICA MINOLTA +CVE-2021-20871 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) + NOT-FOR-US: KONICA MINOLTA +CVE-2021-20870 (Improper handling of exceptional conditions vulnerability in KONICA MI ...) + NOT-FOR-US: KONICA MINOLTA +CVE-2021-20869 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) + NOT-FOR-US: KONICA MINOLTA +CVE-2021-20868 (Incorrect authorization vulnerability in KONICA MINOLTA bizhub series ...) + NOT-FOR-US: KONICA MINOLTA +CVE-2021-20867 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...) + NOT-FOR-US: WordPress plugin +CVE-2021-20866 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...) + NOT-FOR-US: WordPress plugin +CVE-2021-20865 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...) + NOT-FOR-US: WordPress plugin +CVE-2021-20864 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2 ...) + NOT-FOR-US: ELECOM +CVE-2021-20863 (OS command injection vulnerability in ELECOM routers (WRC-1167GST2 fir ...) + NOT-FOR-US: ELECOM +CVE-2021-20862 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2 ...) + NOT-FOR-US: ELECOM +CVE-2021-20861 (Improper access control vulnerability in ELECOM LAN routers (WRC-1167G ...) + NOT-FOR-US: ELECOM +CVE-2021-20860 (Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers ...) + NOT-FOR-US: ELECOM +CVE-2021-20859 (ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST ...) + NOT-FOR-US: ELECOM +CVE-2021-20858 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...) + NOT-FOR-US: ELECOM +CVE-2021-20857 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...) + NOT-FOR-US: ELECOM +CVE-2021-20856 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...) + NOT-FOR-US: ELECOM +CVE-2021-20855 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...) + NOT-FOR-US: ELECOM +CVE-2021-20854 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...) + NOT-FOR-US: ELECOM +CVE-2021-20853 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...) + NOT-FOR-US: ELECOM +CVE-2021-20852 (Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmwa ...) + NOT-FOR-US: ELECOM +CVE-2021-20851 (Cross-site request forgery (CSRF) vulnerability in Browser and Operati ...) + NOT-FOR-US: WordPress plugin +CVE-2021-20850 (PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and ea ...) + NOT-FOR-US: PowerCMS +CVE-2021-20849 + RESERVED +CVE-2021-20848 (Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 a ...) + NOT-FOR-US: rwtxt +CVE-2021-20847 (Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G ...) + NOT-FOR-US: Wi-Fi STATION SH-52A +CVE-2021-20846 (Cross-site request forgery (CSRF) vulnerability in Push Notifications ...) + NOT-FOR-US: WordPress plugin +CVE-2021-20845 (Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap G ...) + NOT-FOR-US: Unlimited Sitemap Generator +CVE-2021-20844 (Improper neutralization of HTTP request headers for scripting syntax v ...) + NOT-FOR-US: RTX830 +CVE-2021-20843 (Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev ...) + NOT-FOR-US: RTX830 +CVE-2021-20842 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2. ...) + NOT-FOR-US: EC-CUBE +CVE-2021-20841 (Improper access control in Management screen of EC-CUBE 2 series 2.11. ...) + NOT-FOR-US: EC-CUBE +CVE-2021-20840 (Cross-site scripting vulnerability in Booking Package - Appointment Bo ...) + NOT-FOR-US: Booking Package - Appointment Booking Calendar System +CVE-2021-20839 (Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and e ...) + NOT-FOR-US: Office Server Document Converter +CVE-2021-20838 (Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and e ...) + NOT-FOR-US: Office Server Document Converter +CVE-2021-20837 (Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Typ ...) + - movabletype-opensource <removed> +CVE-2021-20836 (Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0 ...) + NOT-FOR-US: CX-Supervisor +CVE-2021-20835 (Improper authorization in handler for custom URL scheme vulnerability ...) + NOT-FOR-US: Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' +CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability ...) + NOT-FOR-US: Nike App +CVE-2021-20833 (The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not ...) + NOT-FOR-US: SNKRDUNK Market Place App +CVE-2021-20832 (InBody App for iOS versions prior to 2.3.30 and InBody App for Android ...) + NOT-FOR-US: InBody App +CVE-2021-20831 (Cross-site request forgery (CSRF) vulnerability in OG Tags versions pr ...) + NOT-FOR-US: OG Tags (WordPress plugin) +CVE-2021-20830 + RESERVED +CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag sanitizat ...) + NOT-FOR-US: GROWI +CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch Change Plug-i ...) + NOT-FOR-US: EC-CUBE plugin +CVE-2021-20827 (Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Serie ...) + NOT-FOR-US: IDEC +CVE-2021-20826 (Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A ...) + NOT-FOR-US: IDEC +CVE-2021-20825 (Cross-site scripting vulnerability in List (order management) item cha ...) + NOT-FOR-US: EC-CUBE plugin +CVE-2021-20824 + RESERVED +CVE-2021-20823 + RESERVED +CVE-2021-20822 + RESERVED +CVE-2021-20821 + RESERVED +CVE-2021-20820 + RESERVED +CVE-2021-20819 + RESERVED +CVE-2021-20818 + RESERVED +CVE-2021-20817 + RESERVED +CVE-2021-20816 + RESERVED +CVE-2021-20815 (Cross-site scripting vulnerability in Edit Boilerplate screen of Movab ...) + - movabletype-opensource <removed> +CVE-2021-20814 (Cross-site scripting vulnerability in Setting screen of ContentType In ...) + - movabletype-opensource <removed> +CVE-2021-20813 (Cross-site scripting vulnerability in Edit screen of Content Data of M ...) + - movabletype-opensource <removed> +CVE-2021-20812 (Cross-site scripting vulnerability in Setting screen of Server Sync of ...) + - movabletype-opensource <removed> +CVE-2021-20811 (Cross-site scripting vulnerability in List of Assets screen of Movable ...) + - movabletype-opensource <removed> +CVE-2021-20810 (Cross-site scripting vulnerability in Website Management screen of Mov ...) + - movabletype-opensource <removed> +CVE-2021-20809 (Cross-site scripting vulnerability in Create screens of Entry, Page, a ...) + - movabletype-opensource <removed> +CVE-2021-20808 (Cross-site scripting vulnerability in Search screen of Movable Type (M ...) + - movabletype-opensource <removed> +CVE-2021-20807 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + NOT-FOR-US: Cybozu +CVE-2021-20806 (Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 al ...) + NOT-FOR-US: Cybozu +CVE-2021-20805 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + NOT-FOR-US: Cybozu +CVE-2021-20804 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...) + NOT-FOR-US: Cybozu +CVE-2021-20803 (Operation restriction bypass in the management screen of Cybozu Remote ...) + NOT-FOR-US: Cybozu +CVE-2021-20802 (HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to ...) + NOT-FOR-US: Cybozu +CVE-2021-20801 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...) + NOT-FOR-US: Cybozu +CVE-2021-20800 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + NOT-FOR-US: Cybozu +CVE-2021-20799 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + NOT-FOR-US: Cybozu +CVE-2021-20798 (Cross-site scripting vulnerability in the management screen of Cybozu ...) + NOT-FOR-US: Cybozu +CVE-2021-20797 (Cross-site script inclusion vulnerability in the management screen of ...) + NOT-FOR-US: Cybozu +CVE-2021-20796 (Directory traversal vulnerability in the management screen of Cybozu R ...) + NOT-FOR-US: Cybozu +CVE-2021-20795 (Cross-site request forgery (CSRF) vulnerability in the management scre ...) + NOT-FOR-US: Cybozu +CVE-2021-20794 + RESERVED +CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Audio USB ...) + NOT-FOR-US: installer of Sony Audio USB Driver and installer of HAP Music Transfer +CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master versions ...) + NOT-FOR-US: Quiz And Survey Master +CVE-2021-20791 (Improper access control vulnerability in RevoWorks Browser 2.1.230 and ...) + NOT-FOR-US: RevoWorks Browser +CVE-2021-20790 (Improper control of program execution vulnerability in RevoWorks Brows ...) + NOT-FOR-US: RevoWorks Browser +CVE-2021-20789 (Open redirect vulnerability in GroupSession (GroupSession Free edition ...) + NOT-FOR-US: GroupSession +CVE-2021-20788 (Server-side request forgery (SSRF) vulnerability in GroupSession (Grou ...) + NOT-FOR-US: GroupSession +CVE-2021-20787 (Cross-site scripting vulnerability in GroupSession (GroupSession Free ...) + NOT-FOR-US: GroupSession +CVE-2021-20786 (Cross-site request forgery (CSRF) vulnerability in GroupSession (Group ...) + NOT-FOR-US: GroupSession +CVE-2021-20785 (Cross-site scripting vulnerability in GroupSession (GroupSession Free ...) + NOT-FOR-US: GroupSession +CVE-2021-20784 (HTTP header injection vulnerability in Everything all versions except ...) + NOT-FOR-US: Everything +CVE-2021-20783 (Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-W ...) + NOT-FOR-US: Optical BB unit E-WMTA2.3 +CVE-2021-20782 (Cross-site request forgery (CSRF) vulnerability in Software License Ma ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-20781 (Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-20780 (Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Cu ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-20779 (Cross-site request forgery (CSRF) vulnerability in WordPress Email Tem ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-20778 (Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 seri ...) + NOT-FOR-US: EC-CUBE +CVE-2021-20777 (Improper authorization in handler for custom URL scheme vulnerability ...) + NOT-FOR-US: GU App for Android +CVE-2021-20776 (Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR ...) + NOT-FOR-US: SCT-40CM01SR and AT-40CM01SR +CVE-2021-20775 (Improper input validation vulnerability in Bulletin of Cybozu Garoon 4 ...) + NOT-FOR-US: Cybozu +CVE-2021-20774 (Cross-site scripting vulnerability in some functions of E-mail of Cybo ...) + NOT-FOR-US: Cybozu +CVE-2021-20773 (There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, ...) + NOT-FOR-US: Cybozu +CVE-2021-20772 (Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10 ...) + NOT-FOR-US: Cybozu +CVE-2021-20771 (Cross-site scripting vulnerability in some functions of Group Mail of ...) + NOT-FOR-US: Cybozu +CVE-2021-20770 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 t ...) + NOT-FOR-US: Cybozu +CVE-2021-20769 (Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 ...) + NOT-FOR-US: Cybozu +CVE-2021-20768 (Operational restrictions bypass vulnerability in Scheduler and MultiRe ...) + NOT-FOR-US: Cybozu +CVE-2021-20767 (Cross-site scripting vulnerability in Full Text Search of Cybozu Garoo ...) + NOT-FOR-US: Cybozu +CVE-2021-20766 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 t ...) + NOT-FOR-US: Cybozu +CVE-2021-20765 (Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 ...) + NOT-FOR-US: Cybozu +CVE-2021-20764 (Improper input validation vulnerability in Attaching Files of Cybozu G ...) + NOT-FOR-US: Cybozu +CVE-2021-20763 (Operational restrictions bypass vulnerability in Portal of Cybozu Garo ...) + NOT-FOR-US: Cybozu +CVE-2021-20762 (Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0 ...) + NOT-FOR-US: Cybozu +CVE-2021-20761 (Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0 ...) + NOT-FOR-US: Cybozu +CVE-2021-20760 (Improper input validation vulnerability in User Profile of Cybozu Garo ...) + NOT-FOR-US: Cybozu +CVE-2021-20759 (Operational restrictions bypass vulnerability in Bulletin of Cybozu Ga ...) + NOT-FOR-US: Cybozu +CVE-2021-20758 (Cross-site request forgery (CSRF) vulnerability in Message of Cybozu G ...) + NOT-FOR-US: Cybozu +CVE-2021-20757 (Operational restrictions bypass vulnerability in E-mail of Cybozu Garo ...) + NOT-FOR-US: Cybozu +CVE-2021-20756 (Viewing restrictions bypass vulnerability in Address of Cybozu Garoon ...) + NOT-FOR-US: Cybozu +CVE-2021-20755 (Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4 ...) + NOT-FOR-US: Cybozu +CVE-2021-20754 (Improper input validation vulnerability in Workflow of Cybozu Garoon 4 ...) + NOT-FOR-US: Cybozu +CVE-2021-20753 (Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 ...) + NOT-FOR-US: Cybozu +CVE-2021-20752 (Cross-site scripting vulnerability in IkaIka RSS Reader all versions a ...) + NOT-FOR-US: IkaIka RSS Reader +CVE-2021-20751 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p ...) + NOT-FOR-US: EC-CUBE +CVE-2021-20750 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18- ...) + NOT-FOR-US: EC-CUBE +CVE-2021-20749 (Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and ear ...) + NOT-FOR-US: Fudousan plugin +CVE-2021-20748 (Retty App for Android versions prior to 4.8.13 and Retty App for iOS v ...) + NOT-FOR-US: Retty +CVE-2021-20747 (Improper authorization in handler for custom URL scheme vulnerability ...) + NOT-FOR-US: Retty App +CVE-2021-20746 (Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 an ...) + NOT-FOR-US: Wordpress plugin +CVE-2021-20745 (Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitra ...) + NOT-FOR-US: Inkdrop +CVE-2021-20744 (Cross-site scripting vulnerability in EC-CUBE Category contents plugin ...) + NOT-FOR-US: EC-CUBE Category contents plugin +CVE-2021-20743 (Cross-site scripting vulnerability in EC-CUBE Email newsletters manage ...) + NOT-FOR-US: EC-CUBE Email newsletters management plugin +CVE-2021-20742 (Cross-site scripting vulnerability in EC-CUBE Business form output plu ...) + NOT-FOR-US: EC-CUBE Business form output plugin +CVE-2021-20741 (Cross-site scripting vulnerability in Hitachi Application Server Help ...) + NOT-FOR-US: Hitachi +CVE-2021-20740 (Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions ...) + NOT-FOR-US: Hitachi +CVE-2021-20739 (WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, ...) + NOT-FOR-US: Elecom +CVE-2021-20738 (WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unau ...) + NOT-FOR-US: Elecom +CVE-2021-20737 (Improper authentication vulnerability in GROWI versions prior to v4.2. ...) + NOT-FOR-US: GROWI +CVE-2021-20736 (NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allow ...) + NOT-FOR-US: GROWI +CVE-2021-20735 (Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery ...) + NOT-FOR-US: ETUNA EC-CUBE plugins +CVE-2021-20734 (Cross-site scripting vulnerability in Welcart e-Commerce versions prio ...) + NOT-FOR-US: Welcart e-Commerce +CVE-2021-20733 (Improper authorization in handler for custom URL scheme vulnerability ...) + NOT-FOR-US: Some Android app +CVE-2021-20732 (The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 an ...) + NOT-FOR-US: ATOM (ATOM - Smart life App) +CVE-2021-20731 (WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver ...) + NOT-FOR-US: WSR-1166DHP3 firmware +CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.1 ...) + NOT-FOR-US: WSR-1166DHP3 firmware +CVE-2021-20729 + RESERVED +CVE-2021-20728 (Improper access control vulnerability in goo blog App for Android ver. ...) + NOT-FOR-US: goo blog App +CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allo ...) + NOT-FOR-US: Zettlr +CVE-2021-20726 (Untrusted search path vulnerability in The Installer of Overwolf 2.168 ...) + NOT-FOR-US: Overwolf +CVE-2021-20725 (Reflected cross-site scripting vulnerability in the admin page of [Cal ...) + NOT-FOR-US: Calendar01 +CVE-2021-20724 (Reflected cross-site scripting vulnerability in the admin page of [Tel ...) + NOT-FOR-US: Telop01 +CVE-2021-20723 (Reflected cross-site scripting vulnerability in [MailForm01] free edit ...) + NOT-FOR-US: MailForm01 +CVE-2021-20722 (Untrusted search path vulnerability in the installers of ScanSnap Mana ...) + NOT-FOR-US: ScanSnap Manager +CVE-2021-20721 (KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload a ...) + NOT-FOR-US: KonaWiki2 +CVE-2021-20720 (SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 a ...) + NOT-FOR-US: KonaWiki2 +CVE-2021-20719 (RFNTPS firmware versions System_01000004 and earlier, and Web_01000004 ...) + NOT-FOR-US: RFNTPS firmware +CVE-2021-20718 (mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a de ...) + - libapache2-mod-auth-openidc 2.4.4.1-2 (bug #989055) + [buster] - libapache2-mod-auth-openidc <not-affected> (Vulnerable code introduced later) + [stretch] - libapache2-mod-auth-openidc <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/5ef1b0a74208fcb43a16795d0afc94c3d54cd120 +CVE-2021-20717 (Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a ...) + NOT-FOR-US: EC-CUBE +CVE-2021-20716 (Hidden functionality in multiple Buffalo network devices (BHR-4RV firm ...) + NOT-FOR-US: Buffalo +CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet App for An ...) + NOT-FOR-US: Hot Pepper Gourmet App +CVE-2021-20714 (Directory traversal vulnerability in WP Fastest Cache versions prior t ...) + NOT-FOR-US: WP fastest cache +CVE-2021-20713 (Privilege escalation vulnerability in QND Advance/Premium/Standard Ver ...) + NOT-FOR-US: QND Advance/Premium/Standard +CVE-2021-20712 (Improper access control vulnerability in NEC Aterm WG2600HS firmware V ...) + NOT-FOR-US: Aterm firmware +CVE-2021-20711 (Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to exe ...) + NOT-FOR-US: Aterm firmware +CVE-2021-20710 (Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 ...) + NOT-FOR-US: Aterm firmware +CVE-2021-20709 (Improper validation of integrity check value vulnerability in NEC Ater ...) + NOT-FOR-US: Aterm firmware +CVE-2021-20708 (NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm ...) + NOT-FOR-US: Aterm firmware +CVE-2021-20707 (Improper input validation vulnerability in the Transaction Server CLUS ...) + NOT-FOR-US: Nec +CVE-2021-20706 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...) + NOT-FOR-US: Nec +CVE-2021-20705 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...) + NOT-FOR-US: Nec +CVE-2021-20704 (Buffer overflow vulnerability in the compatible API with previous vers ...) + NOT-FOR-US: Nec +CVE-2021-20703 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4 ...) + NOT-FOR-US: Nec +CVE-2021-20702 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4 ...) + NOT-FOR-US: Nec +CVE-2021-20701 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for W ...) + NOT-FOR-US: Nec +CVE-2021-20700 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for W ...) + NOT-FOR-US: Nec +CVE-2021-20699 (Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and ...) + NOT-FOR-US: SHARP +CVE-2021-20698 (Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and ...) + NOT-FOR-US: SHARP +CVE-2021-20697 (Missing authentication for critical function in DAP-1880AC firmware ve ...) + NOT-FOR-US: DAP-1880AC firmware +CVE-2021-20696 (DAP-1880AC firmware version 1.21 and earlier allows a remote authentic ...) + NOT-FOR-US: DAP-1880AC firmware +CVE-2021-20695 (Improper following of a certificate's chain of trust vulnerability in ...) + NOT-FOR-US: DAP-1880AC firmware +CVE-2021-20694 (Improper access control vulnerability in DAP-1880AC firmware version 1 ...) + NOT-FOR-US: DAP-1880AC firmware +CVE-2021-20693 (Improper access control vulnerability in Gurunavi App for Android ver. ...) + NOT-FOR-US: Gurunavi App for Android and iOS +CVE-2021-20692 (Directory traversal vulnerability in Archive collectively operation ut ...) + NOT-FOR-US: Enkisoft +CVE-2021-20691 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...) + NOT-FOR-US: Yomi-Search +CVE-2021-20690 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...) + NOT-FOR-US: Yomi-Search +CVE-2021-20689 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...) + NOT-FOR-US: Yomi-Search +CVE-2021-20688 (Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remo ...) + NOT-FOR-US: Click Ranker +CVE-2021-20687 (Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allow ...) + NOT-FOR-US: Kagemai +CVE-2021-20686 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote atta ...) + NOT-FOR-US: Kagemai +CVE-2021-20685 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote atta ...) + NOT-FOR-US: Kagemai +CVE-2021-20684 (Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remot ...) + NOT-FOR-US: MagazinegerZ +CVE-2021-20683 (Improper neutralization of JavaScript input in the blog article editin ...) + NOT-FOR-US: baserCMS +CVE-2021-20682 (baserCMS versions prior to 4.4.5 allows a remote attacker with an admi ...) + NOT-FOR-US: baserCMS +CVE-2021-20681 (Improper neutralization of JavaScript input in the page editing functi ...) + NOT-FOR-US: baserCMS +CVE-2021-20680 (Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900H ...) + NOT-FOR-US: Aterm firmware +CVE-2021-20679 (Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6 ...) + NOT-FOR-US: Fuji +CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro versions prior ...) + NOT-FOR-US: Paid Memberships Pro +CVE-2021-20677 (UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIV ...) + NOT-FOR-US: UNIVERGE +CVE-2021-20676 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...) + NOT-FOR-US: M-System +CVE-2021-20675 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...) + NOT-FOR-US: M-System +CVE-2021-20674 (Untrusted search path vulnerability in Installer of MagicConnect Clien ...) + NOT-FOR-US: MagicConnect client +CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 ...) + NOT-FOR-US: GROWI +CVE-2021-20672 (Reflected cross-site scripting vulnerability due to insufficient verif ...) + NOT-FOR-US: GROWI +CVE-2021-20671 (Invalid file validation on the upload feature in GROWI versions v4.2.2 ...) + NOT-FOR-US: GROWI +CVE-2021-20670 (Improper access control vulnerability in GROWI versions v4.2.2 and ear ...) + NOT-FOR-US: GROWI +CVE-2021-20669 (Path traversal vulnerability in GROWI versions v4.2.2 and earlier allo ...) + NOT-FOR-US: GROWI +CVE-2021-20668 (Path traversal vulnerability in GROWI versions v4.2.2 and earlier allo ...) + NOT-FOR-US: GROWI +CVE-2021-20667 (Stored cross-site scripting vulnerability due to inadequate CSP (Conte ...) + NOT-FOR-US: GROWI +CVE-2021-20666 + RESERVED +CVE-2021-20665 (Cross-site scripting vulnerability in in Add asset screen of Contents ...) + - movabletype-opensource <removed> +CVE-2021-20664 (Cross-site scripting vulnerability in in Asset registration screen of ...) + - movabletype-opensource <removed> +CVE-2021-20663 (Cross-site scripting vulnerability in in Role authority setting screen ...) + - movabletype-opensource <removed> +CVE-2021-20662 (Missing authentication for critical function in SolarView Compact SV-C ...) + NOT-FOR-US: SolarView Compact +CVE-2021-20661 (Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 pr ...) + NOT-FOR-US: SolarView Compact +CVE-2021-20660 (Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 p ...) + NOT-FOR-US: SolarView Compact +CVE-2021-20659 (SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticate ...) + NOT-FOR-US: SolarView Compact +CVE-2021-20658 (SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to ...) + NOT-FOR-US: SolarView Compact +CVE-2021-20657 (Improper access control vulnerability in SolarView Compact SV-CPT-MC31 ...) + NOT-FOR-US: SolarView Compact +CVE-2021-20656 (Exposure of information through directory listing in SolarView Compact ...) + NOT-FOR-US: SolarView Compact +CVE-2021-20655 (FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attack ...) + NOT-FOR-US: FileZen +CVE-2021-20654 (Wekan, open source kanban board system, between version 3.12 and 4.11, ...) + NOT-FOR-US: Wekan +CVE-2021-20653 (Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, ...) + NOT-FOR-US: Calsos CSDJ +CVE-2021-20652 (Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17 ...) + NOT-FOR-US: Name Directory +CVE-2021-20651 (Directory traversal vulnerability in ELECOM File Manager all versions ...) + NOT-FOR-US: ELECOM +CVE-2021-20650 (Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RM ...) + NOT-FOR-US: ELECOM +CVE-2021-20649 (ELECOM WRC-300FEBK-S contains an improper certificate validation vulne ...) + NOT-FOR-US: ELECOM +CVE-2021-20648 (ELECOM WRC-300FEBK-S allows an attacker with administrator rights to e ...) + NOT-FOR-US: ELECOM +CVE-2021-20647 (Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK- ...) + NOT-FOR-US: ELECOM +CVE-2021-20646 (Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK- ...) + NOT-FOR-US: ELECOM +CVE-2021-20645 (Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remo ...) + NOT-FOR-US: ELECOM +CVE-2021-20644 (ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the u ...) + NOT-FOR-US: ELECOM +CVE-2021-20643 (Improper access control vulnerability in ELECOM LD-PS/U1 allows remote ...) + NOT-FOR-US: ELECOM +CVE-2021-20642 (Improper check or handling of exceptional conditions in LOGITEC LAN-W3 ...) + NOT-FOR-US: LOGITEC +CVE-2021-20641 (Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/R ...) + NOT-FOR-US: LOGITEC +CVE-2021-20640 (Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an atta ...) + NOT-FOR-US: LOGITEC +CVE-2021-20639 (LOGITEC LAN-W300N/PGRB allows an attacker with administrative privileg ...) + NOT-FOR-US: LOGITEC +CVE-2021-20638 (LOGITEC LAN-W300N/PGRB allows an attacker with administrative privileg ...) + NOT-FOR-US: LOGITEC +CVE-2021-20637 (Improper check or handling of exceptional conditions in LOGITEC LAN-W3 ...) + NOT-FOR-US: LOGITEC +CVE-2021-20636 (Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/P ...) + NOT-FOR-US: LOGITEC +CVE-2021-20635 (Improper restriction of excessive authentication attempts in LOGITEC L ...) + NOT-FOR-US: LOGITEC +CVE-2021-20634 (Improper access control vulnerability in Custom App of Cybozu Office 1 ...) + NOT-FOR-US: Custom App of Cybozu Office +CVE-2021-20633 (Improper access control vulnerability in Cabinet of Cybozu Office 10.0 ...) + NOT-FOR-US: Cybozu Office +CVE-2021-20632 (Improper access control vulnerability in Bulletin Board of Cybozu Offi ...) + NOT-FOR-US: Cybozu Office +CVE-2021-20631 (Improper input validation vulnerability in Custom App of Cybozu Office ...) + NOT-FOR-US: Cybozu Office +CVE-2021-20630 (Improper access control vulnerability in Phone Messages of Cybozu Offi ...) + NOT-FOR-US: Cybozu Office +CVE-2021-20629 (Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 t ...) + NOT-FOR-US: Cybozu Office +CVE-2021-20628 (Cross-site scripting vulnerability in Address Book of Cybozu Office 10 ...) + NOT-FOR-US: Cybozu Office +CVE-2021-20627 (Cross-site scripting vulnerability in Address Book of Cybozu Office 10 ...) + NOT-FOR-US: Cybozu Office +CVE-2021-20626 (Improper access control vulnerability in Workflow of Cybozu Office 10. ...) + NOT-FOR-US: Cybozu Office +CVE-2021-20625 (Improper access control vulnerability in Bulletin Board of Cybozu Offi ...) + NOT-FOR-US: Cybozu Office +CVE-2021-20624 (Improper access control vulnerability in Scheduler of Cybozu Office 10 ...) + NOT-FOR-US: Cybozu Office +CVE-2021-20623 (Video Insight VMS versions prior to 7.8 allows a remote attacker to ex ...) + NOT-FOR-US: Video Insight VMS +CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 ...) + NOT-FOR-US: Aterm WG2600HP firmware +CVE-2021-20621 (Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firm ...) + NOT-FOR-US: Aterm WG2600HP firmware +CVE-2021-20620 (Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 ...) + NOT-FOR-US: Aterm WF800HP firmware +CVE-2021-20619 (Cross-site scripting vulnerability in GROWI (v4.2 Series) versions pri ...) + NOT-FOR-US: GROWI +CVE-2021-20618 (Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, a ...) + NOT-FOR-US: acmailer +CVE-2021-20617 (Improper access control vulnerability in acmailer ver. 4.0.1 and earli ...) + NOT-FOR-US: acmailer +CVE-2021-20616 (Untrusted search path vulnerability in the installer of SKYSEA Client ...) + NOT-FOR-US: SKYSEA Client View +CVE-2021-20615 + RESERVED +CVE-2021-20614 + RESERVED +CVE-2021-20613 (Improper initialization vulnerability in MELSEC-F series FX3U-ENET Fir ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20612 (Lack of administrator control over security vulnerability in MELSEC-F ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20611 (Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/0 ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20610 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20609 (Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20608 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20607 (Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versi ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20606 (Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 vers ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20605 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20604 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20603 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20602 (Improper Handling of Exceptional Conditions vulnerability in GOT2000 s ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20601 (Improper input validation vulnerability in GOT2000 series GT27 model a ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C Controller M ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20599 (Authorization bypass through user-controlled key vulnerability in MELS ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20597 (Insufficiently Protected Credentials vulnerability in Mitsubishi Elect ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20596 (NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20595 (Improper Restriction of XML External Entity Reference vulnerability in ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20594 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20593 (Incorrect Implementation of Authentication Algorithm in Mitsubishi Ele ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20592 (Missing synchronization vulnerability in GOT2000 series GT27 model com ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model VNC ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20589 (Buffer access with incorrect length value vulnerability in GOT2000 ser ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20588 (Improper handling of length parameter inconsistency vulnerability in M ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20587 (Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Eng ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20586 (Resource management errors vulnerability in a robot controller of MELF ...) + NOT-FOR-US: Mitsubishi +CVE-2021-20585 (IBM Security Verify Access 20.07 could disclose sensitive information ...) + NOT-FOR-US: IBM +CVE-2021-20584 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote ...) + NOT-FOR-US: IBM +CVE-2021-20583 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) coul ...) + NOT-FOR-US: IBM +CVE-2021-20582 (IBM Security Secret Server up to 11.0 stores sensitive information in ...) + NOT-FOR-US: IBM +CVE-2021-20581 + RESERVED +CVE-2021-20580 (IBM Planning Analytics 2.0 could be vulnerable to cross-site request f ...) + NOT-FOR-US: IBM +CVE-2021-20579 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...) + NOT-FOR-US: IBM +CVE-2021-20578 (IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0 ...) + NOT-FOR-US: IBM +CVE-2021-20577 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2021-20576 (IBM Security Verify Access 20.07 could allow a remote attacker to send ...) + NOT-FOR-US: IBM +CVE-2021-20575 (IBM Security Verify Access 20.07 allows web pages to be stored locally ...) + NOT-FOR-US: IBM +CVE-2021-20574 (IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remot ...) + NOT-FOR-US: IBM +CVE-2021-20573 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...) + NOT-FOR-US: IBM +CVE-2021-20572 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...) + NOT-FOR-US: IBM +CVE-2021-20571 (IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to s ...) + NOT-FOR-US: IBM +CVE-2021-20570 + RESERVED +CVE-2021-20569 (IBM Security Secret Server up to 11.0 could allow an attacker to enume ...) + NOT-FOR-US: IBM +CVE-2021-20568 + RESERVED +CVE-2021-20567 (IBM Resilient SOAR V38.0 could allow a local privileged attacker to ob ...) + NOT-FOR-US: IBM +CVE-2021-20566 (IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algor ...) + NOT-FOR-US: IBM +CVE-2021-20565 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...) + NOT-FOR-US: IBM +CVE-2021-20564 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...) + NOT-FOR-US: IBM +CVE-2021-20563 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...) + NOT-FOR-US: IBM +CVE-2021-20562 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 ...) + NOT-FOR-US: IBM +CVE-2021-20561 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...) + NOT-FOR-US: IBM +CVE-2021-20560 (IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 ...) + NOT-FOR-US: IBM +CVE-2021-20559 (IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scrip ...) + NOT-FOR-US: IBM +CVE-2021-20558 + RESERVED +CVE-2021-20557 (IBM Security Guardium 11.2 could allow a remote authenticated attacker ...) + NOT-FOR-US: IBM +CVE-2021-20556 + RESERVED +CVE-2021-20555 + RESERVED +CVE-2021-20554 (IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cros ...) + NOT-FOR-US: IBM +CVE-2021-20553 + RESERVED +CVE-2021-20552 (IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote ...) + NOT-FOR-US: IBM +CVE-2021-20551 + RESERVED +CVE-2021-20550 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...) + NOT-FOR-US: IBM +CVE-2021-20549 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...) + NOT-FOR-US: IBM +CVE-2021-20548 + RESERVED +CVE-2021-20547 + RESERVED +CVE-2021-20546 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2021-20545 + RESERVED +CVE-2021-20544 + RESERVED +CVE-2021-20543 + RESERVED +CVE-2021-20542 + RESERVED +CVE-2021-20541 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...) + NOT-FOR-US: IBM +CVE-2021-20540 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...) + NOT-FOR-US: IBM +CVE-2021-20539 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...) + NOT-FOR-US: IBM +CVE-2021-20538 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a us ...) + NOT-FOR-US: IBM +CVE-2021-20537 (IBM Security Verify Access Docker 10.0.0 contains hard-coded credentia ...) + NOT-FOR-US: IBM +CVE-2021-20536 (IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores ...) + NOT-FOR-US: IBM +CVE-2021-20535 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...) + NOT-FOR-US: IBM +CVE-2021-20534 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...) + NOT-FOR-US: IBM +CVE-2021-20533 (IBM Security Verify Access Docker 10.0.0 could allow a remote authenti ...) + NOT-FOR-US: IBM +CVE-2021-20532 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a loc ...) + NOT-FOR-US: IBM +CVE-2021-20531 + RESERVED +CVE-2021-20530 + RESERVED +CVE-2021-20529 (IBM Control Center 6.2.0.0 could allow a user to obtain sensitive vers ...) + NOT-FOR-US: IBM +CVE-2021-20528 (IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2021-20527 (IBM Resilient SOAR V38.0 could allow a privileged user to create creat ...) + NOT-FOR-US: IBM +CVE-2021-20526 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...) + NOT-FOR-US: IBM +CVE-2021-20525 + RESERVED +CVE-2021-20524 (IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site s ...) + NOT-FOR-US: IBM +CVE-2021-20523 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...) + NOT-FOR-US: IBM +CVE-2021-20522 + RESERVED +CVE-2021-20521 + RESERVED +CVE-2021-20520 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) + NOT-FOR-US: IBM +CVE-2021-20519 (IBM Jazz Team Server products are vulnerable to cross-site scripting. ...) + NOT-FOR-US: IBM +CVE-2021-20518 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) + NOT-FOR-US: IBM +CVE-2021-20517 (IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could ...) + NOT-FOR-US: IBM +CVE-2021-20516 + RESERVED +CVE-2021-20515 (IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffe ...) + NOT-FOR-US: IBM +CVE-2021-20514 + RESERVED +CVE-2021-20513 + RESERVED +CVE-2021-20512 + RESERVED +CVE-2021-20511 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...) + NOT-FOR-US: IBM +CVE-2021-20510 (IBM Security Verify Access Docker 10.0.0 stores user credentials in pl ...) + NOT-FOR-US: IBM +CVE-2021-20509 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable ...) + NOT-FOR-US: IBM +CVE-2021-20508 (IBM Security Secret Server up to 11.0 could allow a remote attacker to ...) + NOT-FOR-US: IBM +CVE-2021-20507 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) + NOT-FOR-US: IBM +CVE-2021-20506 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) + NOT-FOR-US: IBM +CVE-2021-20505 (The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, ...) + NOT-FOR-US: IBM +CVE-2021-20504 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) + NOT-FOR-US: IBM +CVE-2021-20503 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) + NOT-FOR-US: IBM +CVE-2021-20502 (IBM Jazz Foundation Products are vulnerable to an XML External Entity ...) + NOT-FOR-US: IBM +CVE-2021-20501 (IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send em ...) + NOT-FOR-US: IBM +CVE-2021-20500 (IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive ...) + NOT-FOR-US: IBM +CVE-2021-20499 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...) + NOT-FOR-US: IBM +CVE-2021-20498 (IBM Security Verify Access Docker 10.0.0 reveals version information i ...) + NOT-FOR-US: IBM +CVE-2021-20497 (IBM Security Verify Access Docker 10.0.0 uses weaker than expected cry ...) + NOT-FOR-US: IBM +CVE-2021-20496 (IBM Security Verify Access Docker 10.0.0 could allow an authenticated ...) + NOT-FOR-US: IBM +CVE-2021-20495 + RESERVED +CVE-2021-20494 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...) + NOT-FOR-US: IBM +CVE-2021-20493 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2021-20492 (IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch ...) + NOT-FOR-US: IBM +CVE-2021-20491 (IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based bu ...) + NOT-FOR-US: IBM +CVE-2021-20490 (IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local us ...) + NOT-FOR-US: IBM +CVE-2021-20489 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...) + NOT-FOR-US: IBM +CVE-2021-20488 (IBM Security Identity Manager 6.0.2 could allow an authenticated malic ...) + NOT-FOR-US: IBM +CVE-2021-20487 (IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inje ...) + NOT-FOR-US: IBM +CVE-2021-20486 (IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain ...) + NOT-FOR-US: IBM +CVE-2021-20485 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...) + NOT-FOR-US: IBM +CVE-2021-20484 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cro ...) + NOT-FOR-US: IBM +CVE-2021-20483 (IBM Security Identity Manager 6.0.2 is vulnerable to server-side reque ...) + NOT-FOR-US: IBM +CVE-2021-20482 (IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to ...) + NOT-FOR-US: IBM +CVE-2021-20481 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...) + NOT-FOR-US: IBM +CVE-2021-20480 (IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to se ...) + NOT-FOR-US: IBM +CVE-2021-20479 + RESERVED +CVE-2021-20478 (IBM Cloud Pak System 2.3 could allow a local user in some situations t ...) + NOT-FOR-US: IBM +CVE-2021-20477 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2021-20476 + RESERVED +CVE-2021-20475 + RESERVED +CVE-2021-20474 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perfor ...) + NOT-FOR-US: IBM +CVE-2021-20473 (IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does ...) + NOT-FOR-US: IBM +CVE-2021-20472 + RESERVED +CVE-2021-20471 + RESERVED +CVE-2021-20470 (IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users sho ...) + NOT-FOR-US: IBM +CVE-2021-20469 + RESERVED +CVE-2021-20468 + RESERVED +CVE-2021-20467 + RESERVED +CVE-2021-20466 + RESERVED +CVE-2021-20465 + RESERVED +CVE-2021-20464 + RESERVED +CVE-2021-20463 + RESERVED +CVE-2021-20462 + RESERVED +CVE-2021-20461 (IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the ...) + NOT-FOR-US: IBM +CVE-2021-20460 + RESERVED +CVE-2021-20459 + RESERVED +CVE-2021-20458 + RESERVED +CVE-2021-20457 + RESERVED +CVE-2021-20456 + RESERVED +CVE-2021-20455 + RESERVED +CVE-2021-20454 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2021-20453 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a ...) + NOT-FOR-US: IBM +CVE-2021-20452 + RESERVED +CVE-2021-20451 + RESERVED +CVE-2021-20450 + RESERVED +CVE-2021-20449 + RESERVED +CVE-2021-20448 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...) + NOT-FOR-US: IBM +CVE-2021-20447 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) + NOT-FOR-US: IBM +CVE-2021-20446 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site ...) + NOT-FOR-US: IBM +CVE-2021-20445 (IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain ...) + NOT-FOR-US: IBM +CVE-2021-20444 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site ...) + NOT-FOR-US: IBM +CVE-2021-20443 (IBM Maximo for Civil Infrastructure 7.6.2 includes executable function ...) + NOT-FOR-US: IBM +CVE-2021-20442 (IBM Security Verify Bridge contains hard-coded credentials, such as a ...) + NOT-FOR-US: IBM +CVE-2021-20441 (IBM Security Verify Bridge uses weaker than expected cryptographic alg ...) + NOT-FOR-US: IBM +CVE-2021-20440 (IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not ...) + NOT-FOR-US: IBM +CVE-2021-20439 (IBM Security Access Manager 9.0 and IBM Security Verify Access Docker ...) + NOT-FOR-US: IBM +CVE-2021-20438 + RESERVED +CVE-2021-20437 + RESERVED +CVE-2021-20436 + RESERVED +CVE-2021-20435 (IBM Security Verify Bridge 1.0.5.0 does not properly validate a certif ...) + NOT-FOR-US: IBM +CVE-2021-20434 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...) + NOT-FOR-US: IBM +CVE-2021-20433 (IBM Security Guardium 11.3 could allow a an authenticated user to obta ...) + NOT-FOR-US: IBM +CVE-2021-20432 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Reso ...) + NOT-FOR-US: IBM +CVE-2021-20431 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not inv ...) + NOT-FOR-US: IBM +CVE-2021-20430 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...) + NOT-FOR-US: IBM +CVE-2021-20429 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose ...) + NOT-FOR-US: IBM +CVE-2021-20428 (IBM Security Guardium 11.2 could allow a remote attacker to obtain sen ...) + NOT-FOR-US: IBM +CVE-2021-20427 (IBM Security Guardium 11.2 uses an inadequate account lockout setting ...) + NOT-FOR-US: IBM +CVE-2021-20426 (IBM Security Guardium 11.2 contains hard-coded credentials, such as a ...) + NOT-FOR-US: IBM +CVE-2021-20425 + RESERVED +CVE-2021-20424 (IBM Cloud Pak for Applications 4.3 could allow a remote attacker to ob ...) + NOT-FOR-US: IBM +CVE-2021-20423 (IBM Cloud Pak for Applications 4.3 could allow an authenticated user g ...) + NOT-FOR-US: IBM +CVE-2021-20422 (IBM Cloud Pak for Applications 4.3 could disclose sensitive informatio ...) + NOT-FOR-US: IBM +CVE-2021-20421 + RESERVED +CVE-2021-20420 (IBM Security Guardium 11.2 could disclose sensitive information due to ...) + NOT-FOR-US: IBM +CVE-2021-20419 (IBM Security Guardium 11.2 uses weaker than expected cryptographic alg ...) + NOT-FOR-US: IBM +CVE-2021-20418 (IBM Security Guardium 11.2 does not require that users should have str ...) + NOT-FOR-US: IBM +CVE-2021-20417 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attack ...) + NOT-FOR-US: IBM +CVE-2021-20416 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a r ...) + NOT-FOR-US: IBM +CVE-2021-20415 (IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account ...) + NOT-FOR-US: IBM +CVE-2021-20414 (IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce ...) + NOT-FOR-US: IBM +CVE-2021-20413 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attack ...) + NOT-FOR-US: IBM +CVE-2021-20412 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-co ...) + NOT-FOR-US: IBM +CVE-2021-20411 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...) + NOT-FOR-US: IBM +CVE-2021-20410 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user crede ...) + NOT-FOR-US: IBM +CVE-2021-20409 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...) + NOT-FOR-US: IBM +CVE-2021-20408 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose h ...) + NOT-FOR-US: IBM +CVE-2021-20407 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensit ...) + NOT-FOR-US: IBM +CVE-2021-20406 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than ...) + NOT-FOR-US: IBM +CVE-2021-20405 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...) + NOT-FOR-US: IBM +CVE-2021-20404 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...) + NOT-FOR-US: IBM +CVE-2021-20403 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2021-20402 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...) + NOT-FOR-US: IBM +CVE-2021-20401 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a ...) + NOT-FOR-US: IBM +CVE-2021-20400 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic al ...) + NOT-FOR-US: IBM +CVE-2021-20399 (IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulner ...) + NOT-FOR-US: IBM +CVE-2021-20398 + RESERVED +CVE-2021-20397 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...) + NOT-FOR-US: IBM +CVE-2021-20396 (IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM ...) + NOT-FOR-US: IBM +CVE-2021-20395 + RESERVED +CVE-2021-20394 + RESERVED +CVE-2021-20393 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a r ...) + NOT-FOR-US: IBM +CVE-2021-20392 (IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable t ...) + NOT-FOR-US: IBM +CVE-2021-20391 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web page ...) + NOT-FOR-US: IBM +CVE-2021-20390 + RESERVED +CVE-2021-20389 (IBM Security Guardium 11.2 stores user credentials in plain clear text ...) + NOT-FOR-US: IBM +CVE-2021-20388 + RESERVED +CVE-2021-20387 + RESERVED +CVE-2021-20386 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2021-20385 (IBM Security Guardium 11.2 could allow a remote authenticated attacker ...) + NOT-FOR-US: IBM +CVE-2021-20384 + RESERVED +CVE-2021-20383 + RESERVED +CVE-2021-20382 + RESERVED +CVE-2021-20381 + RESERVED +CVE-2021-20380 (IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRad ...) + NOT-FOR-US: IBM +CVE-2021-20379 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker tha ...) + NOT-FOR-US: IBM +CVE-2021-20378 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invali ...) + NOT-FOR-US: IBM +CVE-2021-20377 (IBM Security Guardium 11.3 could allow a remote attacker to obtain sen ...) + NOT-FOR-US: IBM +CVE-2021-20376 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authe ...) + NOT-FOR-US: IBM +CVE-2021-20375 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authe ...) + NOT-FOR-US: IBM +CVE-2021-20374 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...) + NOT-FOR-US: IBM +CVE-2021-20373 (IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Inform ...) + NOT-FOR-US: IBM +CVE-2021-20372 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote ...) + NOT-FOR-US: IBM +CVE-2021-20371 (IBM Jazz Foundation and IBM Engineering products could allow a remote ...) + NOT-FOR-US: IBM +CVE-2021-20370 + RESERVED +CVE-2021-20369 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...) + NOT-FOR-US: IBM +CVE-2021-20368 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + NOT-FOR-US: IBM +CVE-2021-20367 + RESERVED +CVE-2021-20366 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + NOT-FOR-US: IBM +CVE-2021-20365 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + NOT-FOR-US: IBM +CVE-2021-20364 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + NOT-FOR-US: IBM +CVE-2021-20363 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + NOT-FOR-US: IBM +CVE-2021-20362 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + NOT-FOR-US: IBM +CVE-2021-20361 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...) + NOT-FOR-US: IBM +CVE-2021-20360 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...) + NOT-FOR-US: IBM +CVE-2021-20359 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automatio ...) + NOT-FOR-US: IBM +CVE-2021-20358 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially s ...) + NOT-FOR-US: IBM +CVE-2021-20357 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...) + NOT-FOR-US: IBM +CVE-2021-20356 + RESERVED +CVE-2021-20355 + RESERVED +CVE-2021-20354 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remot ...) + NOT-FOR-US: IBM +CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2021-20352 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) + NOT-FOR-US: IBM +CVE-2021-20351 (IBM Engineering products are vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2021-20350 (IBM Engineering products are vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2021-20349 (IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-bas ...) + NOT-FOR-US: IBM +CVE-2021-20348 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...) + NOT-FOR-US: IBM +CVE-2021-20347 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...) + NOT-FOR-US: IBM +CVE-2021-20346 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...) + NOT-FOR-US: IBM +CVE-2021-20345 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...) + NOT-FOR-US: IBM +CVE-2021-20344 + RESERVED +CVE-2021-20343 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...) + NOT-FOR-US: IBM +CVE-2021-20342 + RESERVED +CVE-2021-20341 (IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potenti ...) + NOT-FOR-US: IBM +CVE-2021-20340 (IBM Engineering products are vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2021-20339 + RESERVED +CVE-2021-20338 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) + NOT-FOR-US: IBM +CVE-2021-20337 (IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weak ...) + NOT-FOR-US: IBM +CVE-2021-20336 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...) + NOT-FOR-US: IBM +CVE-2021-20335 (For MongoDB Ops Manager <= 4.2.24 with multiple OM application serv ...) + NOT-FOR-US: MongoDB Ops Manager +CVE-2021-20334 (A malicious 3rd party with local access to the Windows machine where M ...) + NOT-FOR-US: MongoDB Compass +CVE-2021-20333 (Sending specially crafted commands to a MongoDB Server may result in a ...) + - mongodb <removed> + [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html) + NOTE: https://jira.mongodb.org/browse/SERVER-50605 +CVE-2021-20332 (Specific MongoDB Rust Driver versions can include credentials used by ...) + NOT-FOR-US: MongoDB rust driver +CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publish eve ...) + NOT-FOR-US: MongoDB C# Driver +CVE-2021-20330 (An attacker with basic CRUD permissions on a replicated collection can ...) + - mongodb <removed> + [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html) + NOTE: https://jira.mongodb.org/browse/SERVER-36263 +CVE-2021-20329 (Specific cstrings input may not be properly validated in the MongoDB G ...) + NOT-FOR-US: mongo-driver + NOTE: https://jira.mongodb.org/browse/GODRIVER-1923 + NOTE: https://github.com/mongodb/mongo-go-driver/pull/622 + NOTE: https://github.com/mongodb/mongo-go-driver/commit/3a89e6cde18d6ac5d38f39b54eaa8d4e321fd118 (v1.5.1) +CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...) + - mongo-java-driver <not-affected> (Vulnerable code introduce later) + NOTE: https://jira.mongodb.org/browse/JAVA-4017 + NOTE: Fixed by: https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234 +CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption module doe ...) + NOT-FOR-US: Node mongodb-client-encryption +CVE-2021-20326 (A user authorized to performing a specific type of find query may trig ...) + - mongodb <removed> + [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html) + NOTE: https://jira.mongodb.org/browse/SERVER-53929 +CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ...) + - apache2 <not-affected> (Red Hat RHEL 8 specifc regression of CVE-2021-40438 and CVE-2021-26691) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2017321 +CVE-2021-20324 + RESERVED + NOT-FOR-US: WildFly Elytron +CVE-2021-20323 + RESERVED + NOT-FOR-US: Keycloak +CVE-2021-20322 (A flaw in the processing of received ICMP errors (ICMP fragment needed ...) + {DLA-2843-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230 +CVE-2021-20321 (A race condition accessing file object in the Linux kernel OverlayFS s ...) + {DLA-2843-1} + - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5) +CVE-2021-20320 (A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf ...) + - linux 5.14.9-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + [stretch] - linux <ignored> (s390x not supported in LTS) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2010090 +CVE-2021-20319 + RESERVED + NOT-FOR-US: coreos-installer +CVE-2021-20318 (The HornetQ component of Artemis in EAP 7 was not updated with the fix ...) + NOT-FOR-US: Red Hat JBoss Enterprise Application Platform +CVE-2021-20317 (A flaw was found in the Linux kernel. A corrupted timer tree caused th ...) + {DLA-2843-1} + - linux 5.4.6-1 + NOTE: https://git.kernel.org/linus/511885d7061eda3eb1faf3f57dcc936ff75863f1 (5.4-rc1) +CVE-2021-20316 + RESERVED + - samba <unfixed> (bug #1004690) + [bullseye] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists) + [buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists) + NOTE: https://www.samba.org/samba/security/CVE-2021-20316.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14842 +CVE-2021-20315 (A locking protection bypass flaw was found in some versions of gnome-s ...) + - gnome-shell <undetermined> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006285 + TODO: check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams +CVE-2021-20314 (Stack buffer overflow in libspf2 versions below 1.2.11 when processing ...) + {DSA-4955-1 DLA-2739-1} + - libspf2 1.2.10-7.1 + [bullseye] - libspf2 1.2.10-7.1~deb11u1 + NOTE: https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef + NOTE: https://www.openwall.com/lists/oss-security/2021/08/11/6 +CVE-2021-20313 (A flaw was found in ImageMagick in versions before 7.0.11. A potential ...) + {DLA-2672-1} + [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 + - imagemagick <unfixed> + [bullseye] - imagemagick <no-dsa> (Minor issue) + [buster] - imagemagick <ignored> (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482 + NOTE: IM6: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e +CVE-2021-20312 (A flaw was found in ImageMagick in versions 7.0.11, where an integer o ...) + {DLA-2672-1} + [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 + - imagemagick <unfixed> + [bullseye] - imagemagick <ignored> (Minor issue) + [buster] - imagemagick <ignored> (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e +CVE-2021-20311 (A flaw was found in ImageMagick in versions before 7.0.11, where a div ...) + - imagemagick <unfixed> (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482 +CVE-2021-20310 (A flaw was found in ImageMagick in versions before 7.0.11, where a div ...) + - imagemagick <not-affected> (Specific to IM7) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/3295 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/75f6f5032690077cae3eaeda3c0165cc765eaeb5 +CVE-2021-20309 (A flaw was found in ImageMagick in versions before 7.0.11 and before 6 ...) + {DLA-2672-1} + [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 + - imagemagick <unfixed> + [bullseye] - imagemagick <ignored> (Minor issue) + [buster] - imagemagick <ignored> (Minor issue) + NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311 + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f +CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers ...) + {DLA-2700-1} + - htmldoc 1.9.11-3 (unimportant; bug #984765) + [buster] - htmldoc 1.9.3-1+deb10u1 + NOTE: https://github.com/michaelrsweet/htmldoc/issues/423 + NOTE: Crash in CLI tool, no security impact +CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in libpano1 ...) + {DLA-2624-1} + - libpano13 2.9.20~rc3+dfsg-1 (bug #985249) + [buster] - libpano13 2.9.19+dfsg-3+deb10u1 + NOTE: https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/ +CVE-2021-20306 (A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any ...) + NOT-FOR-US: Red Hat Business Central +CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where several Net ...) + {DSA-4933-1 DLA-2760-1} + - nettle 3.7.2-1 (bug #985652) + NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html + NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical: + NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/a63893791280d441c713293491da97c79c0950fe + NOTE: Use ecc_mod_mul_canonical for point comparison: + NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/971bed6ab4b27014eb23085e8176917e1a096fd5 + NOTE: Fix bug in ecc_ecdsa_verify: + NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/74ee0e82b6891e090f20723750faeb19064e31b2 + NOTE: Ensure ecdsa_sign output is canonically reduced: + NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/51f643eee00e2caa65c8a2f5857f49acdf3ef1ce + NOTE: Analogous fix to ecc_gostdsa_verify: + NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/401c8d53d8a8cf1e79980e62bda3f946f8e07c14 + NOTE: Similar fix for eddsa: + NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/ae3801a0e5cce276c270973214385c86048d5f7b + NOTE: Fix canonical reduction in gostdsa_vko: + NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/63f222c60b03470c0005aa9bc4296fbf585f68b9 +CVE-2021-20304 [Undefined-shift in Imf_2_5::hufDecode] + RESERVED + - openexr 2.5.4-1 (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/849 + NOTE: Negligible security impact +CVE-2021-20303 [Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer] + RESERVED + {DLA-2732-1} + - openexr 2.5.4-1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/831 +CVE-2021-20302 [Floating-point-exception in Imf_2_5::precalculateTileInfot] + RESERVED + {DLA-2732-1} + - openexr 2.5.4-1 + [buster] - openexr <ignored> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/842 +CVE-2021-20301 + RESERVED +CVE-2021-20300 [Integer-overflow in Imf_2_5::hufUncompress] + RESERVED + {DLA-2732-1} + - openexr 2.5.4-1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ed560b8a932c78d5e8e5990ce36fe7808b35d9f0 (master) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5.x) +CVE-2021-20299 [Null-dereference READ in Imf_2_5::Header::operator] + RESERVED + {DLA-2732-1} + - openexr 2.5.4-1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/840 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f +CVE-2021-20298 [Out-of-memory in B44Compressor] + RESERVED + - openexr 2.5.4-1 + [buster] - openexr <ignored> (Minor issue) + [stretch] - openexr <postponed> (Minor issue, OOM, revisit when there's a full fix upstream) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97 (master) (partial fix) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0c2b46f630a3b5f2f561c2849d047ee39f899179 (2.5.x) (partial fix) +CVE-2021-20297 (A flaw was found in NetworkManager in versions before 1.30.0. Setting ...) + - network-manager 1.30.0-2 (bug #986809) + [buster] - network-manager <not-affected> (Vulnerable code introduced later) + [stretch] - network-manager <not-affected> (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942741 (not yet public) + NOTE: Introduced by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/3ced486f4162edcd03ff42fa27535130aff0c86c (1.26-rc2) + NOTE: Fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/420784e342da4883f6debdfe10cde68507b10d27 +CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...) + {DLA-2701-1} + - openexr 2.5.4-1 (bug #986796) + [buster] - openexr <no-dsa> (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a +CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3] + RESERVED + - qemu <not-affected> (RHEL 8.3 specific security regression) +CVE-2021-20294 (A flaw was found in binutils readelf 2.35 program. An attacker who is ...) + - binutils 2.35.2-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26929 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=372dd157272e0674d13372655cc60eaca9c06926 + NOTE: binutils not covered by security support +CVE-2021-20293 (A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in a ...) + - resteasy <undetermined> + - resteasy3.0 <undetermined> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942819 +CVE-2021-20292 (There is a flaw reported in the Linux kernel in versions before 5.9 in ...) + {DLA-2689-1} + - linux 5.7.17-1 + [buster] - linux 4.19.146-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939686 + NOTE: https://git.kernel.org/linus/5de5b6ecf97a021f29403aa272cb4e03318ef586 +CVE-2021-20291 (A deadlock vulnerability was found in 'github.com/containers/storage' ...) + [experimental] - golang-github-containers-storage 1.29.0+ds1-1 + - golang-github-containers-storage 1.34.1+ds1-1 (bug #988942) + NOTE: https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1 + NOTE: golang-github-containers-buildah uses golang-github-containers-storage compression support. + NOTE: docker.io already uses the same library as the fix for golang-github-containers-storage. +CVE-2021-20290 + RESERVED + - foreman <itp> (bug #663101) +CVE-2021-20289 (A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.F ...) + NOT-FOR-US: Keycloak +CVE-2021-20288 (An authentication flaw was found in ceph in versions before 14.2.20. W ...) + - ceph 14.2.20-1 (bug #986974) + [buster] - ceph <no-dsa> (Minor issue) + [stretch] - ceph <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/2 + NOTE: https://github.com/ceph/ceph/commit/059eabcc0ada81078a898cdc25cf72bf3d506ad0 + NOTE: https://github.com/ceph/ceph/commit/05b3b6a305ddbb56cc53bbeadf5866db4d785f49 +CVE-2021-20287 + RESERVED +CVE-2021-20286 (A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked ...) + - libnbd 1.6.2-1 + [bullseye] - libnbd <no-dsa> (Minor issue) + NOTE: https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html + NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/2216190ecbbd853648df6a3280c17b345b0907a0 (v1.6.2) + NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/fb4440de9cc76e9c14bd3ddf3333e78621f40ad0 (v1.7.3) +CVE-2021-20285 (A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw ...) + - upx-ucl <unfixed> (unimportant) + NOTE: https://github.com/upx/upx/issues/421 + NOTE: https://github.com/upx/upx/commit/3781df9da23840e596d5e9e8493f22666802fe6c +CVE-2021-20284 (A flaw was found in GNU Binutils 2.35.1, where there is a heap-based b ...) + - binutils 2.37-3 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26931 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f60742b2a1988d276c77d5c1011143f320d9b4cb + NOTE: binutils not covered by security support +CVE-2021-20283 (The web service responsible for fetching other users' enrolled courses ...) + - moodle <removed> +CVE-2021-20282 (When creating a user account, it was possible to verify the account wi ...) + - moodle <removed> +CVE-2021-20281 (It was possible for some users without permission to view other users' ...) + - moodle <removed> +CVE-2021-20280 (Text-based feedback answers required additional sanitizing to prevent ...) + - moodle <removed> +CVE-2021-20279 (The ID number user profile field required additional sanitizing to pre ...) + - moodle <removed> +CVE-2021-20278 (An authentication bypass vulnerability was found in Kiali in versions ...) + NOT-FOR-US: Kiali +CVE-2021-20277 (A flaw was found in Samba's libldb. Multiple, consecutive leading spac ...) + {DSA-4884-1 DLA-2611-1} + - ldb 2:2.2.0-3.1 (bug #985935) + - samba <unfixed> (unimportant) + NOTE: https://www.samba.org/samba/security/CVE-2021-20277.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14655 + NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=ea4bd2c437fbb5801fb82e2a038d9cdb5abea4c0 + NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=1fe8c790b2294fd10fe9c9c6254ecf2b6c00b709 + NOTE: Samba uses the System ldb library +CVE-2021-20276 (A flaw was found in privoxy before 3.0.32. Invalid memory access with ...) + {DLA-2587-1} + - privoxy 3.0.32-1 + [buster] - privoxy 3.0.28-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=28512e5b62457f0ff6f2d72e3e5c9226b9e0203d +CVE-2021-20275 (A flaw was found in privoxy before 3.0.32. A invalid read of size two ...) + {DLA-2587-1} + - privoxy 3.0.32-1 + [buster] - privoxy 3.0.28-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=a912ba7bc9ce5855a810d09332e9d94566ce1521 +CVE-2021-20274 (A flaw was found in privoxy before 3.0.32. A crash may occur due a NUL ...) + - privoxy 3.0.32-1 + [buster] - privoxy <not-affected> (Vulnerable code introduced later) + [stretch] - privoxy <not-affected> (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=85817cc55b9829e6c20db40d3a93b8380618463d +CVE-2021-20273 (A flaw was found in privoxy before 3.0.32. A crash can occur via a cra ...) + {DLA-2587-1} + - privoxy 3.0.32-1 + [buster] - privoxy 3.0.28-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=e711c505c4830ab271938d61af90a2075523f058 +CVE-2021-20272 (A flaw was found in privoxy before 3.0.32. An assertion failure could ...) + {DLA-2587-1} + - privoxy 3.0.32-1 + [buster] - privoxy 3.0.28-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=2256d7b4d67dd9c364386877d5af59943433458b +CVE-2021-20271 (A flaw was found in RPM's signature check functionality when reading a ...) + - rpm 4.16.1.2+dfsg1-1 (bug #985308) + [buster] - rpm <no-dsa> (Minor issue) + [stretch] - rpm <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125 +CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lea ...) + {DSA-4889-1 DSA-4870-1 DLA-2648-1 DLA-2590-1} + - pygments 2.7.1+dfsg-2 (bug #984664) + - mediawiki 1:1.35.2-1 + NOTE: https://github.com/pygments/pygments/issues/1625 + NOTE: https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333 +CVE-2021-20269 [incorrect permissions on kdump dmesg file] + RESERVED + - kexec-tools <unfixed> (bug #985105) + [bullseye] - kexec-tools <no-dsa> (Minor issue) + [buster] - kexec-tools <no-dsa> (Minor issue) + [stretch] - kexec-tools <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/03/11/2 +CVE-2021-20268 (An out-of-bounds access flaw was found in the Linux kernel's implement ...) + - linux 5.10.12-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-101/ + NOTE: https://git.kernel.org/linus/bc895e8b2a64e502fbba72748d59618272052a8b +CVE-2021-20267 (A flaw was found in openstack-neutron's default Open vSwitch firewall ...) + - neutron 2:17.1.1-5 (bug #985104) + [buster] - neutron 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1 + [stretch] - neutron <no-dsa> (Minor issue) + NOTE: https://bugs.launchpad.net/neutron/+bug/1902917 + NOTE: https://review.opendev.org/c/openstack/neutron/+/776599 + NOTE: Followup: https://review.opendev.org/c/openstack/neutron/+/783743 + NOTE: https://www.openwall.com/lists/oss-security/2021/07/12/2 +CVE-2021-20266 (A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw all ...) + - rpm 4.16.1.2+dfsg1-1 (bug #985308) + [buster] - rpm <no-dsa> (Minor issue) + [stretch] - rpm <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927741 +CVE-2021-20265 (A flaw was found in the way memory resources were freed in the unix_st ...) + - linux 4.4.4-1 + NOTE: https://git.kernel.org/linus/fa0dc04df259ba2df3ce1920e9690c7842f8fa4b (4.5-rc3) +CVE-2021-20264 (An insecure modification flaw in the /etc/passwd file was found in the ...) + NOT-FOR-US: Container configuration of some Red Hat products +CVE-2021-20263 (A flaw was found in the virtio-fs shared file system daemon (virtiofsd ...) + - qemu 1:5.2+dfsg-9 (bug #985083) + [buster] - qemu <not-affected> (Introduced in 5.2.0) + [stretch] - qemu <not-affected> (Introduced in 5.2.0) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1933668 + NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=725ca3313a5b9cbef89eaa1c728567684f37990a + NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=e586edcb410543768ef009eaa22a2d9dd4a53846 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e586edcb410543768ef009eaa22a2d9dd4a53846 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1e08f164e9fdc9528ad6990012301b9a04b0bc90 +CVE-2021-20262 (A flaw was found in Keycloak 12.0.0 where re-authentication does not o ...) + NOT-FOR-US: Keycloak +CVE-2021-20261 (A race condition was found in the Linux kernels implementation of the ...) + - linux 4.5.1-1 + NOTE: https://git.kernel.org/linus/a0c80efe5956ccce9fe7ae5c78542578c07bc20a + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932150 +CVE-2021-20260 + RESERVED + - foreman <itp> (bug #663101) +CVE-2021-20259 (A flaw was found in the Foreman project. The Proxmox compute resource ...) + - foreman <itp> (bug #663101) +CVE-2021-20258 + RESERVED +CVE-2021-20257 [net: e1000: infinite loop while processing transmit descriptors] + RESERVED + {DLA-2623-1} + - qemu 1:5.2+dfsg-9 (bug #984450) + [bullseye] - qemu <postponed> (Minor issue) + [buster] - qemu <postponed> (Minor issue) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=3de46e6fc489c52c9431a8a832ad8170a7569bd8 +CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes the p ...) + NOT-FOR-US: Red Hat Satellite +CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was found in ...) + {DLA-2623-1} + - qemu <unfixed> (bug #984451) + [bullseye] - qemu <postponed> (Minor issue) + [buster] - qemu <postponed> (Minor issue) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html + NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1 + NOTE: No upstream patch as of 2022-01-28 +CVE-2021-20254 (A flaw was found in samba. The Samba smbd file server must map Windows ...) + {DLA-2668-1} + - samba 2:4.13.5+dfsg-2 (bug #987811) + [buster] - samba <no-dsa> (Minor issue) + NOTE: https://www.samba.org/samba/security/CVE-2021-20254.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14571 + NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=75ad84167f5d2379557ec078d17c9a1c244402fc (master) +CVE-2021-20253 (A flaw was found in ansible-tower. The default installation is vulnera ...) + NOT-FOR-US: Ansible Tower +CVE-2021-20252 (A flaw was found in Red Hat 3scale API Management Platform 2. The 3sca ...) + NOT-FOR-US: Red Hat 3scale API Management +CVE-2021-20251 + RESERVED +CVE-2021-20250 (A flaw was found in wildfly. The JBoss EJB client has publicly accessi ...) + - wildfly <itp> (bug #752018) +CVE-2021-20249 + REJECTED +CVE-2021-20248 + REJECTED +CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of th ...) + - isync 1.3.0-2.1 (bug #983351) + [buster] - isync 1.3.0-2.2~deb10u1 + [stretch] - isync <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/22/1 +CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An attacker ...) + {DLA-2602-1} + [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 + - imagemagick <unfixed> + [bullseye] - imagemagick <ignored> (Minor issue) + [buster] - imagemagick <ignored> (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/3195 + NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/8d25d94a363b104acd6ff23df7470aeedb806c51 + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f3190d4a6e6e8556575c84b5d976f77d111caa74 +CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker who subm ...) + {DLA-2672-1} + [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 + - imagemagick <unfixed> + [bullseye] - imagemagick <ignored> (Minor issue) + [buster] - imagemagick <ignored> (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/3176 + NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ffb683e62ddedc6436a1b88388eb690d7ca57bf2 + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a78d92dc0f468e79c3d761aae9707042952cdaca +CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c. An att ...) + {DLA-2602-1} + [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 + - imagemagick <unfixed> + [bullseye] - imagemagick <ignored> (Minor issue) + [buster] - imagemagick <ignored> (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/pull/3194 + NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c8d674946a687f40a126166edf470733fc8ede02 +CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attacker wh ...) + {DLA-2672-1} + [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 + - imagemagick <unfixed> + [bullseye] - imagemagick <ignored> (Minor issue) + [buster] - imagemagick <ignored> (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193 + NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9751bd619872c8e58609fbed56c4827afa083b40 + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745 (resize.c hunk) +CVE-2021-20242 + REJECTED +CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who submi ...) + {DLA-2602-1} + [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 + - imagemagick <unfixed> + [bullseye] - imagemagick <ignored> (Minor issue) + [buster] - imagemagick <ignored> (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/pull/3177 + NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/dd33b451c3e01098efad34bbaca2df78d5391dc8 + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745 +CVE-2021-20240 (A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer w ...) + - gdk-pixbuf 2.42.2+dfsg-1 + [buster] - gdk-pixbuf <not-affected> (Vulnerable code introduced later) + [stretch] - gdk-pixbuf <not-affected> (Vulnerable code added later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1926787 + NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132 + NOTE: Vulnerable code introduced in https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f (2.39.2) + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e (2.42.0) +CVE-2021-20239 (A flaw was found in the Linux kernel in versions before 5.4.92 in the ...) + - linux 5.10.4-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-100/ + NOTE: https://gist.github.com/Ga-ryo/2ec958e78f55c5d18558960f3fe1c6ec +CVE-2021-20238 + RESERVED + NOT-FOR-US: OpenShift +CVE-2021-20237 (An uncontrolled resource consumption (memory leak) flaw was found in Z ...) + - zeromq3 4.3.3-1 + [buster] - zeromq3 <no-dsa> (Minor issue) + [stretch] - zeromq3 <no-dsa> (Minor issue) + NOTE: https://github.com/zeromq/libzmq/pull/3935 + NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22344 +CVE-2021-20236 (A flaw was found in the ZeroMQ server in versions before 4.3.3. This f ...) + - zeromq3 4.3.3-1 + [buster] - zeromq3 <no-dsa> (Minor issue) + [stretch] - zeromq3 <ignored> (Minor issue, too intrusive to backport) + NOTE: https://github.com/zeromq/libzmq/pull/3959 + NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22488 +CVE-2021-20235 (There's a flaw in the zeromq server in versions before 4.3.3 in src/de ...) + {DLA-2588-1} + - zeromq3 4.3.3-1 + [buster] - zeromq3 <no-dsa> (Minor issue) + NOTE: https://github.com/zeromq/libzmq/pull/3902 + NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21984 +CVE-2021-20234 (An uncontrolled resource consumption (memory leak) flaw was found in t ...) + {DLA-2588-1} + - zeromq3 4.3.3-1 + [buster] - zeromq3 <no-dsa> (Minor issue) + NOTE: https://github.com/zeromq/libzmq/pull/3918 + NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123 +CVE-2021-20233 (A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() ...) + {DSA-4867-1} + - grub2 2.04-16 + [stretch] - grub2 <ignored> (No SecureBoot support in stretch) +CVE-2021-20232 (A flaw was found in gnutls. A use after free issue in client_send_para ...) + - gnutls28 3.7.1-1 + [buster] - gnutls28 3.6.7-4+deb10u7 + [stretch] - gnutls28 <not-affected> (Vulnerable code introduced later) + NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10 + NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1151 +CVE-2021-20231 (A flaw was found in gnutls. A use after free issue in client sending k ...) + - gnutls28 3.7.1-1 + [buster] - gnutls28 3.6.7-4+deb10u7 + [stretch] - gnutls28 <not-affected> (Vulnerable code introduced later) + NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10 + NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1151 +CVE-2021-20230 (A flaw was found in stunnel before 5.57, where it improperly validates ...) + - stunnel4 3:5.56+dfsg-8 (bug #982578) + [buster] - stunnel4 <no-dsa> (Minor issue) + [stretch] - stunnel4 <not-affected> (Re-ordering of redirect/accept/reject checks performed in stunnel 5.41b8) + NOTE: https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9 + NOTE: Isolated fix only the changes in src/verify.c: + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1177580#c2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925226 +CVE-2021-20229 (A flaw was found in PostgreSQL in versions before 13.2. This flaw allo ...) + - postgresql-13 13.2-1 + NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/ +CVE-2021-20228 (A flaw was found in the Ansible Engine 2.9.18, where sensitive info is ...) + {DSA-4950-1} + - ansible 2.10.7+merged+base+2.10.8+dfsg-1 + - ansible-base <removed> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925002 + NOTE: https://github.com/ansible/ansible/pull/73487 +CVE-2021-20227 (A flaw was found in SQLite's SELECT query functionality (src/select.c) ...) + - sqlite3 3.34.1-1 + [buster] - sqlite3 <not-affected> (Introduced in 3.33) + [stretch] - sqlite3 <not-affected> (Introduced in 3.33) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1924886 + NOTE: https://sqlite.org/src/info/30a4c323650cc949 + NOTE: Patch: https://github.com/sqlite/sqlite/commit/f39168e468af3b1d6b6d37efdcb081eced6724b2 + NOTE: Introduced in https://github.com/sqlite/sqlite/commit/896366282dae3789fb277c2dad8660784a0895a3 +CVE-2021-20226 (A use-after-free flaw was found in the io_uring in Linux kernel, where ...) + - linux 5.10.4-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-001/ +CVE-2021-20225 (A flaw was found in grub2 in versions prior to 2.06. The option parser ...) + {DSA-4867-1} + - grub2 2.04-16 + [stretch] - grub2 <ignored> (No SecureBoot support in stretch) +CVE-2021-20224 + RESERVED +CVE-2021-20223 + RESERVED +CVE-2021-20222 (A flaw was found in keycloak. The new account console in keycloak can ...) + NOT-FOR-US: Keycloak +CVE-2021-20221 (An out-of-bounds heap buffer access issue was found in the ARM Generic ...) + {DLA-2560-1} + - qemu 1:5.2+dfsg-4 + [buster] - qemu <postponed> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/05/1 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a (v6.0.0-rc0) +CVE-2021-20220 (A flaw was found in Undertow. A regression in the fix for CVE-2020-106 ...) + - undertow 2.2.0-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1923133 + NOTE: https://github.com/undertow-io/undertow/commit/a18574a4da09449d855c0a7e58dfca3e9e2e488e +CVE-2021-20219 (A denial of service vulnerability was found in n_tty_receive_char_spec ...) + - linux <not-affected> (Red Hat specific issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/10 + NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/16 +CVE-2021-20218 (A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and ...) + NOT-FOR-US: fabric8io / kubernetes-client +CVE-2021-20217 (A flaw was found in Privoxy in versions before 3.0.31. An assertion fa ...) + {DLA-2548-1} + - privoxy 3.0.31-1 + [buster] - privoxy 3.0.28-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5bba5b89193fa2eeea51aa39fb6525c47b59a82a (3.0.31) +CVE-2021-20216 (A flaw was found in Privoxy in versions before 3.0.31. A memory leak t ...) + {DLA-2548-1} + - privoxy 3.0.31-1 + [buster] - privoxy 3.0.28-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=f431d61740cc03c1c5f6b7f9c7a4a8d0bedd70dd (3.0.31) +CVE-2021-20215 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...) + {DLA-2548-1} + - privoxy 3.0.29-1 + [buster] - privoxy 3.0.28-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=064eac5fd0f693e94ec8b3a64d1d91e8fb7e8e66 (3.0.29) + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=fdee85c0bf3e2dbd7722ddc45e9ed912f02a2136 (3.0.29) +CVE-2021-20214 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...) + - privoxy 3.0.29-1 + [buster] - privoxy 3.0.28-2+deb10u1 + [stretch] - privoxy <not-affected> (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=cf5640eb2a57197717758e225ad6e11cbaab1d6c (3.0.29) +CVE-2021-20213 (A flaw was found in Privoxy in versions before 3.0.29. Dereference of ...) + {DLA-2548-1} + - privoxy 3.0.29-1 + [buster] - privoxy 3.0.28-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=75301323495579ff27bdaaea67e31e2df83475fc (3.0.29) +CVE-2021-20212 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak if ...) + {DLA-2548-1} + - privoxy 3.0.29-1 + [buster] - privoxy 3.0.28-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5cfb7bc8feecc82eb161450faa572abf9be19cbb (3.0.29) +CVE-2021-20211 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak whe ...) + {DLA-2548-1} + - privoxy 3.0.29-1 + [buster] - privoxy 3.0.28-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=245e1cf325bc957df6226c745b7ac3f67a97ea07 (3.0.29) +CVE-2021-20210 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak in ...) + {DLA-2548-1} + - privoxy 3.0.29-1 + [buster] - privoxy 3.0.28-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=1b1370f7a8a9cc5434d3e0e54dd620df1e70c873 (3.0.29) +CVE-2021-20209 (A memory leak vulnerability was found in Privoxy before 3.0.29 in the ...) + {DLA-2548-1} + - privoxy 3.0.29-1 + [buster] - privoxy 3.0.28-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686dcd40e3b6e5753d0c7c0308209a7b6 (3.0.29) +CVE-2021-20208 (A flaw was found in cifs-utils in versions before 6.13. A user when mo ...) + - cifs-utils 2:6.11-3 (bug #987308) + [buster] - cifs-utils <no-dsa> (Minor issue) + [stretch] - cifs-utils <no-dsa> (Minor issue) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14651 + NOTE: https://lists.samba.org/archive/samba-technical/2021-April/136467.html + NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=e461afd8cfa6d0781ae0c5c10e89b6ef1ca6da32 + NOTE: Fix causes regression: https://bugs.debian.org/989080 +CVE-2021-20207 + REJECTED +CVE-2021-20206 (An improper limitation of path name flaw was found in containernetwork ...) + - golang-github-appc-cni 0.8.1-1 (bug #983659) + [buster] - golang-github-appc-cni <no-dsa> (Minor issue; can be fixed via point release) + [stretch] - golang-github-appc-cni <no-dsa> (Minor issue) + NOTE: https://github.com/containernetworking/cni/pull/808 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919391 +CVE-2021-20205 (Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of ...) + - libjpeg-turbo <not-affected> (Vulnerable code introduced later) + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/493 + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1719d12e51641cce5c77e259516649ba5ef6303c +CVE-2021-20204 (A heap memory corruption problem (use after free) can be triggered in ...) + {DLA-2660-1} + - libgetdata 0.10.0-10 (bug #988239) + [buster] - libgetdata 0.10.0-5+deb10u1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956348 + NOTE: https://bugs.launchpad.net/ubuntu/+source/libgetdata/+bug/1912050 + NOTE: Debian patch applied causes functional regressions: https://bugs.debian.org/992437 +CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator of the ...) + {DLA-2623-1} + - qemu 1:6.2+dfsg-1 (bug #984452) + [bullseye] - qemu <postponed> (Minor issue) + [buster] - qemu <postponed> (Minor issue) + NOTE: https://bugs.launchpad.net/qemu/+bug/1913873 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/308 + NOTE: https://bugs.launchpad.net/qemu/+bug/1890152 + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/d05dcd94aee88728facafb993c7280547eb4d645 (v6.2.0-rc3) +CVE-2021-20202 (A flaw was found in keycloak. Directories can be created prior to the ...) + NOT-FOR-US: Keycloak +CVE-2021-20201 (A flaw was found in spice in versions before 0.14.92. A DoS tool might ...) + - spice 0.14.3-2.1 (bug #983698) + [buster] - spice <no-dsa> (Minor issue) + [stretch] - spice <no-dsa> (Minor issue) + NOTE: https://gitlab.freedesktop.org/spice/spice/-/issues/49 + NOTE: https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749 + NOTE: https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9 + NOTE: https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks +CVE-2021-20200 + REJECTED +CVE-2021-20199 (Rootless containers run with Podman, receive all traffic with a source ...) + - libpod 3.0.0~rc2+dfsg1-2 + - rootlesskit 0.12.0-1 + NOTE: https://github.com/containers/podman/issues/5138 + NOTE: https://github.com/containers/podman/pull/9052 + NOTE: https://github.com/rootless-containers/rootlesskit/pull/206 + NOTE: For Podman v3.0: https://github.com/containers/podman/pull/9225 (v3.0.0-rc3) + NOTE: Issue in podman was fixed by linking against rootlesskit 0.12, and Debian updated + NOTE: ahead of time +CVE-2021-20198 (A flaw was found in the OpenShift Installer before version v0.9.0-mast ...) + NOT-FOR-US: OpenShift +CVE-2021-20197 (There is an open race window when writing output in the following util ...) + [experimental] - binutils 2.35.50.20201209-1 + - binutils 2.37-3 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26945 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=014cc7f849e8209623fc99264814bce7b3b6faf2 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=365f5fb6d0f0da83817431a275e99e6f6babbe04 + NOTE: binutils not covered by security support +CVE-2021-20196 (A NULL pointer dereference flaw was found in the floppy disk emulator ...) + - qemu 1:6.2+dfsg-1 (bug #984453) + [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream) + [buster] - qemu <postponed> (Fix along in future DSA) + [stretch] - qemu <postponed> (Fix along in future DLA) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919210 + NOTE: https://bugs.launchpad.net/qemu/+bug/1912780 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/338 + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg05986.html + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/1ab95af033a419e7a64e2d58e67dd96b20af5233 (v6.2.0-rc4) +CVE-2021-20195 (A flaw was found in keycloak in versions before 13.0.0. A Self Stored ...) + NOT-FOR-US: Keycloak +CVE-2021-20194 (There is a vulnerability in the linux kernel versions higher than 5.2 ...) + - linux 5.10.19-1 + [buster] - linux <not-affected> (Vulnerable code not present) + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1912683 + NOTE: https://patchwork.kernel.org/project/netdevbpf/patch/20210122164232.61770-1-loris.reiff@liblor.ch/#23921223 +CVE-2021-20193 (A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw ...) + - tar 1.34+dfsg-1 (unimportant; bug #980525) + NOTE: https://savannah.gnu.org/bugs/?59897 + NOTE: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777 + NOTE: Memory leak in CLI tool, no security impact +CVE-2021-20192 + RESERVED +CVE-2021-20191 (A flaw was found in ansible. Credentials, such as secrets, are being d ...) + - ansible <unfixed> (bug #985753) + [bullseye] - ansible <no-dsa> (Minor issue) + [buster] - ansible <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1916813 + NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227 + NOTE: https://github.com/ansible-collections/cisco.nxos/commit/120956963f47502151a358e4a7bc2a87f71813aa +CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishan ...) + {DLA-2638-1} + - jackson-databind 2.12.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u3 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2854 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. + NOTE: https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a +CVE-2021-20189 + REJECTED +CVE-2021-20188 (A flaw was found in podman before 1.7.0. File permissions for non-root ...) + - libpod 2.0.2+dfsg1-3 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915734 + NOTE: https://github.com/containers/podman/commit/2c7b579fe7328dc6db48bdaf60d0ddd9136b1e24 + NOTE: https://github.com/containers/podman/commit/c8bd4746151e6ae37d49c4688f2f64e03db429fc + NOTE: Fixed as part of https://github.com/containers/podman/commit/dcf3c742b1ac4d641d66810113f3d17441a412f4 (v1.7.0-rc1) +CVE-2021-20187 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...) + - moodle <removed> +CVE-2021-20186 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...) + - moodle <removed> +CVE-2021-20185 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...) + - moodle <removed> +CVE-2021-20184 (It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a i ...) + - moodle <removed> +CVE-2021-20183 (It was found in Moodle before version 3.10.1 that some search inputs w ...) + - moodle <removed> +CVE-2021-20182 (A privilege escalation flaw was found in openshift4/ose-docker-builder ...) + NOT-FOR-US: OpenShift +CVE-2021-20181 (A race condition flaw was found in the 9pfs server implementation of Q ...) + {DLA-2560-1} + - qemu 1:5.2+dfsg-4 + [buster] - qemu <postponed> (Minor issue) + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305 +CVE-2021-20180 + RESERVED + - ansible <unfixed> (bug #985753) + [bullseye] - ansible <no-dsa> (Minor issue) + [buster] - ansible <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915808 + NOTE: https://github.com/ansible-collections/community.general/pull/1635 + NOTE: https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc +CVE-2021-20179 (A flaw was found in pki-core. An attacker who has successfully comprom ...) + - dogtag-pki 10.10.2-2 + NOTE: https://github.com/dogtagpki/pki/pull/3475 +CVE-2021-20178 (A flaw was found in ansible module where credentials are disclosed in ...) + - ansible <unfixed> (bug #985753) + [bullseye] - ansible <no-dsa> (Minor issue) + [buster] - ansible <no-dsa> (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1914774 + NOTE: https://github.com/ansible-collections/community.general/pull/1621 + NOTE: https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3 +CVE-2021-20177 (A flaw was found in the Linux kernel's implementation of string matchi ...) + {DSA-4843-1 DLA-2557-1} + - linux 5.5.13-1 + [stretch] - linux <not-affected> (Vulnerable code not present) + NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=209823 + NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/1 +CVE-2021-20176 (A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 ...) + {DLA-2602-1} + - imagemagick 8:6.9.11.57+dfsg-1 + [buster] - imagemagick <ignored> (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077 + NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774 + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/90255f0834eead08d59f46b0bda7b1580451cc0f +CVE-2021-20175 (Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure comm ...) + NOT-FOR-US: Netgear +CVE-2021-20174 (Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure comm ...) + NOT-FOR-US: Netgear +CVE-2021-20173 (Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection ...) + NOT-FOR-US: Netgear +CVE-2021-20172 (All known versions of the Netgear Genie Installer for macOS contain a ...) + NOT-FOR-US: Netgear +CVE-2021-20171 (Netgear RAX43 version 1.0.3.96 stores sensitive information in plainte ...) + NOT-FOR-US: Netgear +CVE-2021-20170 (Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It ...) + NOT-FOR-US: Netgear +CVE-2021-20169 (Netgear RAX43 version 1.0.3.96 does not utilize secure communications ...) + NOT-FOR-US: Netgear +CVE-2021-20168 (Netgear RAX43 version 1.0.3.96 does not have sufficient protections to ...) + NOT-FOR-US: Netgear +CVE-2021-20167 (Netgear RAX43 version 1.0.3.96 contains a command injection vulnerabil ...) + NOT-FOR-US: Netgear +CVE-2021-20166 (Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability ...) + NOT-FOR-US: Netgear +CVE-2021-20165 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement ...) + NOT-FOR-US: Trendnet +CVE-2021-20164 (Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses creden ...) + NOT-FOR-US: Trendnet +CVE-2021-20163 (Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the f ...) + NOT-FOR-US: Trendnet +CVE-2021-20162 (Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plain ...) + NOT-FOR-US: Trendnet +CVE-2021-20161 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient pr ...) + NOT-FOR-US: Trendnet +CVE-2021-20160 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injectio ...) + NOT-FOR-US: Trendnet +CVE-2021-20159 (Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command in ...) + NOT-FOR-US: Trendnet +CVE-2021-20158 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication ...) + NOT-FOR-US: Trendnet +CVE-2021-20157 (It is possible for an unauthenticated, malicious user to force the dev ...) + NOT-FOR-US: Trendnet +CVE-2021-20156 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access ...) + NOT-FOR-US: Trendnet +CVE-2021-20155 (Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded cred ...) + NOT-FOR-US: Trendnet +CVE-2021-20154 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw i ...) + NOT-FOR-US: Trendnet +CVE-2021-20153 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerab ...) + NOT-FOR-US: Trendnet +CVE-2021-20152 (Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication ...) + NOT-FOR-US: Trendnet +CVE-2021-20151 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the sess ...) + NOT-FOR-US: Trendnet +CVE-2021-20150 (Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses inform ...) + NOT-FOR-US: Trendnet +CVE-2021-20149 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient ac ...) + NOT-FOR-US: Trendnet +CVE-2021-20148 (ManageEngine ADSelfService Plus below build 6116 stores the password p ...) + NOT-FOR-US: ManageEngine +CVE-2021-20147 (ManageEngine ADSelfService Plus below build 6116 contains an observabl ...) + NOT-FOR-US: ManageEngine +CVE-2021-20146 (An unprotected ssh private key exists on the Gryphon devices which cou ...) + NOT-FOR-US: Gryphon Tower routers +CVE-2021-20145 (Gryphon Tower routers contain an unprotected openvpn configuration fil ...) + NOT-FOR-US: Gryphon Tower routers +CVE-2021-20144 (An unauthenticated command injection vulnerability exists in the param ...) + NOT-FOR-US: Gryphon Tower routers +CVE-2021-20143 (An unauthenticated command injection vulnerability exists in the param ...) + NOT-FOR-US: Gryphon Tower routers +CVE-2021-20142 (An unauthenticated command injection vulnerability exists in the param ...) + NOT-FOR-US: Gryphon Tower routers +CVE-2021-20141 (An unauthenticated command injection vulnerability exists in the param ...) + NOT-FOR-US: Gryphon Tower routers +CVE-2021-20140 (An unauthenticated command injection vulnerability exists in the param ...) + NOT-FOR-US: Gryphon Tower routers +CVE-2021-20139 (An unauthenticated command injection vulnerability exists in the param ...) + NOT-FOR-US: Gryphon Tower routers +CVE-2021-20138 (An unauthenticated command injection vulnerability exists in multiple ...) + NOT-FOR-US: Gryphon Tower routers +CVE-2021-20137 (A reflected cross-site scripting vulnerability exists in the url param ...) + NOT-FOR-US: Gryphon Tower routers +CVE-2021-20136 (ManageEngine Log360 Builds < 5235 are affected by an improper acces ...) + NOT-FOR-US: ManageEngine +CVE-2021-20135 (Nessus versions 8.15.2 and earlier were found to contain a local privi ...) + NOT-FOR-US: Nessus +CVE-2021-20134 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...) + NOT-FOR-US: D-Link +CVE-2021-20133 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...) + NOT-FOR-US: D-Link +CVE-2021-20132 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...) + NOT-FOR-US: D-Link +CVE-2021-20131 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...) + NOT-FOR-US: ManageEngine ADManager Plus +CVE-2021-20130 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...) + NOT-FOR-US: ManageEngine ADManager Plus +CVE-2021-20129 (An information disclosure vulnerability exists in Draytek VigorConnect ...) + NOT-FOR-US: Draytek +CVE-2021-20128 (The Profile Name field in the floor plan (Network Menu) page in Drayte ...) + NOT-FOR-US: Draytek +CVE-2021-20127 (An arbitrary file deletion vulnerability exists in the file delete fun ...) + NOT-FOR-US: Draytek +CVE-2021-20126 (Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protect ...) + NOT-FOR-US: Draytek +CVE-2021-20125 (An arbitrary file upload and directory traversal vulnerability exists ...) + NOT-FOR-US: Draytek +CVE-2021-20124 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...) + NOT-FOR-US: Draytek +CVE-2021-20123 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...) + NOT-FOR-US: Draytek +CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...) + NOT-FOR-US: Telus Wi-Fi Hub +CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...) + NOT-FOR-US: Telus Wi-Fi Hub +CVE-2021-20120 (The administration web interface for the Arris Surfboard SB8200 lacks ...) + NOT-FOR-US: Arris Surfboard SB8200 +CVE-2021-20119 (The password change utility for the Arris SurfBoard SB8200 can have sa ...) + NOT-FOR-US: Arris SurfBoard SB8200 +CVE-2021-20118 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...) + NOT-FOR-US: Nessus Agent +CVE-2021-20117 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...) + NOT-FOR-US: Nessus Agent +CVE-2021-20116 (A reflected cross-site scripting vulnerability exists in TCExam <= ...) + NOT-FOR-US: TCExam +CVE-2021-20115 (A reflected cross-site scripting vulnerability exists in TCExam <= ...) + NOT-FOR-US: TCExam +CVE-2021-20114 (When installed following the default/recommended settings, TCExam < ...) + NOT-FOR-US: TCExam +CVE-2021-20113 (An exposure of sensitive information vulnerability exists in TCExam &l ...) + NOT-FOR-US: TCExam +CVE-2021-20112 (A stored cross-site scripting vulnerability exists in TCExam <= 14. ...) + NOT-FOR-US: TCExam +CVE-2021-20111 (A stored cross-site scripting vulnerability exists in TCExam <= 14. ...) + NOT-FOR-US: TCExam +CVE-2021-20110 (Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS ...) + NOT-FOR-US: Manage Engine Asset Explorer Agent +CVE-2021-20109 (Due to the Asset Explorer agent not validating HTTPS certificates, an ...) + NOT-FOR-US: Asset Explorer agent +CVE-2021-20108 (Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for inc ...) + NOT-FOR-US: Manage Engine Asset Explorer Agent +CVE-2021-20107 (There exists an unauthenticated BLE Interface in Sloan SmartFaucets in ...) + NOT-FOR-US: Sloan +CVE-2021-20106 (Nessus Agent versions 8.2.5 and earlier were found to contain a privil ...) + NOT-FOR-US: Nessus Agent +CVE-2021-20105 (Machform prior to version 16 is vulnerable to an open redirect in Safa ...) + NOT-FOR-US: Machform +CVE-2021-20104 (Machform prior to version 16 is vulnerable to unauthenticated remote c ...) + NOT-FOR-US: Machform +CVE-2021-20103 (Machform prior to version 16 is vulnerable to stored cross-site script ...) + NOT-FOR-US: Machform +CVE-2021-20102 (Machform prior to version 16 is vulnerable to cross-site request forge ...) + NOT-FOR-US: Machform +CVE-2021-20101 (Machform prior to version 16 is vulnerable to HTTP host header injecti ...) + NOT-FOR-US: Machform +CVE-2021-20100 (Nessus Agent 8.2.4 and earlier for Windows were found to contain multi ...) + NOT-FOR-US: Nessus Agent +CVE-2021-20099 (Nessus Agent 8.2.4 and earlier for Windows were found to contain multi ...) + NOT-FOR-US: Nessus Agent +CVE-2021-20098 + RESERVED +CVE-2021-20097 + RESERVED +CVE-2021-20096 (Cross-site request forgery in OpenOversight 0.6.4 allows a remote atta ...) + NOT-FOR-US: OpenOversight +CVE-2021-20095 + REJECTED +CVE-2021-20094 (A denial of service vulnerability exists in Wibu-Systems CodeMeter ver ...) + NOT-FOR-US: Wibu-Systems CodeMeter +CVE-2021-20093 (A buffer over-read vulnerability exists in Wibu-Systems CodeMeter vers ...) + NOT-FOR-US: Wibu-Systems CodeMeter +CVE-2021-20092 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...) + NOT-FOR-US: Buffalo +CVE-2021-20091 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.0 ...) + NOT-FOR-US: Buffalo +CVE-2021-20090 (A path traversal vulnerability in the web interfaces of Buffalo WSR-25 ...) + NOT-FOR-US: Buffalo +CVE-2021-20089 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) + NOT-FOR-US: purl javascript URL parser (different from src:purl) +CVE-2021-20088 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) + NOT-FOR-US: mootools-more +CVE-2021-20087 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) + NOT-FOR-US: jquery-deparam +CVE-2021-20086 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) + NOT-FOR-US: jquery-bbq +CVE-2021-20085 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) + NOT-FOR-US: backbone-query-parameters +CVE-2021-20084 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) + NOT-FOR-US: jquery-sparkle +CVE-2021-20083 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...) + NOT-FOR-US: jquery-plugin-query-object +CVE-2021-20082 + RESERVED +CVE-2021-20081 (Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus ...) + NOT-FOR-US: ManageEngine ServiceDesk Plus +CVE-2021-20080 (Insufficient output sanitization in ManageEngine ServiceDesk Plus befo ...) + NOT-FOR-US: ManageEngine ServiceDesk Plus +CVE-2021-20079 (Nessus versions 8.13.2 and earlier were found to contain a privilege e ...) + NOT-FOR-US: Nessus +CVE-2021-20078 (Manage Engine OpManager builds below 125346 are vulnerable to a remote ...) + NOT-FOR-US: Manage Engine OpManager +CVE-2021-20077 (Nessus versions 8.13.2 and earlier were found to contain a privilege e ...) + NOT-FOR-US: Nessus Agent +CVE-2021-20076 (Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were fou ...) + NOT-FOR-US: Tenable +CVE-2021-20075 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for pr ...) + NOT-FOR-US: Racom's MIDGE Firmware +CVE-2021-20074 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users ...) + NOT-FOR-US: Racom's MIDGE Firmware +CVE-2021-20073 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cr ...) + NOT-FOR-US: Racom's MIDGE Firmware +CVE-2021-20072 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...) + NOT-FOR-US: Racom's MIDGE Firmware +CVE-2021-20071 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...) + NOT-FOR-US: Racom's MIDGE Firmware +CVE-2021-20070 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...) + NOT-FOR-US: Racom's MIDGE Firmware +CVE-2021-20069 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...) + NOT-FOR-US: Racom's MIDGE Firmware +CVE-2021-20068 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...) + NOT-FOR-US: Racom's MIDGE Firmware +CVE-2021-20067 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...) + NOT-FOR-US: Racom's MIDGE Firmware +CVE-2021-20066 (JSDom improperly allows the loading of local resources, which allows f ...) + NOTE: Disputed by upstream: https://github.com/jsdom/jsdom/issues/3124#issuecomment-783502951 + NOTE: https://www.tenable.com/security/research/tra-2021-05 + NOTE: https://github.com/jsdom/jsdom/issues/3124 +CVE-2021-20065 + RESERVED +CVE-2021-20064 + RESERVED +CVE-2021-20063 + RESERVED +CVE-2021-20062 + RESERVED +CVE-2021-20061 + RESERVED +CVE-2021-20060 + RESERVED +CVE-2021-20059 + RESERVED +CVE-2021-20058 + RESERVED +CVE-2021-20057 + RESERVED +CVE-2021-20056 + RESERVED +CVE-2021-20055 + RESERVED +CVE-2021-20054 + RESERVED +CVE-2021-20053 + RESERVED +CVE-2021-20052 + RESERVED +CVE-2021-20051 + RESERVED +CVE-2021-20050 (An Improper Access Control Vulnerability in the SMA100 series leads to ...) + NOT-FOR-US: SonicWall +CVE-2021-20049 (A vulnerability in SonicWall SMA100 password change API allows a remot ...) + NOT-FOR-US: SonicWall +CVE-2021-20048 (A Stack-based buffer overflow in the SonicOS SessionID HTTP response h ...) + NOT-FOR-US: SonicWall +CVE-2021-20047 (SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and ear ...) + NOT-FOR-US: SonicWall +CVE-2021-20046 (A Stack-based buffer overflow in the SonicOS HTTP Content-Length respo ...) + NOT-FOR-US: SonicWall +CVE-2021-20045 (A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacN ...) + NOT-FOR-US: SonicWall +CVE-2021-20044 (A post-authentication remote command injection vulnerability in SonicW ...) + NOT-FOR-US: SonicWall +CVE-2021-20043 (A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBook ...) + NOT-FOR-US: SonicWall +CVE-2021-20042 (An unauthenticated remote attacker can use SMA 100 as an unintended pr ...) + NOT-FOR-US: SonicWall +CVE-2021-20041 (An unauthenticated and remote adversary can consume all of the device' ...) + NOT-FOR-US: SonicWall +CVE-2021-20040 (A relative path traversal vulnerability in the SMA100 upload funtion a ...) + NOT-FOR-US: SonicWall +CVE-2021-20039 (Improper neutralization of special elements in the SMA100 management i ...) + NOT-FOR-US: SonicWall +CVE-2021-20038 (A Stack-based buffer overflow vulnerability in SMA100 Apache httpd ser ...) + NOT-FOR-US: SonicWall +CVE-2021-20037 (SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incor ...) + NOT-FOR-US: SonicWall +CVE-2021-20036 + RESERVED +CVE-2021-20035 (Improper neutralization of special elements in the SMA100 management i ...) + NOT-FOR-US: SonicWall +CVE-2021-20034 (An improper access control vulnerability in SMA100 allows a remote una ...) + NOT-FOR-US: SonicWall +CVE-2021-20033 + RESERVED +CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Proto ...) + NOT-FOR-US: SonicWall +CVE-2021-20031 (A Host Header Redirection vulnerability in SonicOS potentially allows ...) + NOT-FOR-US: SonicWall +CVE-2021-20030 + RESERVED +CVE-2021-20029 + RESERVED +CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Comma ...) + NOT-FOR-US: SonicWall +CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...) + NOT-FOR-US: SonicWall +CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...) + NOT-FOR-US: SonicWall +CVE-2021-20025 (SonicWall Email Security Virtual Appliance version 10.0.9 and earlier ...) + NOT-FOR-US: SonicWall +CVE-2021-20024 (Multiple Out-of-Bound read vulnerability in SonicWall Switch when hand ...) + NOT-FOR-US: SonicWall +CVE-2021-20023 (SonicWall Email Security version 10.0.9.x contains a vulnerability tha ...) + NOT-FOR-US: SonicWall +CVE-2021-20022 (SonicWall Email Security version 10.0.9.x contains a vulnerability tha ...) + NOT-FOR-US: SonicWall +CVE-2021-20021 (A vulnerability in the SonicWall Email Security version 10.0.9.x allow ...) + NOT-FOR-US: SonicWall +CVE-2021-20020 (A command execution vulnerability in SonicWall GMS 9.3 allows a remote ...) + NOT-FOR-US: SonicWall +CVE-2021-20019 (A vulnerability in SonicOS where the HTTP server response leaks partia ...) + NOT-FOR-US: SonicOS +CVE-2021-20018 (A post-authenticated vulnerability in SonicWall SMA100 allows an attac ...) + NOT-FOR-US: SonicWall +CVE-2021-20017 (A post-authenticated command injection vulnerability in SonicWall SMA1 ...) + NOT-FOR-US: SonicWall +CVE-2021-20016 (A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product a ...) + NOT-FOR-US: SonicWall +CVE-2021-20015 + REJECTED +CVE-2021-20014 + REJECTED +CVE-2021-20013 + REJECTED +CVE-2021-20012 + REJECTED +CVE-2021-20011 + REJECTED +CVE-2021-20010 + REJECTED +CVE-2021-20009 + REJECTED +CVE-2021-20008 + REJECTED +CVE-2021-20007 + REJECTED +CVE-2021-20006 + REJECTED +CVE-2021-20005 + REJECTED +CVE-2021-20004 + REJECTED +CVE-2021-20003 + REJECTED +CVE-2021-20002 + REJECTED +CVE-2021-20001 (It was discovered, that debian-edu-config, a set of configuration file ...) + {DSA-5072-1 DLA-2918-1} + - debian-edu-config 2.12.16 + NOTE: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5 +CVE-2021-2485 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2021-2484 (Vulnerability in the Oracle Operations Intelligence product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2483 (Vulnerability in the Oracle Content Manager product of Oracle E-Busine ...) + NOT-FOR-US: Oracle +CVE-2021-2482 (Vulnerability in the Oracle Payables product of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2021-2481 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2480 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) + NOT-FOR-US: Oracle +CVE-2021-2479 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2478 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2477 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2021-2476 (Vulnerability in the Oracle Transportation Management product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2021-2475 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.28-dfsg-1 +CVE-2021-2474 (Vulnerability in the Oracle Web Analytics product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2021-2473 + RESERVED +CVE-2021-2472 + RESERVED +CVE-2021-2471 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) + NOT-FOR-US: Oracle +CVE-2021-2470 + RESERVED +CVE-2021-2469 + RESERVED +CVE-2021-2468 + RESERVED +CVE-2021-2467 + RESERVED +CVE-2021-2466 + RESERVED +CVE-2021-2465 + RESERVED +CVE-2021-2464 (Vulnerability in Oracle Linux (component: OSwatcher). Supported versio ...) + NOT-FOR-US: Oracle Linux +CVE-2021-2463 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) + NOT-FOR-US: Oracle +CVE-2021-2462 (Vulnerability in the Oracle Commerce Service Center product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2461 (Vulnerability in the Oracle Communications Interactive Session Recorde ...) + NOT-FOR-US: Oracle +CVE-2021-2460 (Vulnerability in the Oracle Application Express Data Reporter componen ...) + NOT-FOR-US: Oracle +CVE-2021-2459 + RESERVED +CVE-2021-2458 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) + NOT-FOR-US: Oracle +CVE-2021-2457 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) + NOT-FOR-US: Oracle +CVE-2021-2456 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2021-2455 (Vulnerability in the PeopleSoft Enterprise HCM Shared Components produ ...) + NOT-FOR-US: Oracle +CVE-2021-2454 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.26-dfsg-1 +CVE-2021-2453 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2452 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2451 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2450 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2449 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2448 (Vulnerability in the Oracle Financial Services Crime and Compliance In ...) + NOT-FOR-US: Oracle +CVE-2021-2447 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) + NOT-FOR-US: Oracle +CVE-2021-2446 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) + NOT-FOR-US: Oracle +CVE-2021-2445 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...) + NOT-FOR-US: Oracle +CVE-2021-2444 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2443 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.26-dfsg-1 +CVE-2021-2442 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.26-dfsg-1 +CVE-2021-2441 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2440 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2439 (Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (c ...) + NOT-FOR-US: Oracle +CVE-2021-2438 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) + NOT-FOR-US: Oracle +CVE-2021-2437 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2436 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) + NOT-FOR-US: Oracle +CVE-2021-2435 (Vulnerability in the Essbase Analytic Provider Services product of Ora ...) + NOT-FOR-US: Oracle +CVE-2021-2434 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) + NOT-FOR-US: Oracle +CVE-2021-2433 (Vulnerability in the Essbase Analytic Provider Services product of Ora ...) + NOT-FOR-US: Oracle +CVE-2021-2432 (Vulnerability in the Java SE product of Oracle Java SE (component: JND ...) + - openjdk-11 <not-affected> (Only affects Java 7) + - openjdk-8 <not-affected> (Only affects Java 7) +CVE-2021-2431 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2430 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2429 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2428 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) + NOT-FOR-US: Oracle +CVE-2021-2427 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2426 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2425 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2424 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2423 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2422 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2421 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...) + NOT-FOR-US: Oracle +CVE-2021-2420 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2419 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2418 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2417 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2416 (Vulnerability in the Oracle Communications Session Border Controller p ...) + NOT-FOR-US: Oracle +CVE-2021-2415 (Vulnerability in the Oracle Time and Labor product of Oracle E-Busines ...) + NOT-FOR-US: Oracle +CVE-2021-2414 (Vulnerability in the Oracle Communications Session Border Controller p ...) + NOT-FOR-US: Oracle +CVE-2021-2413 + RESERVED +CVE-2021-2412 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2411 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-cluster <itp> (bug #833356) +CVE-2021-2410 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2409 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.26-dfsg-1 +CVE-2021-2408 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of O ...) + NOT-FOR-US: Oracle +CVE-2021-2407 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-2406 (Vulnerability in the Oracle Collaborative Planning product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2021-2405 (Vulnerability in the Oracle Engineering product of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2021-2404 (Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway produ ...) + NOT-FOR-US: Oracle +CVE-2021-2403 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2402 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2401 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2021-2400 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2021-2399 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2398 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) + NOT-FOR-US: Oracle +CVE-2021-2397 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2396 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2021-2395 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) + NOT-FOR-US: Oracle +CVE-2021-2394 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2393 (Vulnerability in the Oracle E-Records product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2021-2392 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2021-2391 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2021-2390 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> +CVE-2021-2389 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mariadb-10.5 1:10.5.12-1 + [bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1 + - mariadb-10.3 <removed> + [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> + NOTE: Fixed in MariaDB 10.5.12, 10.3.31 +CVE-2021-2388 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-4946-1 DLA-2737-1} + - openjdk-11 11.0.12+7-1 + - openjdk-8 8u302-b08-1 +CVE-2021-2387 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2386 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + NOT-FOR-US: Oracle +CVE-2021-2385 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> +CVE-2021-2384 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2383 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2382 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2381 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2021-2380 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2021-2379 + RESERVED +CVE-2021-2378 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2377 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-2376 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2375 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2374 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2373 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2372 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mariadb-10.5 1:10.5.12-1 + [bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1 + - mariadb-10.3 <removed> + [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> + NOTE: Fixed in MariaDB 10.5.12, 10.3.31 +CVE-2021-2371 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) + NOT-FOR-US: Oracle +CVE-2021-2370 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2369 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-4946-1 DLA-2737-1} + - openjdk-11 11.0.12+7-1 + - openjdk-8 8u302-b08-1 +CVE-2021-2368 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM (componen ...) + NOT-FOR-US: Oracle +CVE-2021-2367 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2366 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + NOT-FOR-US: Oracle +CVE-2021-2365 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) + NOT-FOR-US: Oracle +CVE-2021-2364 (Vulnerability in the Oracle iSupplier Portal product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2021-2363 (Vulnerability in the Oracle Public Sector Financials (International) p ...) + NOT-FOR-US: Oracle +CVE-2021-2362 (Vulnerability in the Oracle Field Service product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2021-2361 (Vulnerability in the Oracle Advanced Inbound Telephony product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-2360 (Vulnerability in the Oracle Approvals Management product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-2359 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2021-2358 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) + NOT-FOR-US: Oracle +CVE-2021-2357 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2356 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> +CVE-2021-2355 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2021-2354 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2353 (Vulnerability in the Siebel Core - Server Framework product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2352 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2351 (Vulnerability in the Advanced Networking Option component of Oracle Da ...) + NOT-FOR-US: Oracle +CVE-2021-2350 (Vulnerability in the Hyperion Essbase Administration Services product ...) + NOT-FOR-US: Oracle +CVE-2021-2349 (Vulnerability in the Hyperion Essbase Administration Services product ...) + NOT-FOR-US: Oracle +CVE-2021-2348 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...) + NOT-FOR-US: Oracle +CVE-2021-2347 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...) + NOT-FOR-US: Oracle +CVE-2021-2346 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...) + NOT-FOR-US: Oracle +CVE-2021-2345 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...) + NOT-FOR-US: Oracle +CVE-2021-2344 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) + NOT-FOR-US: Oracle +CVE-2021-2343 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2021-2342 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> +CVE-2021-2341 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-4946-1 DLA-2737-1} + - openjdk-11 11.0.12+7-1 + - openjdk-8 8u302-b08-1 +CVE-2021-2340 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2339 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> +CVE-2021-2338 (Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel ...) + NOT-FOR-US: Oracle +CVE-2021-2337 (Vulnerability in the Oracle XML DB component of Oracle Database Server ...) + NOT-FOR-US: Oracle +CVE-2021-2336 (Vulnerability in the Oracle Database - Enterprise Edition Data Redacti ...) + NOT-FOR-US: Oracle +CVE-2021-2335 (Vulnerability in the Oracle Database - Enterprise Edition Data Redacti ...) + NOT-FOR-US: Oracle +CVE-2021-2334 (Vulnerability in the Oracle Database - Enterprise Edition Data Redacti ...) + NOT-FOR-US: Oracle +CVE-2021-2333 (Vulnerability in the Oracle XML DB component of Oracle Database Server ...) + NOT-FOR-US: Oracle +CVE-2021-2332 (Vulnerability in the Oracle LogMiner component of Oracle Database Serv ...) + NOT-FOR-US: Oracle +CVE-2021-2331 + RESERVED +CVE-2021-2330 (Vulnerability in the Core RDBMS component of Oracle Database Server. T ...) + NOT-FOR-US: Oracle +CVE-2021-2329 (Vulnerability in the Oracle XML DB component of Oracle Database Server ...) + NOT-FOR-US: Oracle +CVE-2021-2328 (Vulnerability in the Oracle Text component of Oracle Database Server. ...) + NOT-FOR-US: Oracle +CVE-2021-2327 + RESERVED +CVE-2021-2326 (Vulnerability in the Database Vault component of Oracle Database Serve ...) + NOT-FOR-US: Oracle +CVE-2021-2325 + RESERVED +CVE-2021-2324 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-2323 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-2322 (Vulnerability in OpenGrok (component: Web App). Versions that are affe ...) + NOT-FOR-US: OpenGrok +CVE-2021-2321 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2320 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...) + NOT-FOR-US: Oracle +CVE-2021-2319 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...) + NOT-FOR-US: Oracle +CVE-2021-2318 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...) + NOT-FOR-US: Oracle +CVE-2021-2317 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...) + NOT-FOR-US: Oracle +CVE-2021-2316 (Vulnerability in the Oracle HRMS (France) product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2021-2315 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) + NOT-FOR-US: Oracle +CVE-2021-2314 (Vulnerability in the Oracle Application Object Library product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-2313 + RESERVED +CVE-2021-2312 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2311 (Vulnerability in the Oracle Hospitality Inventory Management product o ...) + NOT-FOR-US: Oracle +CVE-2021-2310 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2309 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2308 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2307 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2306 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2305 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2304 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2303 (Vulnerability in the OSS Support Tools product of Oracle Support Tools ...) + NOT-FOR-US: Oracle +CVE-2021-2302 (Vulnerability in the Oracle Platform Security for Java product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-2301 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2300 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2299 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2298 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2297 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2296 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2295 (Vulnerability in the Oracle Concurrent Processing product of Oracle E- ...) + NOT-FOR-US: Oracle +CVE-2021-2294 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2293 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2292 (Vulnerability in the Oracle Document Management and Collaboration prod ...) + NOT-FOR-US: Oracle +CVE-2021-2291 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2290 (Vulnerability in the Oracle Engineering product of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2021-2289 (Vulnerability in the Oracle Product Hub product of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2021-2288 (Vulnerability in the Oracle Bills of Material product of Oracle E-Busi ...) + NOT-FOR-US: Oracle +CVE-2021-2287 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2286 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2285 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2284 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2283 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2282 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2281 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2280 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2279 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2278 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2277 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) + NOT-FOR-US: Oracle +CVE-2021-2276 (Vulnerability in the Oracle iSetup product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2275 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-2274 (Vulnerability in the Oracle E-Business Tax product of Oracle E-Busines ...) + NOT-FOR-US: Oracle +CVE-2021-2273 (Vulnerability in the Oracle Legal Entity Configurator product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2021-2272 (Vulnerability in the Oracle Subledger Accounting product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-2271 (Vulnerability in the Oracle Work in Process product of Oracle E-Busine ...) + NOT-FOR-US: Oracle +CVE-2021-2270 (Vulnerability in the Oracle Site Hub product of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2021-2269 (Vulnerability in the Oracle Advanced Pricing product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2021-2268 (Vulnerability in the Oracle Quoting product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2267 (Vulnerability in the Oracle Labor Distribution product of Oracle E-Bus ...) + NOT-FOR-US: Oracle +CVE-2021-2266 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2265 + RESERVED +CVE-2021-2264 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/1 +CVE-2021-2263 (Vulnerability in the Oracle Sourcing product of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2021-2262 (Vulnerability in the Oracle Purchasing product of Oracle E-Business Su ...) + NOT-FOR-US: Oracle +CVE-2021-2261 (Vulnerability in the Oracle Lease and Finance Management product of Or ...) + NOT-FOR-US: Oracle +CVE-2021-2260 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) + NOT-FOR-US: Oracle +CVE-2021-2259 (Vulnerability in the Oracle Payables product of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2021-2258 (Vulnerability in the Oracle Projects product of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2021-2257 (Vulnerability in the Oracle Storage Cloud Software Appliance product o ...) + NOT-FOR-US: Oracle +CVE-2021-2256 (Vulnerability in the Oracle Storage Cloud Software Appliance product o ...) + NOT-FOR-US: Oracle +CVE-2021-2255 (Vulnerability in the Oracle Service Contracts product of Oracle E-Busi ...) + NOT-FOR-US: Oracle +CVE-2021-2254 (Vulnerability in the Oracle Project Contracts product of Oracle E-Busi ...) + NOT-FOR-US: Oracle +CVE-2021-2253 (Vulnerability in the Oracle Advanced Supply Chain Planning product of ...) + NOT-FOR-US: Oracle +CVE-2021-2252 (Vulnerability in the Oracle Loans product of Oracle E-Business Suite ( ...) + NOT-FOR-US: Oracle +CVE-2021-2251 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2250 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2249 (Vulnerability in the Oracle Landed Cost Management product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2021-2248 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) + NOT-FOR-US: Oracle +CVE-2021-2247 (Vulnerability in the Oracle Advanced Collections product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-2246 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-2245 (Vulnerability in the Oracle Database - Enterprise Edition Unified Audi ...) + NOT-FOR-US: Oracle +CVE-2021-2244 (Vulnerability in the Hyperion Analytic Provider Services product of Or ...) + NOT-FOR-US: Oracle +CVE-2021-2243 + RESERVED +CVE-2021-2242 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2241 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2240 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2239 (Vulnerability in the Oracle Time and Labor product of Oracle E-Busines ...) + NOT-FOR-US: Oracle +CVE-2021-2238 (Vulnerability in the Oracle MES for Process Manufacturing product of O ...) + NOT-FOR-US: Oracle +CVE-2021-2237 (Vulnerability in the Oracle General Ledger product of Oracle E-Busines ...) + NOT-FOR-US: Oracle +CVE-2021-2236 (Vulnerability in the Oracle Financials Common Modules product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2021-2235 (Vulnerability in the Oracle Transportation Execution product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2234 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) + NOT-FOR-US: Oracle +CVE-2021-2233 (Vulnerability in the Oracle Enterprise Asset Management product of Ora ...) + NOT-FOR-US: Oracle +CVE-2021-2232 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2231 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) + NOT-FOR-US: Oracle +CVE-2021-2230 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2229 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2021-2228 (Vulnerability in the Oracle Incentive Compensation product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2021-2227 (Vulnerability in the Oracle Cash Management product of Oracle E-Busine ...) + NOT-FOR-US: Oracle +CVE-2021-2226 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2225 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2224 (Vulnerability in the Oracle Compensation Workbench product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2021-2223 (Vulnerability in the Oracle Receivables product of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2021-2222 (Vulnerability in the Oracle Bill Presentment Architecture product of O ...) + NOT-FOR-US: Oracle +CVE-2021-2221 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) + NOT-FOR-US: Oracle +CVE-2021-2220 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of ...) + NOT-FOR-US: Oracle +CVE-2021-2219 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-2218 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of O ...) + NOT-FOR-US: Oracle +CVE-2021-2217 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2216 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-2215 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2214 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2213 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2212 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2211 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2210 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2021-2209 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2021-2208 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2207 (Vulnerability in the Oracle Database - Enterprise Edition component of ...) + NOT-FOR-US: Oracle +CVE-2021-2206 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2021-2205 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2021-2204 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2203 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2202 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2201 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2200 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2021-2199 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2198 (Vulnerability in the Oracle Knowledge Management product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-2197 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2196 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2195 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...) + NOT-FOR-US: Oracle +CVE-2021-2194 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mariadb-10.5 1:10.5.8-1 + - mariadb-10.3 <removed> + [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> (bug #987325) + NOTE: Fixed in MariaDB 10.5.7, 10.4.16, 10.3.26, 10.2.35 +CVE-2021-2193 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2192 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2021-2191 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2021-2190 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2021-2189 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2021-2188 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2187 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2186 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2185 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2184 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2183 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2182 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2181 (Vulnerability in the Oracle Document Management and Collaboration prod ...) + NOT-FOR-US: Oracle +CVE-2021-2180 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2179 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2178 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2177 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) + NOT-FOR-US: Oracle +CVE-2021-2176 + RESERVED +CVE-2021-2175 (Vulnerability in the Database Vault component of Oracle Database Serve ...) + NOT-FOR-US: Oracle +CVE-2021-2174 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2173 (Vulnerability in the Recovery component of Oracle Database Server. Sup ...) + NOT-FOR-US: Oracle +CVE-2021-2172 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2171 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2170 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2169 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2168 + RESERVED +CVE-2021-2167 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2021-2166 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mariadb-10.5 1:10.5.10-1 (bug #988428) + - mariadb-10.3 <removed> + [buster] - mariadb-10.3 1:10.3.29-0+deb10u1 + - mysql-8.0 <unfixed> (bug #987325) + - mysql-5.7 <removed> + NOTE: Fixed in MariaDB 10.5.10, 10.4.19, 10.3.29, 10.2.38 +CVE-2021-2165 + RESERVED +CVE-2021-2164 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2163 (Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr ...) + {DSA-4899-1 DLA-2634-1} + - openjdk-17 17~19-1 + - openjdk-11 11.0.11+9-1 + - openjdk-8 8u292-b10-1 + NOTE: OpenJDK-11: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c82c3d65c256 + NOTE: OpenJDK-8: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/412d2b1381a4 +CVE-2021-2162 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2161 (Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr ...) + - openjdk-17 <not-affected> (Windows-specific) + - openjdk-11 <not-affected> (Windows-specific) + - openjdk-8 <not-affected> (Windows-specific) +CVE-2021-2160 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> + - mysql-8.0 <unfixed> (bug #987325) +CVE-2021-2159 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...) + NOT-FOR-US: Oracle +CVE-2021-2158 (Vulnerability in the Hyperion Financial Management product of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2021-2157 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2156 (Vulnerability in the Oracle Customers Online product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2021-2155 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2021-2154 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mariadb-10.5 1:10.5.10-1 (bug #988428) + - mariadb-10.3 <removed> + [buster] - mariadb-10.3 1:10.3.29-0+deb10u1 + - mysql-5.7 <removed> + NOTE: Fixed in MariaDB 10.5.10, 10.4.19, 10.3.29, 10.2.38 +CVE-2021-2153 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...) + NOT-FOR-US: Oracle +CVE-2021-2152 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2021-2151 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-2150 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2149 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2021-2148 + RESERVED +CVE-2021-2147 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2021-2146 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) + - mysql-5.7 <removed> +CVE-2021-2145 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.20-dfsg-1 +CVE-2021-2144 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <unfixed> (bug #987325) + - mysql-5.7 <removed> +CVE-2021-2143 + RESERVED +CVE-2021-2142 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2141 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2140 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2021-2139 + RESERVED +CVE-2021-2138 (Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook ...) + NOT-FOR-US: Oracle +CVE-2021-2137 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2021-2136 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2135 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2134 (Vulnerability in the Enterprise Manager for Fusion Middleware product ...) + NOT-FOR-US: Oracle +CVE-2021-2133 + RESERVED +CVE-2021-2132 + RESERVED +CVE-2021-2131 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2130 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2129 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2128 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2127 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2126 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2125 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2124 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2123 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2122 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2121 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2120 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2119 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2118 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2021-2117 (Vulnerability in the Oracle Application Express Survey Builder compone ...) + NOT-FOR-US: Oracle +CVE-2021-2116 (Vulnerability in the Oracle Application Express Opportunity Tracker co ...) + NOT-FOR-US: Oracle +CVE-2021-2115 (Vulnerability in the Oracle Common Applications Calendar product of Or ...) + NOT-FOR-US: Oracle +CVE-2021-2114 (Vulnerability in the Oracle Common Applications Calendar product of Or ...) + NOT-FOR-US: Oracle +CVE-2021-2113 (Vulnerability in the Oracle Financial Services Revenue Management and ...) + NOT-FOR-US: Oracle +CVE-2021-2112 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2111 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2110 (Vulnerability in the Oracle Argus Safety product of Oracle Health Scie ...) + NOT-FOR-US: Oracle +CVE-2021-2109 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2108 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2107 (Vulnerability in the Oracle Customer Interaction History product of Or ...) + NOT-FOR-US: Oracle +CVE-2021-2106 (Vulnerability in the Oracle Customer Interaction History product of Or ...) + NOT-FOR-US: Oracle +CVE-2021-2105 (Vulnerability in the Oracle Customer Interaction History product of Or ...) + NOT-FOR-US: Oracle +CVE-2021-2104 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + NOT-FOR-US: Oracle +CVE-2021-2103 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + NOT-FOR-US: Oracle +CVE-2021-2102 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...) + NOT-FOR-US: Oracle +CVE-2021-2101 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2021-2100 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2021-2099 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2098 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2021-2097 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2021-2096 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2095 + RESERVED +CVE-2021-2094 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2021-2093 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) + NOT-FOR-US: Oracle +CVE-2021-2092 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2091 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2021-2090 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2021-2089 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2088 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2087 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2086 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2085 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2084 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2083 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2021-2082 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2081 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2080 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) + NOT-FOR-US: Oracle +CVE-2021-2079 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) + NOT-FOR-US: Oracle +CVE-2021-2078 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) + NOT-FOR-US: Oracle +CVE-2021-2077 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2076 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2075 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2074 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2073 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.18-dfsg-1 +CVE-2021-2072 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2071 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-2070 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2069 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2068 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2067 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2066 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-2065 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2064 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2063 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-2062 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2021-2061 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2060 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) + - mysql-5.7 <removed> (bug #981194) +CVE-2021-2059 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2021-2058 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2057 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) + NOT-FOR-US: Oracle +CVE-2021-2056 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2055 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 +CVE-2021-2054 (Vulnerability in the RDBMS Sharding component of Oracle Database Serve ...) + NOT-FOR-US: Oracle +CVE-2021-2053 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2021-2052 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...) + NOT-FOR-US: Oracle +CVE-2021-2051 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2021-2050 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2021-2049 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2021-2048 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2047 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2046 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2045 (Vulnerability in the Oracle Text component of Oracle Database Server. ...) + NOT-FOR-US: Oracle +CVE-2021-2044 (Vulnerability in the PeopleSoft Enterprise FIN Payables product of Ora ...) + NOT-FOR-US: Oracle +CVE-2021-2043 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-2042 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 +CVE-2021-2041 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2021-2040 (Vulnerability in the Oracle Argus Safety product of Oracle Health Scie ...) + NOT-FOR-US: Oracle +CVE-2021-2039 (Vulnerability in the Siebel Core - Server Framework product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-2038 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2037 + RESERVED +CVE-2021-2036 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2035 (Vulnerability in the RDBMS Scheduler component of Oracle Database Serv ...) + NOT-FOR-US: Oracle +CVE-2021-2034 (Vulnerability in the Oracle Common Applications Calendar product of Or ...) + NOT-FOR-US: Oracle +CVE-2021-2033 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-2032 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) + - mysql-5.7 <removed> (bug #981194) +CVE-2021-2031 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2030 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 +CVE-2021-2029 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2021-2028 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 +CVE-2021-2027 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2021-2026 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2021-2025 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2021-2024 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2023 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) + NOT-FOR-US: Oracle +CVE-2021-2022 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mariadb-10.5 1:10.5.5-1 + - mariadb-10.3 1:10.3.24-1 + [buster] - mariadb-10.3 1:10.3.25-0+deb10u1 + - mariadb-10.1 <removed> + [stretch] - mariadb-10.1 10.1.47-0+deb9u1 + - mysql-8.0 8.0.23-1 (bug #980795) + - mysql-5.7 <removed> (bug #981194) + NOTE: Fixed in MariaDB 10.5.5, 10.4.14, 10.3.24, 10.2.33, 10.1.46 +CVE-2021-2021 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2020 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.21-1 +CVE-2021-2019 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <not-affected> (Fixed before initial upload) +CVE-2021-2018 (Vulnerability in the Advanced Networking Option component of Oracle Da ...) + NOT-FOR-US: Oracle +CVE-2021-2017 (Vulnerability in the Oracle User Management product of Oracle E-Busine ...) + NOT-FOR-US: Oracle +CVE-2021-2016 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <not-affected> (Fixed before initial upload) +CVE-2021-2015 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2021-2014 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 <removed> (bug #981194) +CVE-2021-2013 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2021-2012 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.21-1 +CVE-2021-2011 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) + - mysql-5.7 <removed> (bug #981194) +CVE-2021-2010 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) + - mysql-5.7 <removed> (bug #981194) +CVE-2021-2009 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <not-affected> (Fixed before initial upload) +CVE-2021-2008 (Vulnerability in the Enterprise Manager for Fusion Middleware product ...) + NOT-FOR-US: Oracle +CVE-2021-2007 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) + - mysql-8.0 <not-affected> (Fixed before initial upload) + - mysql-5.7 <removed> (bug #981194) +CVE-2021-2006 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.21-1 +CVE-2021-2005 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2021-2004 (Vulnerability in the Siebel Core - Server BizLogic Script product of O ...) + NOT-FOR-US: Oracle +CVE-2021-2003 (Vulnerability in the Business Intelligence Enterprise Edition product ...) + NOT-FOR-US: Oracle +CVE-2021-2002 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-2001 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 <not-affected> (Fixed before initial upload) + - mysql-5.7 <removed> (bug #981194) +CVE-2021-2000 (Vulnerability in the Unified Audit component of Oracle Database Server ...) + NOT-FOR-US: Oracle +CVE-2021-1999 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2021-1998 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.23-1 (bug #980795) +CVE-2021-1997 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) + NOT-FOR-US: Oracle +CVE-2021-1996 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-1995 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-1994 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-1993 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) + NOT-FOR-US: Oracle +CVE-2021-1992 + RESERVED +CVE-2021-1991 + RESERVED +CVE-2021-1990 + RESERVED +CVE-2021-1989 + RESERVED +CVE-2021-1988 + RESERVED +CVE-2021-1987 + RESERVED +CVE-2021-1986 + RESERVED +CVE-2021-1985 (Possible buffer over read due to lack of data length check in QVR Serv ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1984 (Possible buffer overflow due to improper validation of index value whi ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1983 (Possible buffer overflow due to improper handling of negative data len ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1982 (Possible denial of service scenario due to improper input validation o ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1981 (Possible buffer over read due to improper IE size check of Bearer capa ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1980 (Possible buffer over read due to lack of length check while parsing be ...) + NOT-FOR-US: Snapdragon +CVE-2021-1979 (Possible buffer overflow due to improper validation of FTM command pay ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1978 + RESERVED + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1977 (Possible buffer over read due to improper validation of frame length w ...) + NOT-FOR-US: Snapdragon +CVE-2021-1976 (A use after free can occur due to improper validation of P2P device ad ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1975 (Possible heap overflow due to improper length check of domain while pa ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1974 (Possible buffer over read due to lack of alignment between map or unma ...) + NOT-FOR-US: Snapdragon +CVE-2021-1973 (A FTM Diag command can allow an arbitrary write into modem OS space in ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1972 (Possible buffer overflow due to improper validation of device types du ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1971 (Possible assertion due to lack of physical layer state validation in S ...) + NOT-FOR-US: Snapdragon +CVE-2021-1970 (Possible out of bound read due to lack of length check of FT sub-eleme ...) + NOT-FOR-US: Snapdragon +CVE-2021-1969 (Improper validation of kernel buffer address while copying information ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1968 (Improper validation of kernel buffer address while copying information ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1967 (Possible stack buffer overflow due to lack of check on the maximum num ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1966 (Possible buffer overflow due to lack of length check of source and des ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1965 (Possible buffer overflow due to lack of parameter length check during ...) + NOT-FOR-US: Snapdragon +CVE-2021-1964 (Possible buffer over read due to improper validation of IE size while ...) + NOT-FOR-US: Snapdragon +CVE-2021-1963 (Possible use-after-free due to lack of validation for the rule count i ...) + NOT-FOR-US: Snapdragon +CVE-2021-1962 (Buffer Overflow while processing IOCTL for getting peripheral endpoint ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1961 (Possible buffer overflow due to lack of offset length check while upda ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1960 (Improper handling of ASB-C broadcast packets with crafted opcode in LM ...) + NOT-FOR-US: Snapdragon +CVE-2021-1959 (Possible memory corruption due to lack of bound check of input index i ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1958 (A race condition in fastrpc kernel driver for dynamic process creation ...) + NOT-FOR-US: Snapdragon +CVE-2021-1957 (Improper Access Control when ACL link encryption is failed and ACL lin ...) + NOT-FOR-US: Snapdragon +CVE-2021-1956 (Improper handling of ASB-U packet with L2CAP channel ID by slave host ...) + NOT-FOR-US: Snapdragon +CVE-2021-1955 (Denial of service in SAP case due to improper handling of connections ...) + NOT-FOR-US: SAP +CVE-2021-1954 (Possible buffer over read due to improper validation of data pointer w ...) + NOT-FOR-US: Snapdragon +CVE-2021-1953 (Improper handling of received malformed FTMR request frame can lead to ...) + NOT-FOR-US: Snapdragon +CVE-2021-1952 (Possible buffer over read occurs due to lack of length check of reques ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1951 + RESERVED +CVE-2021-1950 + RESERVED +CVE-2021-1949 (Possible integer overflow due to improper check of batch count value w ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1948 (Possible out of bound read due to lack of length check of data while p ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1947 (Use-after-free vulnerability in kernel graphics driver because of stor ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1946 (Null Pointer Dereference may occur due to improper validation while pr ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1945 (Possible out of bound read due to lack of length check of Bandwidth-NS ...) + NOT-FOR-US: Snapdragon +CVE-2021-1944 + RESERVED +CVE-2021-1943 (Possible buffer out of bound read can occur due to improper validation ...) + NOT-FOR-US: Snapdragon +CVE-2021-1942 + RESERVED +CVE-2021-1941 (Possible buffer over read issue due to improper length check on WPA IE ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1940 (Use after free can occur due to improper handling of response from fir ...) + NOT-FOR-US: Snapdragon +CVE-2021-1939 (Null pointer dereference occurs due to improper validation when the pr ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1938 (Possible assertion due to improper verification while creating and del ...) + NOT-FOR-US: Snapdragon +CVE-2021-1937 (Reachable assertion is possible while processing peer association WLAN ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1936 (Null pointer dereference can occur due to lack of null check for user ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1935 (Possible null pointer dereference due to lack of validation check for ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1934 (Possible memory corruption due to improper check when application load ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1933 (UE assertion is possible due to improper validation of invite message ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1932 (Improper access control in trusted application environment can cause u ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1931 (Possible buffer overflow due to improper validation of buffer length w ...) + NOT-FOR-US: Snapdragon +CVE-2021-1930 (Possible out of bounds read due to incorrect validation of incoming bu ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1929 (Lack of strict validation of bootmode can lead to information disclosu ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1928 (Buffer over read could occur due to incorrect check of buffer size whi ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1927 (Possible use after free due to lack of null check while memory is bein ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1926 + RESERVED +CVE-2021-1925 (Possible denial of service scenario due to improper handling of group ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1924 (Information disclosure through timing and power side-channels during m ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1923 (Incorrect pointer argument passed to trusted application TA could resu ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1922 + RESERVED +CVE-2021-1921 (Possible memory corruption due to Improper handling of hypervisor unma ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1920 (Integer underflow can occur due to improper handling of incoming RTCP ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1919 (Integer underflow can occur when the RTCP length is lesser than than t ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1918 (Improper handling of resource allocation in virtual machines can lead ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1917 (Null pointer dereference can occur due to memory allocation failure in ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1916 (Possible buffer underflow due to lack of check for negative indices va ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1915 (Buffer overflow can occur due to improper validation of NDP applicatio ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1914 (Loop with unreachable exit condition may occur due to improper handlin ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1913 (Possible integer overflow due to improper length check while updating ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1912 (Possible integer overflow can occur due to improper length check while ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1911 + RESERVED +CVE-2021-1910 (Double free in video due to lack of input buffer length check in Snapd ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1909 (Buffer overflow occurs in trusted applications due to lack of length c ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1908 + RESERVED +CVE-2021-1907 (Possible buffer overflow due to lack of length check in BA request in ...) + NOT-FOR-US: Snapdragon +CVE-2021-1906 (Improper handling of address deregistration on failure can lead to new ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1905 (Possible use after free due to improper handling of memory mapping of ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1904 (Child process can leak information from parent process due to numeric ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1903 (Possible denial of service scenario can occur due to lack of length ch ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1902 + RESERVED +CVE-2021-1901 (Possible buffer over-read due to lack of length check while flashing m ...) + NOT-FOR-US: Snapdragon +CVE-2021-1900 (Possible use after free in Display due to race condition while creatin ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1899 (Possible buffer over read due to lack of length check while flashing m ...) + NOT-FOR-US: Snapdragon +CVE-2021-1898 (Possible buffer over-read due to incorrect overflow check when loading ...) + NOT-FOR-US: Snapdragon +CVE-2021-1897 (Possible Buffer Over-read due to lack of validation of boundary checks ...) + NOT-FOR-US: Snapdragon +CVE-2021-1896 (Weak configuration in WLAN could cause forwarding of unencrypted packe ...) + NOT-FOR-US: Snapdragon +CVE-2021-1895 (Possible integer overflow due to improper length check while flashing ...) + NOT-FOR-US: Snapdragon +CVE-2021-1894 (Improper access control in TrustZone due to improper error handling wh ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1893 + RESERVED +CVE-2021-1892 (Memory corruption due to improper input validation while processing IO ...) + NOT-FOR-US: Snapdragon +CVE-2021-1891 (A possible use-after-free occurrence in audio driver can happen when p ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-1890 (Improper length check of public exponent in RSA import key function co ...) + NOT-FOR-US: Snapdragon +CVE-2021-1889 (Possible buffer overflow due to lack of length check in Trusted Applic ...) + NOT-FOR-US: Snapdragon +CVE-2021-1888 (Memory corruption in key parsing and import function due to double fre ...) + NOT-FOR-US: Snapdragon +CVE-2021-1887 (An assertion can be reached in the WLAN subsystem while using the Wi-F ...) + NOT-FOR-US: Snapdragon +CVE-2021-1886 (Incorrect handling of pointers in trusted application key import mecha ...) + NOT-FOR-US: Snapdragon +CVE-2021-1885 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1884 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-1883 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1882 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2021-1881 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-1880 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1879 (This issue was addressed by improved management of object lifetimes. T ...) + NOT-FOR-US: Apple +CVE-2021-1878 (An integer overflow was addressed with improved input validation. This ...) + NOT-FOR-US: Apple +CVE-2021-1877 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-1876 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-1875 (A double free issue was addressed with improved memory management. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1874 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1873 (An API issue in Accessibility TCC permissions was addressed with impro ...) + NOT-FOR-US: Apple +CVE-2021-1872 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1871 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-4923-1} + - webkit2gtk 2.32.0-2 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.0-2 + NOTE: https://webkitgtk.org/security/WSA-2021-0003.html +CVE-2021-1870 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-4877-1} + - webkit2gtk 2.30.6-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.6-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0002.html +CVE-2021-1869 + RESERVED +CVE-2021-1868 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1867 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-1866 + RESERVED +CVE-2021-1865 (An issue obscuring passwords in screenshots was addressed with improve ...) + NOT-FOR-US: Apple +CVE-2021-1864 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-1863 (An issue existed with authenticating the action triggered by an NFC ta ...) + NOT-FOR-US: Apple +CVE-2021-1862 (Description: A person with physical access may be able to access conta ...) + NOT-FOR-US: Apple +CVE-2021-1861 (An issue existed in determining cache occupancy. The issue was address ...) + NOT-FOR-US: Apple +CVE-2021-1860 (A memory initialization issue was addressed with improved memory handl ...) + NOT-FOR-US: Apple +CVE-2021-1859 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1858 (Processing a maliciously crafted image may lead to arbitrary code exec ...) + NOT-FOR-US: Apple +CVE-2021-1857 (A memory initialization issue was addressed with improved memory handl ...) + NOT-FOR-US: Apple +CVE-2021-1856 + RESERVED +CVE-2021-1855 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1854 (A call termination issue with was addressed with improved logic. This ...) + NOT-FOR-US: Apple +CVE-2021-1853 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1852 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-1851 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1850 + RESERVED +CVE-2021-1849 (An issue in code signature validation was addressed with improved chec ...) + NOT-FOR-US: Apple +CVE-2021-1848 (The issue was addressed with improved UI handling. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2021-1847 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2021-1846 (Processing a maliciously crafted audio file may disclose restricted me ...) + NOT-FOR-US: Apple +CVE-2021-1845 + RESERVED +CVE-2021-1844 (A memory corruption issue was addressed with improved validation. This ...) + {DSA-4923-1} + - webkit2gtk 2.32.0-2 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.0-2 + NOTE: https://webkitgtk.org/security/WSA-2021-0003.html +CVE-2021-1843 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1842 + RESERVED +CVE-2021-1841 (A malicious application may be able to execute arbitrary code with ker ...) + NOT-FOR-US: Apple +CVE-2021-1840 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2021-1839 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-1838 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1837 (A certificate validation issue was addressed. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2021-1836 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-1835 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1834 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-1833 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1832 (Copied files may not have the expected file permissions. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-1831 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-1830 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-1829 (A type confusion issue was addressed with improved state handling. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1828 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2021-1827 + RESERVED +CVE-2021-1826 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-4797-1} + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-1825 (An input validation issue was addressed with improved input validation ...) + {DSA-4797-1} + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-1824 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2021-1823 + RESERVED +CVE-2021-1822 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-1821 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1820 (A memory initialization issue was addressed with improved memory handl ...) + {DSA-4797-1} + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-1819 + RESERVED +CVE-2021-1818 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1817 (A memory corruption issue was addressed with improved state management ...) + {DSA-4797-1} + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-1816 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2021-1815 (A parsing issue in the handling of directory paths was addressed with ...) + NOT-FOR-US: Apple +CVE-2021-1814 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1813 (A validation issue was addressed with improved logic. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-1812 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-1811 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1810 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1809 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2021-1808 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2021-1807 (A validation issue was addressed with improved input sanitization. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1806 (A race condition was addressed with additional validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1805 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-1804 + RESERVED +CVE-2021-1803 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-1802 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1801 (This issue was addressed with improved iframe sandbox enforcement. Thi ...) + {DSA-4877-1} + - webkit2gtk 2.30.6-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.6-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0002.html +CVE-2021-1800 (A path handling issue was addressed with improved validation. This iss ...) + NOT-FOR-US: Apple +CVE-2021-1799 (A port redirection issue was addressed with additional port validation ...) + {DSA-4877-1} + - webkit2gtk 2.30.6-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.6-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0002.html +CVE-2021-1798 + RESERVED +CVE-2021-1797 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-1796 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-1795 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-1794 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-1793 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1792 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1791 (An out-of-bounds read issue existed that led to the disclosure of kern ...) + NOT-FOR-US: Apple +CVE-2021-1790 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-1789 (A type confusion issue was addressed with improved state handling. Thi ...) + {DSA-4877-1} + - webkit2gtk 2.30.6-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.6-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0002.html +CVE-2021-1788 (A use after free issue was addressed with improved memory management. ...) + {DSA-4923-1} + - webkit2gtk 2.32.0-2 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.0-2 + NOTE: https://webkitgtk.org/security/WSA-2021-0003.html +CVE-2021-1787 (Multiple issues were addressed with improved logic. This issue is fixe ...) + NOT-FOR-US: Apple +CVE-2021-1786 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1785 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-1784 (A permissions issue existed in DiskArbitration. This was addressed wit ...) + NOT-FOR-US: Apple +CVE-2021-1783 (An access issue was addressed with improved memory management. This is ...) + NOT-FOR-US: Apple +CVE-2021-1782 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-1781 (A privacy issue existed in the handling of Contact cards. This was add ...) + NOT-FOR-US: Apple +CVE-2021-1780 (A memory initialization issue was addressed with improved memory handl ...) + NOT-FOR-US: Apple +CVE-2021-1779 (A logic error in kext loading was addressed with improved state handli ...) + NOT-FOR-US: Apple +CVE-2021-1778 (An out-of-bounds read issue existed in the curl. This issue was addres ...) + NOT-FOR-US: Apple +CVE-2021-1777 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1776 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-1775 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2021-1774 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1773 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1772 (A stack overflow was addressed with improved input validation. This is ...) + NOT-FOR-US: Apple +CVE-2021-1771 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1770 (A buffer overflow may result in arbitrary code execution. This issue i ...) + NOT-FOR-US: Apple +CVE-2021-1769 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-1768 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1767 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1766 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1765 (This issue was addressed with improved iframe sandbox enforcement. Thi ...) + {DSA-4877-1} + - webkit2gtk 2.30.6-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.6-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0002.html +CVE-2021-1764 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-1763 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2021-1762 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-1761 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1760 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-1759 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-1758 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1757 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1756 (A lock screen issue allowed access to contacts on a locked device. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1755 (A lock screen issue allowed access to contacts on a locked device. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1754 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1753 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1752 + RESERVED +CVE-2021-1751 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-1750 (Multiple issues were addressed with improved logic. This issue is fixe ...) + NOT-FOR-US: Apple +CVE-2021-1749 + RESERVED +CVE-2021-1748 (A validation issue was addressed with improved input sanitization. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1747 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-1746 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1745 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-1744 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-1743 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1742 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-1741 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-1740 (A parsing issue in the handling of directory paths was addressed with ...) + NOT-FOR-US: Apple +CVE-2021-1739 (A parsing issue in the handling of directory paths was addressed with ...) + NOT-FOR-US: Apple +CVE-2021-1738 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-1737 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-1736 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-1735 + RESERVED +CVE-2021-1734 (Windows Remote Procedure Call Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1733 (Sysinternals PsExec Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1732 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-1731 (PFX Encryption Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1730 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-1729 (Windows Update Stack Setup Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1728 (System Center Operations Manager Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1727 (Windows Installer Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1726 (Microsoft SharePoint Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1725 (Bot Framework SDK Information Disclosure Vulnerability ...) + NOT-FOR-US: Bot Framework SDK +CVE-2021-1724 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1723 (ASP.NET Core and Visual Studio Denial of Service Vulnerability ...) + NOT-FOR-US: ASP.NET Core and Visual Studio +CVE-2021-1722 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-1721 (.NET Core and Visual Studio Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft .NET +CVE-2021-1720 + RESERVED +CVE-2021-1719 (Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-1718 (Microsoft SharePoint Server Tampering Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1717 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-1716 (Microsoft Word Remote Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-1715 (Microsoft Word Remote Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-1714 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-1713 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-1712 (Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-1711 (Microsoft Office Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1710 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1709 (Windows Win32k Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1708 (Windows GDI+ Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1707 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1706 (Windows LUAFV Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1705 (Microsoft Edge (HTML-based) Memory Corruption Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1704 (Windows Hyper-V Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1703 (Windows Event Logging Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1702 (Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-1701 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-1700 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-1699 (Windows (modem.sys) Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1698 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-1697 (Windows InstallService Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1696 (Windows Graphics Component Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1695 (Windows Print Spooler Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1694 (Windows Update Stack Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1693 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) + NOT-FOR-US: Microsoft +CVE-2021-1692 (Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-1691 (Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-1690 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-1689 (Windows Multipoint Management Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1688 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) + NOT-FOR-US: Microsoft +CVE-2021-1687 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-1686 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-1685 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-1684 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-1683 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-1682 (Windows Kernel Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1681 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-1680 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-1679 (Windows CryptoAPI Denial of Service Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1678 (NTLM Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1677 (Azure Active Directory Pod Identity Spoofing Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1676 (Windows NT Lan Manager Datagram Receiver Driver Information Disclosure ...) + NOT-FOR-US: Microsoft +CVE-2021-1675 (Windows Print Spooler Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1674 (Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-1673 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-1672 (Windows Projected File System FS Filter Driver Information Disclosure ...) + NOT-FOR-US: Microsoft +CVE-2021-1671 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-1670 (Windows Projected File System FS Filter Driver Information Disclosure ...) + NOT-FOR-US: Microsoft +CVE-2021-1669 (Windows Remote Desktop Security Feature Bypass Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1668 (Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1667 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-1666 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-1665 (GDI+ Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1664 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-1663 (Windows Projected File System FS Filter Driver Information Disclosure ...) + NOT-FOR-US: Microsoft +CVE-2021-1662 (Windows Event Tracing Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1661 (Windows Installer Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1660 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-1659 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) + NOT-FOR-US: Microsoft +CVE-2021-1658 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-1657 (Windows Fax Compose Form Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1656 (TPM Device Driver Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1655 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) + NOT-FOR-US: Microsoft +CVE-2021-1654 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) + NOT-FOR-US: Microsoft +CVE-2021-1653 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) + NOT-FOR-US: Microsoft +CVE-2021-1652 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...) + NOT-FOR-US: Microsoft +CVE-2021-1651 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-1650 (Windows Runtime C++ Template Library Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2021-1649 (Active Template Library Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1648 (Microsoft splwow64 Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1647 (Microsoft Defender Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1646 (Windows WLAN Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1645 (Windows Docker Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1644 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-1643 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-1642 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-1641 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-1640 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-1639 (Visual Studio Code Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1638 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-1637 (Windows DNS Query Information Disclosure Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1636 (Microsoft SQL Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-1635 + RESERVED +CVE-2021-1634 + RESERVED +CVE-2021-1633 + RESERVED +CVE-2021-1632 + RESERVED +CVE-2021-1631 + RESERVED +CVE-2021-1630 (XML external entity (XXE) vulnerability affecting certain versions of ...) + NOT-FOR-US: Salesforce +CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded in ema ...) + NOT-FOR-US: Tableau Server +CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability affecti ...) + NOT-FOR-US: Tableau Server +CVE-2021-1627 (MuleSoft is aware of a Server Side Request Forgery vulnerability affec ...) + NOT-FOR-US: MuleSoft +CVE-2021-1626 (MuleSoft is aware of a Remote Code Execution vulnerability affecting c ...) + NOT-FOR-US: MuleSoft +CVE-2021-1625 (A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS ...) + NOT-FOR-US: Cisco +CVE-2021-1624 (A vulnerability in the Rate Limiting Network Address Translation (NAT) ...) + NOT-FOR-US: Cisco +CVE-2021-1623 (A vulnerability in the Simple Network Management Protocol (SNMP) punt ...) + NOT-FOR-US: Cisco +CVE-2021-1622 (A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS ...) + NOT-FOR-US: Cisco +CVE-2021-1621 (A vulnerability in the Layer 2 punt code of Cisco IOS XE Software coul ...) + NOT-FOR-US: Cisco +CVE-2021-1620 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support ...) + NOT-FOR-US: Cisco +CVE-2021-1619 (A vulnerability in the authentication, authorization, and accounting ( ...) + NOT-FOR-US: Cisco +CVE-2021-1618 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1617 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1616 (A vulnerability in the H.323 application level gateway (ALG) used by t ...) + NOT-FOR-US: Cisco +CVE-2021-1615 (A vulnerability in the packet processing functionality of Cisco Embedd ...) + NOT-FOR-US: Cisco +CVE-2021-1614 (A vulnerability in the Multiprotocol Label Switching (MPLS) packet han ...) + NOT-FOR-US: Cisco +CVE-2021-1613 + RESERVED +CVE-2021-1612 (A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-1611 (A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1610 (Multiple vulnerabilities in the web-based management interface of the ...) + NOT-FOR-US: Cisco +CVE-2021-1609 (Multiple vulnerabilities in the web-based management interface of the ...) + NOT-FOR-US: Cisco +CVE-2021-1608 + RESERVED +CVE-2021-1607 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1606 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1605 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1604 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1603 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1602 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2021-1601 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance could a ...) + NOT-FOR-US: Cisco +CVE-2021-1600 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance could a ...) + NOT-FOR-US: Cisco +CVE-2021-1599 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2021-1598 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...) + NOT-FOR-US: Cisco +CVE-2021-1597 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...) + NOT-FOR-US: Cisco +CVE-2021-1596 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...) + NOT-FOR-US: Cisco +CVE-2021-1595 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...) + NOT-FOR-US: Cisco +CVE-2021-1594 (A vulnerability in the REST API of Cisco Identity Services Engine (ISE ...) + NOT-FOR-US: Cisco +CVE-2021-1593 (A vulnerability in Cisco Packet Tracer for Windows could allow an auth ...) + NOT-FOR-US: Cisco +CVE-2021-1592 (A vulnerability in the way Cisco UCS Manager software handles SSH sess ...) + NOT-FOR-US: Cisco +CVE-2021-1591 (A vulnerability in the EtherChannel port subscription logic of Cisco N ...) + NOT-FOR-US: Cisco +CVE-2021-1590 (A vulnerability in the implementation of the system login block-for co ...) + NOT-FOR-US: Cisco +CVE-2021-1589 (A vulnerability in the disaster recovery feature of Cisco SD-WAN vMana ...) + NOT-FOR-US: Cisco +CVE-2021-1588 (A vulnerability in the MPLS Operation, Administration, and Maintenance ...) + NOT-FOR-US: Cisco +CVE-2021-1587 (A vulnerability in the VXLAN Operation, Administration, and Maintenanc ...) + NOT-FOR-US: Cisco +CVE-2021-1586 (A vulnerability in the Multi-Pod or Multi-Site network configurations ...) + NOT-FOR-US: Cisco +CVE-2021-1585 (A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) L ...) + NOT-FOR-US: Cisco +CVE-2021-1584 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...) + NOT-FOR-US: Cisco +CVE-2021-1583 (A vulnerability in the fabric infrastructure file system access contro ...) + NOT-FOR-US: Cisco +CVE-2021-1582 (A vulnerability in the web UI of Cisco Application Policy Infrastructu ...) + NOT-FOR-US: Cisco +CVE-2021-1581 (Multiple vulnerabilities in the web UI and API endpoints of Cisco Appl ...) + NOT-FOR-US: Cisco +CVE-2021-1580 (Multiple vulnerabilities in the web UI and API endpoints of Cisco Appl ...) + NOT-FOR-US: Cisco +CVE-2021-1579 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...) + NOT-FOR-US: Cisco +CVE-2021-1578 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...) + NOT-FOR-US: Cisco +CVE-2021-1577 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...) + NOT-FOR-US: Cisco +CVE-2021-1576 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1575 (A vulnerability in the web-based management interface of Cisco Virtual ...) + NOT-FOR-US: Cisco +CVE-2021-1574 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1573 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) + NOT-FOR-US: Cisco +CVE-2021-1572 (A vulnerability in ConfD could allow an authenticated, local attacker ...) + NOT-FOR-US: Cisco +CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1570 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) + NOT-FOR-US: Cisco +CVE-2021-1569 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) + NOT-FOR-US: Cisco +CVE-2021-1568 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...) + NOT-FOR-US: Cisco +CVE-2021-1567 (A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secur ...) + NOT-FOR-US: Cisco +CVE-2021-1566 (A vulnerability in the Cisco Advanced Malware Protection (AMP) for End ...) + NOT-FOR-US: Cisco +CVE-2021-1565 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) + NOT-FOR-US: Cisco +CVE-2021-1564 (Multiple vulnerabilities in the implementation of the Cisco Discovery ...) + NOT-FOR-US: Cisco +CVE-2021-1563 (Multiple vulnerabilities in the implementation of the Cisco Discovery ...) + NOT-FOR-US: Cisco +CVE-2021-1562 (A vulnerability in the XSI-Actions interface of Cisco BroadWorks Appli ...) + NOT-FOR-US: Cisco +CVE-2021-1561 (A vulnerability in the spam quarantine feature of Cisco Secure Email a ...) + NOT-FOR-US: Cisco +CVE-2021-1560 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-1559 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-1558 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-1557 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-1556 + RESERVED +CVE-2021-1555 (Multiple vulnerabilities in the web-based management interface of cert ...) + NOT-FOR-US: Cisco +CVE-2021-1554 (Multiple vulnerabilities in the web-based management interface of cert ...) + NOT-FOR-US: Cisco +CVE-2021-1553 (Multiple vulnerabilities in the web-based management interface of cert ...) + NOT-FOR-US: Cisco +CVE-2021-1552 (Multiple vulnerabilities in the web-based management interface of cert ...) + NOT-FOR-US: Cisco +CVE-2021-1551 (Multiple vulnerabilities in the web-based management interface of cert ...) + NOT-FOR-US: Cisco +CVE-2021-1550 (Multiple vulnerabilities in the web-based management interface of cert ...) + NOT-FOR-US: Cisco +CVE-2021-1549 (Multiple vulnerabilities in the web-based management interface of cert ...) + NOT-FOR-US: Cisco +CVE-2021-1548 (Multiple vulnerabilities in the web-based management interface of cert ...) + NOT-FOR-US: Cisco +CVE-2021-1547 (Multiple vulnerabilities in the web-based management interface of cert ...) + NOT-FOR-US: Cisco +CVE-2021-1546 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2021-1545 + RESERVED +CVE-2021-1544 (A vulnerability in logging mechanisms of Cisco Webex Meetings client s ...) + NOT-FOR-US: Cisco +CVE-2021-1543 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1542 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1541 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1540 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...) + NOT-FOR-US: Cisco +CVE-2021-1539 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...) + NOT-FOR-US: Cisco +CVE-2021-1538 (A vulnerability in the configuration dashboard of Cisco Common Service ...) + NOT-FOR-US: Cisco +CVE-2021-1537 (A vulnerability in the installer software of Cisco ThousandEyes Record ...) + NOT-FOR-US: Cisco +CVE-2021-1536 (A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-1535 (A vulnerability in the cluster management interface of Cisco SD-WAN vM ...) + NOT-FOR-US: Cisco +CVE-2021-1534 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...) + NOT-FOR-US: Cisco +CVE-2021-1533 + RESERVED +CVE-2021-1532 (A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence ...) + NOT-FOR-US: Cisco +CVE-2021-1531 (A vulnerability in the web UI of Cisco Modeling Labs could allow an au ...) + NOT-FOR-US: Cisco +CVE-2021-1530 (A vulnerability in the web-based management interface of Cisco BroadWo ...) + NOT-FOR-US: Cisco +CVE-2021-1529 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1528 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2021-1527 (A vulnerability in Cisco Webex Player for Windows and MacOS could allo ...) + NOT-FOR-US: Cisco +CVE-2021-1526 (A vulnerability in Cisco Webex Player for Windows and MacOS could allo ...) + NOT-FOR-US: Cisco +CVE-2021-1525 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...) + NOT-FOR-US: Cisco +CVE-2021-1524 (A vulnerability in the API of Cisco Meeting Server could allow an auth ...) + NOT-FOR-US: Cisco +CVE-2021-1523 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...) + NOT-FOR-US: Cisco +CVE-2021-1522 (A vulnerability in the change password API of Cisco Connected Mobile E ...) + NOT-FOR-US: Cisco +CVE-2021-1521 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) + NOT-FOR-US: Cisco +CVE-2021-1520 (A vulnerability in the internal message processing of Cisco RV340, RV3 ...) + NOT-FOR-US: Cisco +CVE-2021-1519 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) + NOT-FOR-US: Cisco +CVE-2021-1518 (A vulnerability in the REST API of Cisco Firepower Device Manager (FDM ...) + NOT-FOR-US: Cisco +CVE-2021-1517 (A vulnerability in the multimedia viewer feature of Cisco Webex Meetin ...) + NOT-FOR-US: Cisco +CVE-2021-1516 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) + NOT-FOR-US: Cisco +CVE-2021-1515 (A vulnerability in Cisco SD-WAN vManage Software could allow an unauth ...) + NOT-FOR-US: Cisco +CVE-2021-1514 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2021-1513 (A vulnerability in the vDaemon process of Cisco SD-WAN Software could ...) + NOT-FOR-US: Cisco +CVE-2021-1512 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2021-1511 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-1510 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-1509 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-1508 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1507 (A vulnerability in an API of Cisco SD-WAN vManage Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1506 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1505 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1504 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...) + NOT-FOR-US: Cisco +CVE-2021-1503 (A vulnerability in Cisco Webex Network Recording Player for Windows an ...) + NOT-FOR-US: Cisco +CVE-2021-1502 (A vulnerability in Cisco Webex Network Recording Player for Windows an ...) + NOT-FOR-US: Cisco +CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive Securit ...) + NOT-FOR-US: Cisco +CVE-2021-1500 (A vulnerability in the web-based management interface of Cisco Webex V ...) + NOT-FOR-US: Cisco +CVE-2021-1499 (A vulnerability in the web-based management interface of Cisco HyperFl ...) + NOT-FOR-US: Cisco +CVE-2021-1498 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1497 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1496 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...) + NOT-FOR-US: Cisco +CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the Snort d ...) + NOT-FOR-US: Cisco +CVE-2021-1494 + RESERVED +CVE-2021-1493 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) + NOT-FOR-US: Cisco +CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not properly ...) + NOT-FOR-US: Duo Authentication Proxy +CVE-2021-1491 + RESERVED +CVE-2021-1490 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) + NOT-FOR-US: Cisco +CVE-2021-1489 (A vulnerability in filesystem usage management for Cisco Firepower Dev ...) + NOT-FOR-US: Cisco +CVE-2021-1488 (A vulnerability in the upgrade process of Cisco Adaptive Security Appl ...) + NOT-FOR-US: Cisco +CVE-2021-1487 (A vulnerability in the web-based management interface of Cisco Prime I ...) + NOT-FOR-US: Cisco +CVE-2021-1486 (A vulnerability in Cisco SD-WAN vManage Software could allow an unauth ...) + NOT-FOR-US: Cisco +CVE-2021-1485 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2021-1484 + RESERVED +CVE-2021-1483 + RESERVED +CVE-2021-1482 + RESERVED +CVE-2021-1481 + RESERVED +CVE-2021-1480 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1479 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1478 (A vulnerability in the Java Management Extensions (JMX) component of C ...) + NOT-FOR-US: Cisco +CVE-2021-1477 (A vulnerability in an access control mechanism of Cisco Firepower Mana ...) + NOT-FOR-US: Cisco +CVE-2021-1476 (A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) ...) + NOT-FOR-US: Cisco +CVE-2021-1475 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...) + NOT-FOR-US: Cisco +CVE-2021-1474 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...) + NOT-FOR-US: Cisco +CVE-2021-1473 (Multiple vulnerabilities exist in the web-based management interface o ...) + NOT-FOR-US: Cisco +CVE-2021-1472 (Multiple vulnerabilities exist in the web-based management interface o ...) + NOT-FOR-US: Cisco +CVE-2021-1471 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) + NOT-FOR-US: Cisco +CVE-2021-1470 + RESERVED +CVE-2021-1469 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) + NOT-FOR-US: Cisco +CVE-2021-1468 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1467 (A vulnerability in Cisco Webex Meetings for Android could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2021-1466 + RESERVED +CVE-2021-1465 + RESERVED +CVE-2021-1464 + RESERVED +CVE-2021-1463 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2021-1462 + RESERVED +CVE-2021-1461 + RESERVED +CVE-2021-1460 (A vulnerability in the Cisco IOx Application Framework of Cisco 809 In ...) + NOT-FOR-US: Cisco +CVE-2021-1459 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2021-1458 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1457 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1456 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1455 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1454 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software co ...) + NOT-FOR-US: Cisco +CVE-2021-1453 (A vulnerability in the software image verification functionality of Ci ...) + NOT-FOR-US: Cisco +CVE-2021-1452 (A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software f ...) + NOT-FOR-US: Cisco +CVE-2021-1451 (A vulnerability in the Easy Virtual Switching System (VSS) feature of ...) + NOT-FOR-US: Cisco +CVE-2021-1450 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) + NOT-FOR-US: Cisco +CVE-2021-1449 (A vulnerability in the boot logic of Cisco Access Points Software coul ...) + NOT-FOR-US: Cisco +CVE-2021-1448 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...) + NOT-FOR-US: Cisco +CVE-2021-1447 (A vulnerability in the user account management system of Cisco AsyncOS ...) + NOT-FOR-US: Cisco +CVE-2021-1446 (A vulnerability in the DNS application layer gateway (ALG) functionali ...) + NOT-FOR-US: Cisco +CVE-2021-1445 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...) + NOT-FOR-US: Cisco +CVE-2021-1444 + RESERVED +CVE-2021-1443 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-1442 (A vulnerability in a diagnostic command for the Plug-and-Play (PnP) su ...) + NOT-FOR-US: Cisco +CVE-2021-1441 (A vulnerability in the hardware initialization routines of Cisco IOS X ...) + NOT-FOR-US: Cisco +CVE-2021-1440 + RESERVED +CVE-2021-1439 (A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco A ...) + NOT-FOR-US: Cisco +CVE-2021-1438 (A vulnerability in Cisco Wide Area Application Services (WAAS) Softwar ...) + NOT-FOR-US: Cisco +CVE-2021-1437 (A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Se ...) + NOT-FOR-US: Cisco +CVE-2021-1436 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1435 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-1434 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1433 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software ...) + NOT-FOR-US: Cisco +CVE-2021-1432 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1431 (A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software ...) + NOT-FOR-US: Cisco +CVE-2021-1430 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...) + NOT-FOR-US: Cisco +CVE-2021-1429 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...) + NOT-FOR-US: Cisco +CVE-2021-1428 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...) + NOT-FOR-US: Cisco +CVE-2021-1427 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...) + NOT-FOR-US: Cisco +CVE-2021-1426 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...) + NOT-FOR-US: Cisco +CVE-2021-1425 + RESERVED +CVE-2021-1424 + RESERVED +CVE-2021-1423 (A vulnerability in the implementation of a CLI command in Cisco Airone ...) + NOT-FOR-US: Cisco +CVE-2021-1422 (A vulnerability in the software cryptography module of Cisco Adaptive ...) + NOT-FOR-US: Cisco +CVE-2021-1421 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...) + NOT-FOR-US: Cisco +CVE-2021-1420 (A vulnerability in certain web pages of Cisco Webex Meetings could all ...) + NOT-FOR-US: Cisco +CVE-2021-1419 (A vulnerability in the SSH management feature of multiple Cisco Access ...) + NOT-FOR-US: Cisco +CVE-2021-1418 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) + NOT-FOR-US: Cisco +CVE-2021-1417 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) + NOT-FOR-US: Cisco +CVE-2021-1416 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...) + NOT-FOR-US: Cisco +CVE-2021-1415 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1414 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1413 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1412 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...) + NOT-FOR-US: Cisco +CVE-2021-1411 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...) + NOT-FOR-US: Cisco +CVE-2021-1410 + RESERVED +CVE-2021-1409 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1408 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1407 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1406 (A vulnerability in Cisco Unified Communications Manager (Unified CM) a ...) + NOT-FOR-US: Cisco +CVE-2021-1405 (A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) ...) + {DLA-2626-1} + - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790) + [buster] - clamav 0.103.2+dfsg-0+deb10u1 + NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html +CVE-2021-1404 (A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) S ...) + - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790) + [buster] - clamav <not-affected> (Affects only 0.103.0 and 0.103.1) + [stretch] - clamav <not-affected> (Affects only 0.103.0 and 0.103.1) + NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html +CVE-2021-1403 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...) + NOT-FOR-US: Cisco +CVE-2021-1402 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-1401 (Multiple vulnerabilities in the web-based management interface of cert ...) + NOT-FOR-US: Cisco +CVE-2021-1400 (Multiple vulnerabilities in the web-based management interface of cert ...) + NOT-FOR-US: Cisco +CVE-2021-1399 (A vulnerability in the Self Care Portal of Cisco Unified Communication ...) + NOT-FOR-US: Cisco +CVE-2021-1398 (A vulnerability in the boot logic of Cisco IOS XE Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1397 (A vulnerability in the web-based management interface of Cisco Integra ...) + NOT-FOR-US: Cisco +CVE-2021-1396 (Multiple vulnerabilities in Cisco Application Services Engine could al ...) + NOT-FOR-US: Cisco +CVE-2021-1395 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2021-1394 (A vulnerability in the ingress traffic manager of Cisco IOS XE Softwar ...) + NOT-FOR-US: Cisco +CVE-2021-1393 (Multiple vulnerabilities in Cisco Application Services Engine could al ...) + NOT-FOR-US: Cisco +CVE-2021-1392 (A vulnerability in the CLI command permissions of Cisco IOS and Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-1391 (A vulnerability in the dragonite debugger of Cisco IOS XE Software cou ...) + NOT-FOR-US: Cisco +CVE-2021-1390 (A vulnerability in one of the diagnostic test CLI commands of Cisco IO ...) + NOT-FOR-US: Cisco +CVE-2021-1389 (A vulnerability in the IPv6 traffic processing of Cisco IOS XR Softwar ...) + NOT-FOR-US: Cisco +CVE-2021-1388 (A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrato ...) + NOT-FOR-US: Cisco +CVE-2021-1387 (A vulnerability in the network stack of Cisco NX-OS Software could all ...) + NOT-FOR-US: Cisco +CVE-2021-1386 (A vulnerability in the dynamic link library (DLL) loading mechanism in ...) + NOT-FOR-US: Cisco +CVE-2021-1385 (A vulnerability in the Cisco IOx application hosting environment of mu ...) + NOT-FOR-US: Cisco +CVE-2021-1384 (A vulnerability in Cisco IOx application hosting environment of Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-1383 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software co ...) + NOT-FOR-US: Cisco +CVE-2021-1382 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1381 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...) + NOT-FOR-US: Cisco +CVE-2021-1380 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1379 + RESERVED +CVE-2021-1378 (A vulnerability in the SSH service of the Cisco StarOS operating syste ...) + NOT-FOR-US: Cisco +CVE-2021-1377 (A vulnerability in Address Resolution Protocol (ARP) management of Cis ...) + NOT-FOR-US: Cisco +CVE-2021-1376 (Multiple vulnerabilities in the fast reload feature of Cisco IOS XE So ...) + NOT-FOR-US: Cisco +CVE-2021-1375 (Multiple vulnerabilities in the fast reload feature of Cisco IOS XE So ...) + NOT-FOR-US: Cisco +CVE-2021-1374 (A vulnerability in the web-based management interface of Cisco IOS XE ...) + NOT-FOR-US: Cisco +CVE-2021-1373 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) + NOT-FOR-US: Cisco +CVE-2021-1372 (A vulnerability in Cisco Webex Meetings Desktop App and Webex Producti ...) + NOT-FOR-US: Cisco +CVE-2021-1371 (A vulnerability in the role-based access control of Cisco IOS XE SD-WA ...) + NOT-FOR-US: Cisco +CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1369 (A vulnerability in the REST API of Cisco Firepower Device Manager (FDM ...) + NOT-FOR-US: Cisco +CVE-2021-1368 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...) + NOT-FOR-US: Cisco +CVE-2021-1367 (A vulnerability in the Protocol Independent Multicast (PIM) feature of ...) + NOT-FOR-US: Cisco +CVE-2021-1366 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) + NOT-FOR-US: Cisco +CVE-2021-1365 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1364 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...) + NOT-FOR-US: Cisco +CVE-2021-1363 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1362 (A vulnerability in the SOAP API endpoint of Cisco Unified Communicatio ...) + NOT-FOR-US: Cisco +CVE-2021-1361 (A vulnerability in the implementation of an internal file management s ...) + NOT-FOR-US: Cisco +CVE-2021-1360 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1359 (A vulnerability in the configuration management of Cisco AsyncOS for C ...) + NOT-FOR-US: Cisco +CVE-2021-1358 (A vulnerability in the web-based management interface of Cisco Finesse ...) + NOT-FOR-US: Cisco +CVE-2021-1357 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...) + NOT-FOR-US: Cisco +CVE-2021-1356 (Multiple vulnerabilities in the web UI of Cisco IOS XE Software could ...) + NOT-FOR-US: Cisco +CVE-2021-1355 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...) + NOT-FOR-US: Cisco +CVE-2021-1354 (A vulnerability in the certificate registration process of Cisco Unifi ...) + NOT-FOR-US: Cisco +CVE-2021-1353 (A vulnerability in the IPv4 protocol handling of Cisco StarOS could al ...) + NOT-FOR-US: Cisco +CVE-2021-1352 (A vulnerability in the DECnet Phase IV and DECnet/OSI protocol process ...) + NOT-FOR-US: Cisco +CVE-2021-1351 (A vulnerability in the web-based interface of Cisco Webex Meetings cou ...) + NOT-FOR-US: Cisco +CVE-2021-1350 (A vulnerability in the web UI of Cisco Umbrella could allow an unauthe ...) + NOT-FOR-US: Cisco +CVE-2021-1349 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) + NOT-FOR-US: Cisco +CVE-2021-1348 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1347 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1346 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1345 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1344 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1343 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1342 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1341 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1340 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1339 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1338 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1337 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1336 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1335 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1334 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1333 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1332 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1331 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1330 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1329 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1328 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1327 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1326 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1325 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1324 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1323 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1322 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1321 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1320 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1319 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1318 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1317 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1316 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1315 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1314 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1313 (Multiple vulnerabilities in the ingress packet processing function of ...) + NOT-FOR-US: Cisco +CVE-2021-1312 (A vulnerability in the system resource management of Cisco Elastic Ser ...) + NOT-FOR-US: Cisco +CVE-2021-1311 (A vulnerability in the reclaim host role feature of Cisco Webex Meetin ...) + NOT-FOR-US: Cisco +CVE-2021-1310 (A vulnerability in the web-based management interface of Cisco Webex M ...) + NOT-FOR-US: Cisco +CVE-2021-1309 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-1308 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-1307 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1306 (A vulnerability in the restricted shell of Cisco Evolved Programmable ...) + NOT-FOR-US: Cisco +CVE-2021-1305 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1304 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1303 (A vulnerability in the user management roles of Cisco DNA Center could ...) + NOT-FOR-US: Cisco +CVE-2021-1302 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1301 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) + NOT-FOR-US: Cisco +CVE-2021-1300 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) + NOT-FOR-US: Cisco +CVE-2021-1299 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...) + NOT-FOR-US: Cisco +CVE-2021-1298 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...) + NOT-FOR-US: Cisco +CVE-2021-1297 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1296 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1295 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1294 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1293 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1292 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1291 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1290 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1289 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1288 (Multiple vulnerabilities in the ingress packet processing function of ...) + NOT-FOR-US: Cisco +CVE-2021-1287 (A vulnerability in the web-based management interface of Cisco RV132W ...) + NOT-FOR-US: Cisco +CVE-2021-1286 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1285 + RESERVED +CVE-2021-1284 (A vulnerability in the web-based messaging service interface of Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-1283 (A vulnerability in the logging subsystem of Cisco Data Center Network ...) + NOT-FOR-US: Cisco +CVE-2021-1282 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...) + NOT-FOR-US: Cisco +CVE-2021-1281 (A vulnerability in CLI management in Cisco IOS XE SD-WAN Software coul ...) + NOT-FOR-US: Cisco +CVE-2021-1280 (A vulnerability in the loading mechanism of specific DLLs of Cisco Adv ...) + NOT-FOR-US: Cisco +CVE-2021-1279 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) + NOT-FOR-US: Cisco +CVE-2021-1278 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) + NOT-FOR-US: Cisco +CVE-2021-1277 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) c ...) + NOT-FOR-US: Cisco +CVE-2021-1276 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) c ...) + NOT-FOR-US: Cisco +CVE-2021-1275 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1274 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) + NOT-FOR-US: Cisco +CVE-2021-1273 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) + NOT-FOR-US: Cisco +CVE-2021-1272 (A vulnerability in the session validation feature of Cisco Data Center ...) + NOT-FOR-US: Cisco +CVE-2021-1271 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) + NOT-FOR-US: Cisco +CVE-2021-1270 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1269 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1268 (A vulnerability in the IPv6 protocol handling of the management interf ...) + NOT-FOR-US: Cisco +CVE-2021-1267 (A vulnerability in the dashboard widget of Cisco Firepower Management ...) + NOT-FOR-US: Cisco +CVE-2021-1266 (A vulnerability in the REST API of Cisco Managed Services Accelerator ...) + NOT-FOR-US: Cisco +CVE-2021-1265 (A vulnerability in the configuration archive functionality of Cisco DN ...) + NOT-FOR-US: Cisco +CVE-2021-1264 (A vulnerability in the Command Runner tool of Cisco DNA Center could a ...) + NOT-FOR-US: Cisco +CVE-2021-1263 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...) + NOT-FOR-US: Cisco +CVE-2021-1262 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...) + NOT-FOR-US: Cisco +CVE-2021-1261 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...) + NOT-FOR-US: Cisco +CVE-2021-1260 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...) + NOT-FOR-US: Cisco +CVE-2021-1259 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) + NOT-FOR-US: Cisco +CVE-2021-1258 (A vulnerability in the upgrade component of Cisco AnyConnect Secure Mo ...) + NOT-FOR-US: Cisco +CVE-2021-1257 (A vulnerability in the web-based management interface of Cisco DNA Cen ...) + NOT-FOR-US: Cisco +CVE-2021-1256 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...) + NOT-FOR-US: Cisco +CVE-2021-1255 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...) + NOT-FOR-US: Cisco +CVE-2021-1254 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1253 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1252 (A vulnerability in the Excel XLM macro parsing module in Clam AntiViru ...) + - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790) + [buster] - clamav <not-affected> (Affects ony 0.103.0 and 0.103.1) + [stretch] - clamav <not-affected> (Affects ony 0.103.0 and 0.103.1) + NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html +CVE-2021-1251 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-1250 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1249 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1248 (Multiple vulnerabilities in certain REST API endpoints of Cisco Data C ...) + NOT-FOR-US: Cisco +CVE-2021-1247 (Multiple vulnerabilities in certain REST API endpoints of Cisco Data C ...) + NOT-FOR-US: Cisco +CVE-2021-1246 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1245 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1244 (Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 ...) + NOT-FOR-US: Cisco +CVE-2021-1243 (A vulnerability in the Local Packet Transport Services (LPTS) programm ...) + NOT-FOR-US: Cisco +CVE-2021-1242 (A vulnerability in Cisco Webex Teams could allow an unauthenticated, r ...) + NOT-FOR-US: Cisco +CVE-2021-1241 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...) + NOT-FOR-US: Cisco +CVE-2021-1240 (A vulnerability in the loading process of specific DLLs in Cisco Proxi ...) + NOT-FOR-US: Cisco +CVE-2021-1239 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1238 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1237 (A vulnerability in the Network Access Manager and Web Security Agent c ...) + NOT-FOR-US: Cisco +CVE-2021-1236 (Multiple Cisco products are affected by a vulnerability in the Snort a ...) + NOT-FOR-US: Cisco +CVE-2021-1235 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...) + NOT-FOR-US: Cisco +CVE-2021-1234 + RESERVED +CVE-2021-1233 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2021-1232 + RESERVED +CVE-2021-1231 (A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus ...) + NOT-FOR-US: Cisco +CVE-2021-1230 (A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus ...) + NOT-FOR-US: Cisco +CVE-2021-1229 (A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS S ...) + NOT-FOR-US: Cisco +CVE-2021-1228 (A vulnerability in the fabric infrastructure VLAN connection establish ...) + NOT-FOR-US: Cisco +CVE-2021-1227 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) + NOT-FOR-US: Cisco +CVE-2021-1226 (A vulnerability in the audit logging component of Cisco Unified Commun ...) + NOT-FOR-US: Cisco +CVE-2021-1225 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1224 (Multiple Cisco products are affected by a vulnerability with TCP Fast ...) + NOT-FOR-US: Cisco +CVE-2021-1223 (Multiple Cisco products are affected by a vulnerability in the Snort d ...) + NOT-FOR-US: Cisco +CVE-2021-1222 (A vulnerability in the web-based management interface of Cisco Smart S ...) + NOT-FOR-US: Cisco +CVE-2021-1221 (A vulnerability in the user interface of Cisco Webex Meetings and Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1220 (Multiple vulnerabilities in the web UI of Cisco IOS XE Software could ...) + NOT-FOR-US: Cisco +CVE-2021-1219 (A vulnerability in Cisco Smart Software Manager Satellite could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1218 (A vulnerability in the web management interface of Cisco Smart Softwar ...) + NOT-FOR-US: Cisco +CVE-2021-1217 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1216 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1215 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1214 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1213 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1212 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1211 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1210 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1209 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1208 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1207 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1206 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1205 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1204 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1203 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1202 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1201 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1200 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1199 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1198 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1197 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1196 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1195 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1194 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1193 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1192 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1191 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1190 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1189 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1188 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1187 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1186 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1185 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1184 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1183 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1182 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1181 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1180 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1179 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1178 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1177 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1176 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1175 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1174 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1173 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1172 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1171 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1170 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1169 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1168 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1167 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1166 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1165 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1164 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1163 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1162 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1161 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1160 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1159 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1158 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1157 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1156 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1155 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1154 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1153 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1152 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1151 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1150 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1149 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1148 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1147 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1146 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-1145 (A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR ...) + NOT-FOR-US: Cisco +CVE-2021-1144 (A vulnerability in Cisco Connected Mobile Experiences (CMX) could allo ...) + NOT-FOR-US: Cisco +CVE-2021-1143 (A vulnerability in Cisco Connected Mobile Experiences (CMX) API author ...) + NOT-FOR-US: Cisco +CVE-2021-1142 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...) + NOT-FOR-US: Cisco +CVE-2021-1141 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...) + NOT-FOR-US: Cisco +CVE-2021-1140 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...) + NOT-FOR-US: Cisco +CVE-2021-1139 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...) + NOT-FOR-US: Cisco +CVE-2021-1138 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...) + NOT-FOR-US: Cisco +CVE-2021-1137 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1136 (Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 ...) + NOT-FOR-US: Cisco +CVE-2021-1135 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...) + NOT-FOR-US: Cisco +CVE-2021-1134 (A vulnerability in the Cisco Identity Services Engine (ISE) integratio ...) + NOT-FOR-US: Cisco +CVE-2021-1133 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...) + NOT-FOR-US: Cisco +CVE-2021-1132 + RESERVED +CVE-2021-1131 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) + NOT-FOR-US: Cisco +CVE-2021-1130 (A vulnerability in the web-based management interface of Cisco DNA Cen ...) + NOT-FOR-US: Cisco +CVE-2021-1129 (A vulnerability in the authentication for the general purpose APIs imp ...) + NOT-FOR-US: Cisco +CVE-2021-1128 (A vulnerability in the CLI parser of Cisco IOS XR Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-1127 (A vulnerability in the web-based management interface of Cisco Enterpr ...) + NOT-FOR-US: Cisco +CVE-2021-1126 (A vulnerability in the storage of proxy server credentials of Cisco Fi ...) + NOT-FOR-US: Cisco +CVE-2021-1125 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) + NOT-FOR-US: NVIDIA +CVE-2021-1124 + RESERVED +CVE-2021-1123 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA +CVE-2021-1122 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA +CVE-2021-1121 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA +CVE-2021-1120 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA +CVE-2021-1119 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA +CVE-2021-1118 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA +CVE-2021-1117 (Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy ...) + NOT-FOR-US: NVIDIA +CVE-2021-1116 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2021-1115 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2021-1114 (NVIDIA Linux kernel distributions contain a vulnerability in the kerne ...) + NOT-FOR-US: NVIDIA +CVE-2021-1113 (NVIDIA camera firmware contains a difficult to exploit vulnerability w ...) + NOT-FOR-US: NVIDIA +CVE-2021-1112 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap, wh ...) + NOT-FOR-US: NVIDIA +CVE-2021-1111 (Bootloader contains a vulnerability in the NV3P server where any user ...) + NOT-FOR-US: NVIDIA +CVE-2021-1110 (NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerabi ...) + NOT-FOR-US: NVIDIA +CVE-2021-1109 (NVIDIA camera firmware contains a multistep, timing-related vulnerabil ...) + NOT-FOR-US: NVIDIA +CVE-2021-1108 (NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capt ...) + NOT-FOR-US: NVIDIA +CVE-2021-1107 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVM ...) + NOT-FOR-US: NVIDIA +CVE-2021-1106 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap, wh ...) + NOT-FOR-US: NVIDIA +CVE-2021-1105 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) + NOT-FOR-US: NVIDIA +CVE-2021-1104 (The RISC-V Instruction Set Manual contains a documented ambiguity for ...) + NOT-FOR-US: RISC-V +CVE-2021-1103 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2021-1102 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2021-1101 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2021-1100 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2021-1099 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2021-1098 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2021-1097 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2021-1096 (NVIDIA Windows GPU Display Driver for Windows contains a vulnerability ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows +CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + {DLA-2888-1} + - nvidia-graphics-drivers 460.91.03-1 (bug #991351) + [buster] - nvidia-graphics-drivers 418.211.00-1 + - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353) + [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1 + - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352) + [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) + [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla-460 460.91.03-1 (bug #991357) + - nvidia-graphics-drivers-tesla-450 450.142.00-1 (bug #991356) + - nvidia-graphics-drivers-tesla-440 <removed> (bug #991355) + - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211 +CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + {DLA-2888-1} + - nvidia-graphics-drivers 460.91.03-1 (bug #991351) + [buster] - nvidia-graphics-drivers 418.211.00-1 + - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353) + [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1 + - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352) + [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) + [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla-460 460.91.03-1 (bug #991357) + - nvidia-graphics-drivers-tesla-450 450.142.00-1 (bug #991356) + - nvidia-graphics-drivers-tesla-440 <removed> (bug #991355) + - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211 +CVE-2021-1093 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + {DLA-2888-1} + - nvidia-graphics-drivers 460.91.03-1 (bug #991351) + [buster] - nvidia-graphics-drivers 418.211.00-1 + - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353) + [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1 + - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352) + [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) + [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla-460 460.91.03-1 (bug #991357) + - nvidia-graphics-drivers-tesla-450 450.142.00-1 (bug #991356) + - nvidia-graphics-drivers-tesla-440 <removed> (bug #991355) + - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211 +CVE-2021-1092 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2021-1091 (NVIDIA GPU Display driver for Windows contains a vulnerability where a ...) + NOT-FOR-US: NVIDIA GPU Display driver for Windows +CVE-2021-1090 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + NOT-FOR-US: NVIDIA GPU Display driver for Windows + NOTE: CVE description is wrong, per https://nvidia.custhelp.com/app/answers/detail/a_id/5211 only for Windows +CVE-2021-1089 (NVIDIA GPU Display Driver for Windows contains a vulnerability in nvid ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2021-1088 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) + NOT-FOR-US: NVIDIA +CVE-2021-1087 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...) + NOT-FOR-US: NVIDIA vGPU driver +CVE-2021-1086 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...) + NOT-FOR-US: NVIDIA vGPU driver +CVE-2021-1085 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...) + NOT-FOR-US: NVIDIA vGPU driver +CVE-2021-1084 (NVIDIA vGPU driver contains a vulnerability in the guest kernel mode d ...) + NOT-FOR-US: NVIDIA vGPU driver +CVE-2021-1083 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2021-1082 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2021-1081 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2021-1080 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2021-1079 (NVIDIA GeForce Experience, all versions prior to 3.22, contains a vuln ...) + NOT-FOR-US: NVIDIA +CVE-2021-1078 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows +CVE-2021-1077 (NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver ...) + - nvidia-graphics-drivers 460.73.01-1 (bug #987216) + [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) + [stretch] - nvidia-graphics-drivers <not-affected> (R390 not affected) + - nvidia-graphics-drivers-tesla-450 450.119.03-1 (bug #987221) + - nvidia-graphics-drivers-tesla-460 460.73.01-1 (bug #987222) +CVE-2021-1076 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...) + {DLA-2888-1} + - nvidia-graphics-drivers 460.73.01-1 (bug #987216) + [buster] - nvidia-graphics-drivers 418.197.02-1 + - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #987217) + [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) + [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.143-1 (bug #987218) + [buster] - nvidia-graphics-drivers-legacy-390xx 390.143-1~deb10u1 + - nvidia-graphics-drivers-tesla-418 418.197.02-1 (bug #987219) + - nvidia-graphics-drivers-tesla-440 <removed> (bug #987220) + - nvidia-graphics-drivers-tesla-450 450.119.03-1 (bug #987221) + - nvidia-graphics-drivers-tesla-460 460.73.01-1 (bug #987222) +CVE-2021-1075 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows +CVE-2021-1074 (NVIDIA GPU Display Driver for Windows installer contains a vulnerabili ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows +CVE-2021-1073 (NVIDIA GeForce Experience, all versions prior to 3.23, contains a vuln ...) + NOT-FOR-US: NVIDIA +CVE-2021-1072 (NVIDIA GeForce Experience, all versions prior to 3.21, contains a vuln ...) + NOT-FOR-US: NVIDIA GeForce Experience +CVE-2021-1071 (NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1 ...) + NOT-FOR-US: NVIDIA +CVE-2021-1070 (NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and ...) + NOT-FOR-US: NVIDIA +CVE-2021-1069 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...) + NOT-FOR-US: NVIDIA +CVE-2021-1068 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...) + NOT-FOR-US: NVIDIA +CVE-2021-1067 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...) + NOT-FOR-US: NVIDIA +CVE-2021-1066 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) + NOT-FOR-US: NVIDIA vGPU manager +CVE-2021-1065 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) + NOT-FOR-US: NVIDIA vGPU manager +CVE-2021-1064 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) + NOT-FOR-US: NVIDIA vGPU manager +CVE-2021-1063 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) + NOT-FOR-US: NVIDIA vGPU manager +CVE-2021-1062 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) + NOT-FOR-US: NVIDIA vGPU manager +CVE-2021-1061 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) + NOT-FOR-US: NVIDIA vGPU manager +CVE-2021-1060 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2021-1059 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...) + NOT-FOR-US: NVIDIA vGPU manager +CVE-2021-1058 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2021-1057 (NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerabilit ...) + NOT-FOR-US: NVIDIA Virtual GPU Manager NVIDIA vGPU manager +CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerab ...) + {DLA-2888-1} + - nvidia-graphics-drivers 460.32.03-1 (bug #979670) + [buster] - nvidia-graphics-drivers 418.181.07-1 + - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #979671) + [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) + [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.141-1 (bug #979672) + [buster] - nvidia-graphics-drivers-legacy-390xx 390.141-2~deb10u1 + - nvidia-graphics-drivers-tesla-418 418.181.07-1 (bug #979673) + - nvidia-graphics-drivers-tesla-440 <removed> (bug #979674) + - nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675) +CVE-2021-1055 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2021-1054 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2021-1053 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...) + - nvidia-graphics-drivers 460.32.03-1 (bug #979670) + [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) + [stretch] - nvidia-graphics-drivers <not-affected> (R390 not affected) + - nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675) +CVE-2021-1052 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...) + - nvidia-graphics-drivers 460.32.03-1 (bug #979670) + [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported) + [stretch] - nvidia-graphics-drivers <not-affected> (R390 not affected) + - nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675) +CVE-2021-1051 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2021-1050 + RESERVED +CVE-2021-1049 (Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ...) + NOT-FOR-US: Unisoc +CVE-2021-1048 (In ep_loop_check_proc of eventpoll.c, there is a possible way to corru ...) + - linux 5.8.10-1 + [buster] - linux 4.19.146-1 + [stretch] - linux 4.9.240-1 + NOTE: https://git.kernel.org/linus/77f4689de17c0887775bb77896f4cc11a39bf848 (5.9-rc4) +CVE-2021-1047 (In valid_ipc_dram_addr of cm_access_control.c, there is a possible out ...) + NOT-FOR-US: Google Pixel components +CVE-2021-1046 (In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out ...) + NOT-FOR-US: Google Pixel components +CVE-2021-1045 (Product: AndroidVersions: Android kernelAndroid ID: A-195580473Referen ...) + NOT-FOR-US: Google Pixel components +CVE-2021-1044 (In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, ...) + NOT-FOR-US: Google Pixel components +CVE-2021-1043 (In TBD of TBD, there is a possible downgrade attack due to under utili ...) + NOT-FOR-US: Google Pixel components +CVE-2021-1042 (In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible d ...) + NOT-FOR-US: Google Pixel components +CVE-2021-1041 (In (TBD) of (TBD), there is a possible out of bounds read due to memor ...) + NOT-FOR-US: Google Pixel components +CVE-2021-1040 (In onCreate of BluetoothPairingSelectionFragment.java, there is a poss ...) + NOT-FOR-US: Android +CVE-2021-1039 (In NotificationAccessActivity of AndroidManifest.xml, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-1038 (In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS ...) + NOT-FOR-US: Android +CVE-2021-1037 (The broadcast that DevicePickerFragment sends when a new device is pai ...) + NOT-FOR-US: Android +CVE-2021-1036 (In LocationSettingsActivity of AndroidManifest.xml, there is a possibl ...) + NOT-FOR-US: Android +CVE-2021-1035 (In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, ...) + NOT-FOR-US: Android +CVE-2021-1034 (In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is ap ...) + NOT-FOR-US: Android +CVE-2021-1033 + RESERVED +CVE-2021-1032 (In getMimeGroup of PackageManagerService.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2021-1031 (In cancelNotificationsFromListener of NotificationManagerService.java, ...) + NOT-FOR-US: Android +CVE-2021-1030 (In setNotificationsShownFromListener of NotificationManagerService.jav ...) + NOT-FOR-US: Android +CVE-2021-1029 (In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out ...) + NOT-FOR-US: Android +CVE-2021-1028 (In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out ...) + NOT-FOR-US: Android +CVE-2021-1027 (In setTransactionState of SurfaceFlinger, there is possible arbitrary ...) + NOT-FOR-US: Android +CVE-2021-1026 (In startRanging of RttServiceImpl.java, there is a possible way to det ...) + NOT-FOR-US: Android +CVE-2021-1025 (In hasNamedWallpaper of WallpaperManagerService.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-1024 (In onEventReceived of EventResultPersister.java, there is a possible i ...) + NOT-FOR-US: Android +CVE-2021-1023 (In onCreate of RequestIgnoreBatteryOptimizations.java, there is a poss ...) + NOT-FOR-US: Android +CVE-2021-1022 (In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a poss ...) + NOT-FOR-US: Android +CVE-2021-1021 (In snoozeNotificationInt of NotificationManagerService.java, there is ...) + NOT-FOR-US: Android +CVE-2021-1020 (In snoozeNotification of NotificationListenerService.java, there is a ...) + NOT-FOR-US: Android +CVE-2021-1019 (In snoozeNotification of NotificationListenerService.java, there is a ...) + NOT-FOR-US: Android +CVE-2021-1018 (In adjustStreamVolume of AudioService.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2021-1017 (In AdapterService and GattService definition of AndroidManifest.xml, t ...) + NOT-FOR-US: Android +CVE-2021-1016 (In onCreate of UsbPermissionActivity.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2021-1015 (In getMeidForSlot of PhoneInterfaceManager.java, there is a possible w ...) + NOT-FOR-US: Android +CVE-2021-1014 (In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is ...) + NOT-FOR-US: Android +CVE-2021-1013 (In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of P ...) + NOT-FOR-US: Android +CVE-2021-1012 (In onResume of NotificationAccessDetails.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2021-1011 (In setPackageStoppedState of PackageManagerService.java, there is a mi ...) + NOT-FOR-US: Android +CVE-2021-1010 (In getSigningKeySet of PackageManagerService.java, there is a missing ...) + NOT-FOR-US: Android +CVE-2021-1009 (In setApplicationCategoryHint of PackageManagerService.java, there is ...) + NOT-FOR-US: Android +CVE-2021-1008 (In addSubInfo of SubscriptionController.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2021-1007 (In btu_hcif_process_event of btu_hcif.cc, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2021-1006 (In several functions of DatabaseManager.java, there is a possible leak ...) + NOT-FOR-US: Android +CVE-2021-1005 (In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a po ...) + NOT-FOR-US: Android +CVE-2021-1004 (In getConfiguredNetworks of WifiServiceImpl.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-1003 (In adjustStreamVolume of AudioService.java, there is a possible way fo ...) + NOT-FOR-US: Android +CVE-2021-1002 (In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2021-1001 (In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2021-1000 + RESERVED +CVE-2021-0999 (In the broadcast definition in AndroidManifest.xml, there is a possibl ...) + NOT-FOR-US: Android +CVE-2021-0998 (In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2021-0997 (In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , t ...) + NOT-FOR-US: Android +CVE-2021-0996 (In nfaHciCallback of HciEventManager.cpp, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2021-0995 (In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, ...) + NOT-FOR-US: Android +CVE-2021-0994 (In requestRouteToHostAddress of ConnectivityService.java, there is a p ...) + NOT-FOR-US: Android +CVE-2021-0993 (In getOffsetBeforeAfter of TextLine.java, there is a possible denial o ...) + NOT-FOR-US: Android +CVE-2021-0992 (In onCreate of PaymentDefaultDialog.java, there is a possible way to c ...) + NOT-FOR-US: Android +CVE-2021-0991 (In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderControll ...) + NOT-FOR-US: Android +CVE-2021-0990 (In getDeviceId of PhoneSubInfoController.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2021-0989 (In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there i ...) + NOT-FOR-US: Android +CVE-2021-0988 (In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientCont ...) + NOT-FOR-US: Android +CVE-2021-0987 (In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a po ...) + NOT-FOR-US: Android +CVE-2021-0986 (In hasGrantedPolicy of DevicePolicyManagerService.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2021-0985 (In onReceive of AlertReceiver.java, there is a possible way to dismiss ...) + NOT-FOR-US: Android +CVE-2021-0984 (In onNullBinding of ManagedServices.java, there is a possible permissi ...) + NOT-FOR-US: Android +CVE-2021-0983 (In createAdminSupportIntent of DevicePolicyManagerService.java, there ...) + NOT-FOR-US: Android +CVE-2021-0982 (In getOrganizationNameForUser of DevicePolicyManagerService.java, ther ...) + NOT-FOR-US: Android +CVE-2021-0981 (In enqueueNotificationInternal of NotificationManagerService.java, the ...) + NOT-FOR-US: Android +CVE-2021-0980 + RESERVED +CVE-2021-0979 (In isRequestPinItemSupported of ShortcutService.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-0978 (In getSerialForPackage of DeviceIdentifiersPolicyService.java, there i ...) + NOT-FOR-US: Android +CVE-2021-0977 (In phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc, there is a possible out ...) + NOT-FOR-US: Android +CVE-2021-0976 (In toBARK of floor0.c, there is a possible out of bounds read due to a ...) + NOT-FOR-US: Android +CVE-2021-0975 + RESERVED +CVE-2021-0974 + RESERVED +CVE-2021-0973 (In isFileUri of UriUtil.java, there is a possible way to bypass ignori ...) + NOT-FOR-US: Android +CVE-2021-0972 + RESERVED +CVE-2021-0971 (In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of ...) + NOT-FOR-US: Google Play +CVE-2021-0970 (In createFromParcel of GpsNavigationMessage.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0969 (In getTitle of AccessPoint.java, there is a possible unhandled excepti ...) + NOT-FOR-US: Android +CVE-2021-0968 (In osi_malloc and osi_calloc of allocator.cc, there is a possible out ...) + NOT-FOR-US: Android +CVE-2021-0967 (In vorbis_book_decodev_set of codebook.c, there is a possible out of b ...) + NOT-FOR-US: Google Play +CVE-2021-0966 (In code generated by BuildParcelFields of generate_cpp.cpp, there is a ...) + NOT-FOR-US: Android +CVE-2021-0965 (In AndroidManifest.xml of Settings, there is a possible pairing of a B ...) + NOT-FOR-US: Android +CVE-2021-0964 (In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out o ...) + NOT-FOR-US: Google Play +CVE-2021-0963 (In onCreate of KeyChainActivity.java, there is a possible way to use a ...) + NOT-FOR-US: Android +CVE-2021-0962 + RESERVED +CVE-2021-0961 (In quota_proc_write of xt_quota2.c, there is a possible way to read ke ...) + - linux <not-affected> (Android-specific xt_quota2 code) + NOTE: https://source.android.com/security/bulletin/2021-12-01 +CVE-2021-0960 + RESERVED +CVE-2021-0959 (In jit_memory_region.cc, there is a possible bypass of memory restrict ...) + NOT-FOR-US: Android +CVE-2021-0958 (In update of km_compat.cpp, there is a possible loss of potentially se ...) + NOT-FOR-US: Android +CVE-2021-0957 + RESERVED +CVE-2021-0956 (In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a ...) + NOT-FOR-US: Android +CVE-2021-0955 (In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption ...) + NOT-FOR-US: Android +CVE-2021-0954 (In ResolverActivity, there is a possible user interaction bypass due t ...) + NOT-FOR-US: Android +CVE-2021-0953 (In setOnClickActivityIntent of SearchWidgetProvider.java, there is a p ...) + NOT-FOR-US: Android +CVE-2021-0952 (In doCropPhoto of PhotoSelectionHandler.java, there is a possible perm ...) + NOT-FOR-US: Android +CVE-2021-0951 + RESERVED +CVE-2021-0950 + RESERVED +CVE-2021-0949 + RESERVED +CVE-2021-0948 + RESERVED +CVE-2021-0947 + RESERVED +CVE-2021-0946 + RESERVED +CVE-2021-0945 + RESERVED +CVE-2021-0944 + RESERVED +CVE-2021-0943 + RESERVED +CVE-2021-0942 + RESERVED +CVE-2021-0941 (In bpf_skb_change_head of filter.c, there is a possible out of bounds ...) + - linux 5.10.28-1 + [buster] - linux 4.19.194-1 + [stretch] - linux 4.9.272-1 + NOTE: https://git.kernel.org/6306c1189e77a513bf02720450bb43bd4ba5d8ae +CVE-2021-0940 (In TBD of TBD, there is a possible out of bounds write due to improper ...) + NOT-FOR-US: Pixel components +CVE-2021-0939 (In set_default_passthru_cfg of passthru.c, there is a possible out of ...) + NOT-FOR-US: Pixel components +CVE-2021-0938 (In memzero_explicit of compiler-clang.h, there is a possible bypass of ...) + - linux 5.9.15-1 (unimportant) + [buster] - linux 4.19.171-1 + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01 + NOTE: https://git.kernel.org/linus/3347acc6fcd4ee71ad18a9ff9d9dac176b517329 +CVE-2021-0937 + RESERVED + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + [stretch] - linux 4.9.272-1 + NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01 + NOTE: https://git.kernel.org/linus/b29c457a6511435960115c0f548c4360d5f4801d + NOTE: Duplicate of CVE-2021-22555 +CVE-2021-0936 (In acc_read of f_accessory.c, there is a possible memory corruption du ...) + - linux <not-affected> (Pixel or Android-specific driver) + NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01 +CVE-2021-0935 (In ip6_xmit of ip6_output.c, there is a possible out of bounds write d ...) + - linux 4.15.17-1 + [stretch] - linux 4.9.258-1 + NOTE: https://git.kernel.org/linus/2f987a76a97773beafbc615b9c4d8fe79129a7f4 + NOTE: https://git.kernel.org/linus/b954f94023dcc61388c8384f0f14eb8e42c863c5 + NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01 +CVE-2021-0934 + RESERVED +CVE-2021-0933 (In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.j ...) + NOT-FOR-US: Android +CVE-2021-0932 (In showNotification of NavigationModeController.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-0931 (In getAlias of BluetoothDevice.java, there is a possible way to create ...) + NOT-FOR-US: Android +CVE-2021-0930 (In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-0929 (In ion_dma_buf_end_cpu_access and related functions of ion.c, there is ...) + - linux 5.6.4-1 (unimportant) + NOTE: https://source.android.com/security/bulletin/2021-11-01 + NOTE: CONFIG_ION not enabled in Debian +CVE-2021-0928 (In createFromParcel of OutputConfiguration.java, there is a possible p ...) + NOT-FOR-US: Android media framework +CVE-2021-0927 (In requestChannelBrowsable of TvInputManagerService.java, there is a p ...) + NOT-FOR-US: Android TV +CVE-2021-0926 (In onCreate of NfcImportVCardActivity.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2021-0925 (In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of boun ...) + NOT-FOR-US: Android +CVE-2021-0924 (In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds re ...) + - linux <not-affected> (Android-specific XHCI patch) + NOTE: https://source.android.com/security/bulletin/2021-11-01 + NOTE: https://android.googlesource.com/kernel/common/+/df1995aede8e5b13a5ba4d36b48ed88d5bb84497 +CVE-2021-0923 (In createOrUpdate of Permission.java, there is a possible way to gain ...) + NOT-FOR-US: Android +CVE-2021-0922 (In enforceCrossUserOrProfilePermission of PackageManagerService.java, ...) + NOT-FOR-US: Android +CVE-2021-0921 (In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0920 (In unix_scm_to_skb of af_unix.c, there is a possible use after free bu ...) + {DLA-2843-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/cbcf01128d0a92e131bd09f1688fe032480b65ca + NOTE: https://source.android.com/security/bulletin/2021-11-01 +CVE-2021-0919 (In getService of IServiceManager.cpp, there is a possible unhandled ex ...) + NOT-FOR-US: Android +CVE-2021-0918 (In gatt_process_notification of gatt_cl.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2021-0917 + RESERVED +CVE-2021-0916 + RESERVED +CVE-2021-0915 + RESERVED +CVE-2021-0914 + RESERVED +CVE-2021-0913 + RESERVED +CVE-2021-0912 + RESERVED +CVE-2021-0911 + RESERVED +CVE-2021-0910 + RESERVED +CVE-2021-0909 + RESERVED +CVE-2021-0908 + RESERVED +CVE-2021-0907 + RESERVED +CVE-2021-0906 + RESERVED +CVE-2021-0905 + RESERVED +CVE-2021-0904 (In SRAMROM, there is a possible permission bypass due to an insecure p ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0903 (In apusys, there is a possible out of bounds write due to a missing bo ...) + NOT-FOR-US: Mediatek +CVE-2021-0902 (In apusys, there is a possible out of bounds read due to an incorrect ...) + NOT-FOR-US: Mediatek +CVE-2021-0901 (In apusys, there is a possible memory corruption due to a missing boun ...) + NOT-FOR-US: Mediatek +CVE-2021-0900 (In apusys, there is a possible out of bounds read due to an incorrect ...) + NOT-FOR-US: Mediatek +CVE-2021-0899 (In apusys, there is a possible memory corruption due to a use after fr ...) + NOT-FOR-US: Mediatek +CVE-2021-0898 (In apusys, there is a possible memory corruption due to a use after fr ...) + NOT-FOR-US: Mediatek +CVE-2021-0897 (In apusys, there is a possible out of bounds write due to a missing bo ...) + NOT-FOR-US: Mediatek +CVE-2021-0896 (In apusys, there is a possible out of bounds write due to a missing bo ...) + NOT-FOR-US: Mediatek +CVE-2021-0895 (In apusys, there is a possible out of bounds write due to a missing bo ...) + NOT-FOR-US: Mediatek +CVE-2021-0894 (In apusys, there is a possible out of bounds write due to a missing bo ...) + NOT-FOR-US: Mediatek +CVE-2021-0893 (In apusys, there is a possible memory corruption due to a use after fr ...) + NOT-FOR-US: Mediatek +CVE-2021-0892 + RESERVED +CVE-2021-0891 + RESERVED +CVE-2021-0890 + RESERVED +CVE-2021-0889 (In Android TV , there is a possible silent pairing due to lack of rate ...) + NOT-FOR-US: Android TV +CVE-2021-0888 + RESERVED +CVE-2021-0887 + RESERVED +CVE-2021-0886 + RESERVED +CVE-2021-0885 + RESERVED +CVE-2021-0884 + RESERVED +CVE-2021-0883 + RESERVED +CVE-2021-0882 + RESERVED +CVE-2021-0881 + RESERVED +CVE-2021-0880 + RESERVED +CVE-2021-0879 + RESERVED +CVE-2021-0878 + RESERVED +CVE-2021-0877 + RESERVED +CVE-2021-0876 + RESERVED +CVE-2021-0875 + RESERVED +CVE-2021-0874 + RESERVED +CVE-2021-0873 + RESERVED +CVE-2021-0872 + RESERVED +CVE-2021-0871 + RESERVED +CVE-2021-0870 (In RW_SetActivatedTagType of rw_main.cc, there is possible memory corr ...) + NOT-FOR-US: Android +CVE-2021-0869 (In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out ...) + NOT-FOR-US: Android +CVE-2021-0868 + RESERVED +CVE-2021-0867 + RESERVED +CVE-2021-0866 + RESERVED +CVE-2021-0865 + RESERVED +CVE-2021-0864 + RESERVED +CVE-2021-0863 + RESERVED +CVE-2021-0862 + RESERVED +CVE-2021-0861 + RESERVED +CVE-2021-0860 + RESERVED +CVE-2021-0859 + RESERVED +CVE-2021-0858 + RESERVED +CVE-2021-0857 + RESERVED +CVE-2021-0856 + RESERVED +CVE-2021-0855 + RESERVED +CVE-2021-0854 + RESERVED +CVE-2021-0853 + RESERVED +CVE-2021-0852 + RESERVED +CVE-2021-0851 + RESERVED +CVE-2021-0850 + RESERVED +CVE-2021-0849 + RESERVED +CVE-2021-0848 + RESERVED +CVE-2021-0847 + RESERVED +CVE-2021-0846 + RESERVED +CVE-2021-0845 + RESERVED +CVE-2021-0844 + RESERVED +CVE-2021-0843 + RESERVED +CVE-2021-0842 + RESERVED +CVE-2021-0841 + RESERVED +CVE-2021-0840 + RESERVED +CVE-2021-0839 + RESERVED +CVE-2021-0838 + RESERVED +CVE-2021-0837 + RESERVED +CVE-2021-0836 + RESERVED +CVE-2021-0835 + RESERVED +CVE-2021-0834 + RESERVED +CVE-2021-0833 + RESERVED +CVE-2021-0832 + RESERVED +CVE-2021-0831 + RESERVED +CVE-2021-0830 + RESERVED +CVE-2021-0829 + RESERVED +CVE-2021-0828 + RESERVED +CVE-2021-0827 + RESERVED +CVE-2021-0826 + RESERVED +CVE-2021-0825 + RESERVED +CVE-2021-0824 + RESERVED +CVE-2021-0823 + RESERVED +CVE-2021-0822 + RESERVED +CVE-2021-0821 + RESERVED +CVE-2021-0820 + RESERVED +CVE-2021-0819 + RESERVED +CVE-2021-0818 + RESERVED +CVE-2021-0817 + RESERVED +CVE-2021-0816 + RESERVED +CVE-2021-0815 + RESERVED +CVE-2021-0814 + RESERVED +CVE-2021-0813 + RESERVED +CVE-2021-0812 + RESERVED +CVE-2021-0811 + RESERVED +CVE-2021-0810 + RESERVED +CVE-2021-0809 + RESERVED +CVE-2021-0808 + RESERVED +CVE-2021-0807 + RESERVED +CVE-2021-0806 + RESERVED +CVE-2021-0805 + RESERVED +CVE-2021-0804 + RESERVED +CVE-2021-0803 + RESERVED +CVE-2021-0802 + RESERVED +CVE-2021-0801 + RESERVED +CVE-2021-0800 + RESERVED +CVE-2021-0799 (In ActivityThread.java, there is a possible way to collide the content ...) + NOT-FOR-US: Android +CVE-2021-0798 + RESERVED +CVE-2021-0797 + RESERVED +CVE-2021-0796 + RESERVED +CVE-2021-0795 + RESERVED +CVE-2021-0794 + RESERVED +CVE-2021-0793 + RESERVED +CVE-2021-0792 + RESERVED +CVE-2021-0791 + RESERVED +CVE-2021-0790 + RESERVED +CVE-2021-0789 + RESERVED +CVE-2021-0788 + RESERVED +CVE-2021-0787 + RESERVED +CVE-2021-0786 + RESERVED +CVE-2021-0785 + RESERVED +CVE-2021-0784 + RESERVED +CVE-2021-0783 + RESERVED +CVE-2021-0782 + RESERVED +CVE-2021-0781 + RESERVED +CVE-2021-0780 + RESERVED +CVE-2021-0779 + RESERVED +CVE-2021-0778 + RESERVED +CVE-2021-0777 + RESERVED +CVE-2021-0776 + RESERVED +CVE-2021-0775 + RESERVED +CVE-2021-0774 + RESERVED +CVE-2021-0773 + RESERVED +CVE-2021-0772 + RESERVED +CVE-2021-0771 + RESERVED +CVE-2021-0770 + RESERVED +CVE-2021-0769 (In onCreate of AllowBindAppWidgetActivity.java, there is a possible by ...) + NOT-FOR-US: Android +CVE-2021-0768 + RESERVED +CVE-2021-0767 + RESERVED +CVE-2021-0766 + RESERVED +CVE-2021-0765 + RESERVED +CVE-2021-0764 + RESERVED +CVE-2021-0763 + RESERVED +CVE-2021-0762 + RESERVED +CVE-2021-0761 + RESERVED +CVE-2021-0760 + RESERVED +CVE-2021-0759 + RESERVED +CVE-2021-0758 + RESERVED +CVE-2021-0757 + RESERVED +CVE-2021-0756 + RESERVED +CVE-2021-0755 + RESERVED +CVE-2021-0754 + RESERVED +CVE-2021-0753 + RESERVED +CVE-2021-0752 + RESERVED +CVE-2021-0751 + RESERVED +CVE-2021-0750 + RESERVED +CVE-2021-0749 + RESERVED +CVE-2021-0748 + RESERVED +CVE-2021-0747 + RESERVED +CVE-2021-0746 + RESERVED +CVE-2021-0745 + RESERVED +CVE-2021-0744 + RESERVED +CVE-2021-0743 + RESERVED +CVE-2021-0742 + RESERVED +CVE-2021-0741 + RESERVED +CVE-2021-0740 + RESERVED +CVE-2021-0739 + RESERVED +CVE-2021-0738 + RESERVED +CVE-2021-0737 + RESERVED +CVE-2021-0736 + RESERVED +CVE-2021-0735 + RESERVED +CVE-2021-0734 + RESERVED +CVE-2021-0733 + RESERVED +CVE-2021-0732 + RESERVED +CVE-2021-0731 + RESERVED +CVE-2021-0730 + RESERVED +CVE-2021-0729 + RESERVED +CVE-2021-0728 + RESERVED +CVE-2021-0727 + RESERVED +CVE-2021-0726 + RESERVED +CVE-2021-0725 + RESERVED +CVE-2021-0724 + RESERVED +CVE-2021-0723 + RESERVED +CVE-2021-0722 + RESERVED +CVE-2021-0721 + RESERVED +CVE-2021-0720 + RESERVED +CVE-2021-0719 + RESERVED +CVE-2021-0718 + RESERVED +CVE-2021-0717 + RESERVED +CVE-2021-0716 + RESERVED +CVE-2021-0715 + RESERVED +CVE-2021-0714 + RESERVED +CVE-2021-0713 + RESERVED +CVE-2021-0712 + RESERVED +CVE-2021-0711 + RESERVED +CVE-2021-0710 + RESERVED +CVE-2021-0709 + RESERVED +CVE-2021-0708 (In runDumpHeap of ActivityManagerShellCommand.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2021-0707 + RESERVED +CVE-2021-0706 (In startListening of PluginManagerImpl.java, there is a possible way t ...) + NOT-FOR-US: Android +CVE-2021-0705 (In sanitizeSbn of NotificationManagerService.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0704 (In createNoCredentialsPermissionNotification and related functions of ...) + NOT-FOR-US: Android +CVE-2021-0703 (In SecondStageMain of init.cpp, there is a possible use after free due ...) + NOT-FOR-US: Android +CVE-2021-0702 (In RevertActiveSessions of apexd.cpp, there is a possible way to share ...) + NOT-FOR-US: Android +CVE-2021-0701 + RESERVED +CVE-2021-0700 + RESERVED +CVE-2021-0699 + RESERVED +CVE-2021-0698 + RESERVED +CVE-2021-0697 + RESERVED +CVE-2021-0696 + RESERVED +CVE-2021-0695 (In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds re ...) + - linux <not-affected> (Android-specific xt_qtaguid code) + NOTE: https://source.android.com/security/bulletin/2021-09-01 +CVE-2021-0694 + RESERVED +CVE-2021-0693 (In openFile of HeapDumpProvider.java, there is a possible way to retri ...) + NOT-FOR-US: Android +CVE-2021-0692 (In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a p ...) + NOT-FOR-US: Android +CVE-2021-0691 (In the SELinux policy configured in system_app.te, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0690 (In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a pos ...) + NOT-FOR-US: Android media framework +CVE-2021-0689 (In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out ...) + NOT-FOR-US: Android media framework +CVE-2021-0688 (In lockNow of PhoneWindowManager.java, there is a possible lock screen ...) + NOT-FOR-US: Android +CVE-2021-0687 (In ellipsize of Layout.java, there is a possible ANR due to improper i ...) + NOT-FOR-US: Android +CVE-2021-0686 (In getDefaultSmsPackage of RoleManagerService.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2021-0685 (In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parc ...) + NOT-FOR-US: Android +CVE-2021-0684 (In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0683 (In runTraceIpcStop of ActivityManagerShellCommand.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2021-0682 (In sendAccessibilityEvent of NotificationManagerService.java, there is ...) + NOT-FOR-US: Android +CVE-2021-0681 (In system properties, there is a possible information disclosure due t ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0680 (In system properties, there is a possible information disclosure due t ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0679 (In apusys, there is a possible memory corruption due to a missing boun ...) + NOT-FOR-US: Mediatek +CVE-2021-0678 (In apusys, there is a possible out of bounds write due to a missing bo ...) + NOT-FOR-US: Mediatek +CVE-2021-0677 (In ccu driver, there is a possible out of bounds read due to an intege ...) + NOT-FOR-US: Mediatek +CVE-2021-0676 (In geniezone driver, there is a possible out of bounds read due to an ...) + NOT-FOR-US: Mediatek +CVE-2021-0675 (In alac decoder, there is a possible out of bounds write due to an inc ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0674 (In alac decoder, there is a possible out of bounds read due to an inco ...) + NOT-FOR-US: Mediatek +CVE-2021-0673 (In Audio Aurisys HAL, there is a possible permission bypass due to a m ...) + NOT-FOR-US: Mediatek +CVE-2021-0672 (In Browser app, there is a possible information disclosure due to a mi ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0671 (In apusys, there is a possible memory corruption due to a missing boun ...) + NOT-FOR-US: Mediatek +CVE-2021-0670 (In apusys, there is a possible memory corruption due to a use after fr ...) + NOT-FOR-US: Mediatek +CVE-2021-0669 (In apusys, there is a possible memory corruption due to a use after fr ...) + NOT-FOR-US: Mediatek +CVE-2021-0668 (In apusys, there is a possible memory corruption due to incorrect erro ...) + NOT-FOR-US: Mediatek +CVE-2021-0667 (In apusys, there is a possible memory corruption due to a use after fr ...) + NOT-FOR-US: Mediatek +CVE-2021-0666 (In apusys, there is a possible out of bounds read due to an incorrect ...) + NOT-FOR-US: Mediatek +CVE-2021-0665 (In apusys, there is a possible out of bounds read due to an incorrect ...) + NOT-FOR-US: Mediatek +CVE-2021-0664 (In ccu, there is a possible memory corruption due to a use after free. ...) + NOT-FOR-US: Mediatek +CVE-2021-0663 (In audio DSP, there is a possible out of bounds write due to an incorr ...) + NOT-FOR-US: Mediatek +CVE-2021-0662 (In audio DSP, there is a possible out of bounds write due to an incorr ...) + NOT-FOR-US: Mediatek +CVE-2021-0661 (In audio DSP, there is a possible out of bounds write due to an incorr ...) + NOT-FOR-US: Mediatek +CVE-2021-0660 (In ccu, there is a possible out of bounds read due to incorrect error ...) + NOT-FOR-US: Mediatek +CVE-2021-0659 (In apusys, there is a possible out of bounds read due to an incorrect ...) + NOT-FOR-US: Mediatek +CVE-2021-0658 (In apusys, there is a possible out of bounds write due to a missing bo ...) + NOT-FOR-US: Mediatek +CVE-2021-0657 (In apusys, there is a possible out of bounds write due to a stack-base ...) + NOT-FOR-US: Mediatek +CVE-2021-0656 (In edma driver, there is a possible memory corruption due to a use aft ...) + NOT-FOR-US: Mediatek +CVE-2021-0655 (In mdlactl driver, there is a possible memory corruption due to an inc ...) + NOT-FOR-US: Mediatek +CVE-2021-0654 (In isRealSnapshot of TaskThumbnailView.java, there is possible data ex ...) + NOT-FOR-US: Android +CVE-2021-0653 (In enqueueNotification of NetworkPolicyManagerService.java, there is a ...) + NOT-FOR-US: Android +CVE-2021-0652 (In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a p ...) + NOT-FOR-US: Android +CVE-2021-0651 (In loadLabel of PackageItemInfo.java, there is a possible way to DoS a ...) + NOT-FOR-US: Android +CVE-2021-0650 (In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of ...) + NOT-FOR-US: Android media framework +CVE-2021-0649 (In stopVpnProfile of Vpn.java, there is a possible VPN profile reset d ...) + NOT-FOR-US: Android +CVE-2021-0648 + RESERVED +CVE-2021-0647 + RESERVED +CVE-2021-0646 (In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2021-0645 (In shouldBlockFromTree of ExternalStorageProvider.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2021-0644 (In conditionallyRemoveIdentifiers of SubscriptionController.java, ther ...) + NOT-FOR-US: Android +CVE-2021-0643 (In getAllSubInfoList of SubscriptionController.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2021-0642 (In onResume of VoicemailSettingsFragment.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2021-0641 (In getAvailableSubscriptionInfoList of SubscriptionController.java, th ...) + NOT-FOR-US: Android +CVE-2021-0640 (In noteAtomLogged of StatsdStats.cpp, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2021-0639 (In multiple functions of libl3oemcrypto.cpp, there is a possible weakn ...) + NOT-FOR-US: Widevine +CVE-2021-0638 + RESERVED +CVE-2021-0637 + RESERVED +CVE-2021-0636 (When extracting the incorrectly formatted avi file, the memory is dama ...) + NOT-FOR-US: UniSoc components for Android +CVE-2021-0635 (When extracting the incorrectly formatted flv file, the memory is dama ...) + NOT-FOR-US: UniSoc components for Android +CVE-2021-0634 (In display driver, there is a possible memory corruption due to uninit ...) + NOT-FOR-US: Mediatek +CVE-2021-0633 (In display driver, there is a possible out of bounds write due to an i ...) + NOT-FOR-US: Mediatek +CVE-2021-0632 (In wifi driver, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: Mediatek +CVE-2021-0631 (In wifi driver, there is a possible system crash due to a missing boun ...) + NOT-FOR-US: Mediatek +CVE-2021-0630 (In wifi driver, there is a possible system crash due to a missing boun ...) + NOT-FOR-US: Mediatek +CVE-2021-0629 (In mdlactl driver, there is a possible memory corruption due to a use ...) + NOT-FOR-US: Mediatek +CVE-2021-0628 (In OMA DRM, there is a possible memory corruption due to improper inpu ...) + NOT-FOR-US: Mediatek +CVE-2021-0627 (In OMA DRM, there is a possible memory corruption due to an integer ov ...) + NOT-FOR-US: Mediatek +CVE-2021-0626 (In ged, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2021-0625 (In ccu, there is a possible memory corruption due to improper locking. ...) + NOT-FOR-US: Mediatek +CVE-2021-0624 (In flv extractor, there is a possible out of bounds read due to a heap ...) + NOT-FOR-US: Mediatek +CVE-2021-0623 (In asf extractor, there is a possible out of bounds read due to an int ...) + NOT-FOR-US: Mediatek +CVE-2021-0622 (In asf extractor, there is a possible out of bounds read due to a heap ...) + NOT-FOR-US: Mediatek +CVE-2021-0621 (In asf extractor, there is a possible out of bounds read due to an int ...) + NOT-FOR-US: Mediatek +CVE-2021-0620 (In asf extractor, there is a possible out of bounds read due to a heap ...) + NOT-FOR-US: Mediatek +CVE-2021-0619 (In ape extractor, there is a possible out of bounds read due to a miss ...) + NOT-FOR-US: Mediatek +CVE-2021-0618 (In ape extractor, there is a possible out of bounds read due to a heap ...) + NOT-FOR-US: Mediatek +CVE-2021-0617 (In ape extractor, there is a possible out of bounds read due to a heap ...) + NOT-FOR-US: Mediatek +CVE-2021-0616 (In ape extractor, there is a possible out of bounds read due to a heap ...) + NOT-FOR-US: Mediatek +CVE-2021-0615 (In flv extractor, there is a possible out of bounds read due to an int ...) + NOT-FOR-US: Mediatek +CVE-2021-0614 (In asf extractor, there is a possible out of bounds read due to an inc ...) + NOT-FOR-US: Mediatek +CVE-2021-0613 (In asf extractor, there is a possible out of bounds read due to an inc ...) + NOT-FOR-US: Mediatek +CVE-2021-0612 (In m4u, there is a possible memory corruption due to a use after free. ...) + NOT-FOR-US: Mediatek +CVE-2021-0611 (In m4u, there is a possible memory corruption due to a use after free. ...) + NOT-FOR-US: Mediatek +CVE-2021-0610 (In memory management driver, there is a possible memory corruption due ...) + NOT-FOR-US: Mediatek +CVE-2021-0609 + RESERVED +CVE-2021-0608 (In handleAppLaunch of AppLaunchActivity.java, there is a possible arbi ...) + NOT-FOR-US: Pixel +CVE-2021-0607 (In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware p ...) + NOT-FOR-US: Pixel +CVE-2021-0606 (In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use ...) + - linux <not-affected> (Vulnerability specific to 4.14.y backporting) + NOTE: https://source.android.com/security/bulletin/pixel/2021-06-01 +CVE-2021-0605 (In pfkey_dump of af_key.c, there is a possible out-of-bounds read due ...) + - linux 5.8.7-1 + [buster] - linux 4.19.152-1 + [stretch] - linux 4.9.240-1 + NOTE: https://git.kernel.org/linus/37bd22420f856fcd976989f1d4f1f7ad28e1fcac +CVE-2021-0604 (In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-0603 (In onCreate of ContactSelectionActivity.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2021-0602 (In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a ...) + NOT-FOR-US: Android +CVE-2021-0601 (In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of boun ...) + NOT-FOR-US: Android media framework +CVE-2021-0600 (In onCreate of DeviceAdminAdd.java, there is a possible way to mislead ...) + NOT-FOR-US: Android +CVE-2021-0599 (In scheduleTimeoutLocked of NotificationRecord.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2021-0598 (In onCreate of ConfirmConnectActivity.java, there is a possible pairin ...) + NOT-FOR-US: Android +CVE-2021-0597 (In notifyProfileAdded and notifyProfileRemoved of SipService.java, the ...) + NOT-FOR-US: Android +CVE-2021-0596 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...) + NOT-FOR-US: Android +CVE-2021-0595 (In lockAllProfileTasks of RootWindowContainer.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2021-0594 (In onCreate of ConfirmConnectActivity, there is a possible remote bypa ...) + NOT-FOR-US: Android +CVE-2021-0593 (In sendDevicePickedIntent of DevicePickerFragment.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2021-0592 (In various functions in WideVine, there are possible out of bounds wri ...) + NOT-FOR-US: Widevine +CVE-2021-0591 (In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, ther ...) + NOT-FOR-US: Android +CVE-2021-0590 (In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a p ...) + NOT-FOR-US: Android +CVE-2021-0589 (In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2021-0588 (In processInboundMessage of MceStateMachine.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0587 (In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible ...) + NOT-FOR-US: Android media framework +CVE-2021-0586 (In onCreate of DevicePickerFragment.java, there is a possible way to t ...) + NOT-FOR-US: Android +CVE-2021-0585 (In beginWrite and beginRead of MessageQueueBase.h, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0584 (In verifyBufferObject of Parcel.cpp, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2021-0583 (In onCreate of BluetoothPairingDialog, there is a possible way to enab ...) + NOT-FOR-US: Android +CVE-2021-0582 (In wifi driver, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0581 (In wifi driver, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0580 (In wifi driver, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0579 (In wifi driver, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0578 (In wifi driver, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0577 (In flv extractor, there is a possible out of bounds write due to a hea ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0576 (In flv extractor, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0575 + RESERVED +CVE-2021-0574 (In asf extractor, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0573 (In asf extractor, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0572 (In doNotification of AccountManagerService.java, there is a possible p ...) + NOT-FOR-US: Android +CVE-2021-0571 (In ActivityTaskManagerService.startActivity() and AppTaskImpl.startAct ...) + NOT-FOR-US: Android +CVE-2021-0570 (In sendBugreportNotification of BugreportProgressService.java, there i ...) + NOT-FOR-US: Android +CVE-2021-0569 (In onStart of ContactsDumpActivity.java, there is possible access to c ...) + NOT-FOR-US: Android +CVE-2021-0568 (In onReceive of DevicePolicyManagerService.java, there is a possible e ...) + NOT-FOR-US: Android +CVE-2021-0567 (In isRestricted of RemoteViews.java, there is a possible way to inject ...) + NOT-FOR-US: Android +CVE-2021-0566 (In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of ...) + NOT-FOR-US: Android media framework +CVE-2021-0565 (In wrapUserThread of AudioStream.cpp, there is a possible use after fr ...) + NOT-FOR-US: Android media framework +CVE-2021-0564 (In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due ...) + NOT-FOR-US: Android media framework +CVE-2021-0563 (In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a poss ...) + NOT-FOR-US: Android media framework +CVE-2021-0562 (In RasterIntraUpdate of motion_est.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android media framework +CVE-2021-0561 (In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a ...) + NOT-FOR-US: Android media framework +CVE-2021-0560 + RESERVED +CVE-2021-0559 (In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due ...) + NOT-FOR-US: Android media framework +CVE-2021-0558 (In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out ...) + NOT-FOR-US: Android media framework +CVE-2021-0557 (In setRange of ABuffer.cpp, there is a possible out of bounds write du ...) + NOT-FOR-US: Android media framework +CVE-2021-0556 (In getBlockSum of fastcodemb.cpp, there is a possible out of bounds re ...) + NOT-FOR-US: Android media framework +CVE-2021-0555 (In RenderStruct of protostream_objectsource.cc, there is a possible cr ...) + NOT-FOR-US: Android +CVE-2021-0554 (In isBackupServiceActive of BackupManagerService.java, there is a miss ...) + NOT-FOR-US: Android +CVE-2021-0553 (In onBindViewHolder of AppSwitchPreference.java, there is a possible b ...) + NOT-FOR-US: Android +CVE-2021-0552 (In getEndItemSliceAction of MediaOutputSlice.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0551 (In bind of MediaControlPanel.java, there is a possible way to lock up ...) + NOT-FOR-US: Android +CVE-2021-0550 (In onLoadFailed of AnnotateActivity.java, there is a possible way to g ...) + NOT-FOR-US: Android +CVE-2021-0549 (In sspRequestCallback of BondStateMachine.java, there is a possible le ...) + NOT-FOR-US: Android +CVE-2021-0548 (In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2021-0547 (In onReceive of NetInitiatedActivity.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2021-0546 (In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0545 (In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0544 (In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0543 (In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-0542 (In updateNotification of BeamTransferManager.java, there is a missing ...) + NOT-FOR-US: Android +CVE-2021-0541 (In phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc, there i ...) + NOT-FOR-US: Android +CVE-2021-0540 (In halWrapperDataCallback of hal_wrapper.cc, there is a possible out o ...) + NOT-FOR-US: Android +CVE-2021-0539 (In archiveStoredConversation of MmsService.java, there is a possible w ...) + NOT-FOR-US: Android +CVE-2021-0538 (In onCreate of EmergencyCallbackModeExitDialog.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2021-0537 (In onCreate of WiFiInstaller.java, there is a possible way to install ...) + NOT-FOR-US: Android +CVE-2021-0536 (In dropFile of WiFiInstaller, there is a way to delete files accessibl ...) + NOT-FOR-US: Android +CVE-2021-0535 (In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possib ...) + NOT-FOR-US: Android +CVE-2021-0534 (In permission declarations of DeviceAdminReceiver.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2021-0533 (In memory management driver, there is a possible memory corruption due ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0532 (In memory management driver, there is a possible memory corruption due ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0531 (In memory management driver, there is a possible memory corruption due ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0530 (In memory management driver, there is a possible out of bounds write d ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0529 (In memory management driver, there is a possible memory corruption due ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0528 (In memory management driver, there is a possible memory corruption due ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0527 (In memory management driver, there is a possible memory corruption due ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0526 (In memory management driver, there is a possible out of bounds write d ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0525 (In memory management driver, there is a possible out of bounds write d ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0524 (In isServiceDistractionOptimized of CarPackageManagerService.java, the ...) + NOT-FOR-US: Android +CVE-2021-0523 (In onCreate of WifiScanModeActivity.java, there is a possible way to e ...) + NOT-FOR-US: Android +CVE-2021-0522 (In ConnectionHandler::SdpCb of connection_handler.cc, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-0521 (In getAllPackages of PackageManagerService, there is a possible inform ...) + NOT-FOR-US: Android +CVE-2021-0520 (In several functions of MemoryFileSystem.cpp and related files, there ...) + NOT-FOR-US: Android media framework +CVE-2021-0519 (In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of b ...) + NOT-FOR-US: Google Play +CVE-2021-0518 (In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there i ...) + NOT-FOR-US: Android +CVE-2021-0517 (In updateCapabilities of ConnectivityService.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0516 (In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2021-0515 (In Factory::CreateStrictFunctionMap of factory.cc, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0514 (In several functions of the V8 library, there is a possible use after ...) + NOT-FOR-US: Android +CVE-2021-0513 (In deleteNotificationChannel and related functions of NotificationMana ...) + NOT-FOR-US: Android +CVE-2021-0512 (In __hidinput_change_resolution_multipliers of hid-input.c, there is a ...) + {DLA-2689-1} + - linux 5.10.19-1 + [buster] - linux 4.19.181-1 + NOTE: https://git.kernel.org/linus/ed9be64eefe26d7d8b0b5b9fa3ffdf425d87a01f +CVE-2021-0511 (In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode i ...) + NOT-FOR-US: Android +CVE-2021-0510 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...) + NOT-FOR-US: Android media framework +CVE-2021-0509 (In various functions of CryptoPlugin.cpp, there is a possible use afte ...) + NOT-FOR-US: Android media framework +CVE-2021-0508 (In various functions of DrmPlugin.cpp, there is a possible use after f ...) + NOT-FOR-US: Android media framework +CVE-2021-0507 (In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2021-0506 (In ActivityPicker.java, there is a possible bypass of user interaction ...) + NOT-FOR-US: Android +CVE-2021-0505 (In the Settings app, there is a possible way to disable an always-on V ...) + NOT-FOR-US: Android +CVE-2021-0504 (In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2021-0503 + RESERVED +CVE-2021-0502 + RESERVED +CVE-2021-0501 + RESERVED +CVE-2021-0500 + RESERVED +CVE-2021-0499 + RESERVED +CVE-2021-0498 (In memory management driver, there is a possible memory corruption due ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0497 (In memory management driver, there is a possible memory corruption due ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0496 (In memory management driver, there is a possible memory corruption due ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0495 (In memory management driver, there is a possible out of bounds write d ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0494 (In memory management driver, there is a possible out of bounds write d ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0493 (In memory management driver, there is a possible out of bounds write d ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0492 (In memory management driver, there is a possible out of bounds write d ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0491 (In memory management driver, there is a possible escalation of privile ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0490 (In memory management driver, there is a possible out of bounds write d ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0489 (In memory management driver, there is a possible out of bounds write d ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0488 (In pb_write of pb_encode.c, there is a possible out of bounds write du ...) + NOT-FOR-US: Android +CVE-2021-0487 (In onCreate of CalendarDebugActivity.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2021-0486 (In onPackageAddedInternal of PermissionManagerService.java, there is p ...) + NOT-FOR-US: Android +CVE-2021-0485 (In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypa ...) + NOT-FOR-US: Android +CVE-2021-0484 (In readVector of IMediaPlayer.cpp, there is a possible read of uniniti ...) + NOT-FOR-US: Android media framework +CVE-2021-0483 (In multiple methods of AAudioService, there is a possible use-after-fr ...) + NOT-FOR-US: Android media framework +CVE-2021-0482 (In BinderDiedCallback of MediaCodec.cpp, there is a possible memory co ...) + NOT-FOR-US: Android media framework +CVE-2021-0481 (In onActivityResult of EditUserPhotoController.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2021-0480 (In createPendingIntent of SnoozeHelper.java, there is a possible broad ...) + NOT-FOR-US: Android +CVE-2021-0479 + RESERVED +CVE-2021-0478 (In updateDrawable of StatusBarIconView.java, there is a possible permi ...) + NOT-FOR-US: Android +CVE-2021-0477 (In notifyScreenshotError of ScreenshotNotificationsController.java, th ...) + NOT-FOR-US: Android +CVE-2021-0476 (In FindOrCreatePeer of btif_av.cc, there is a possible use after free ...) + NOT-FOR-US: Android +CVE-2021-0475 (In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory c ...) + NOT-FOR-US: Android +CVE-2021-0474 (In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds wr ...) + NOT-FOR-US: Android +CVE-2021-0473 (In rw_t3t_process_error of rw_t3t.cc, there is a possible double free ...) + NOT-FOR-US: Android +CVE-2021-0472 (In shouldLockKeyguard of LockTaskController.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0471 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...) + NOT-FOR-US: Android media framework +CVE-2021-0470 + RESERVED +CVE-2021-0469 + RESERVED +CVE-2021-0468 (In LK, there is a possible escalation of privilege due to an insecure ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0467 (In Chromecast bootROM, there is a possible out of bounds write due to ...) + NOT-FOR-US: AMLogic +CVE-2021-0466 (In startIpClient of ClientModeImpl.java, there is a possible identifie ...) + NOT-FOR-US: Android +CVE-2021-0465 (In GenerateFaceMask of face.cc, there is a possible out of bounds writ ...) + NOT-FOR-US: Android/Pixel kernel component not in mainline +CVE-2021-0464 (In sound_trigger_event_alloc of platform.h, there is a possible out of ...) + NOT-FOR-US: Android/Pixel kernel component not in mainline +CVE-2021-0463 (In convertToHidl of convert.cpp, there is a possible out of bounds rea ...) + NOT-FOR-US: Android/Pixel kernel component not in mainline +CVE-2021-0462 (In the NXP NFC firmware, there is a possible insecure firmware update ...) + NOT-FOR-US: NXP NFC firmware as used in Android/Pixel +CVE-2021-0461 (In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possib ...) + NOT-FOR-US: Android/Pixel kernel component not in mainline +CVE-2021-0460 (In the FingerTipS touch screen driver, there is a possible out of boun ...) + NOT-FOR-US: Android/Pixel kernel component not in mainline +CVE-2021-0459 (In fts_driver_test_write of fts_proc.c, there is a possible out of bou ...) + NOT-FOR-US: Android/Pixel kernel component not in mainline +CVE-2021-0458 (In the FingerTipS touch screen driver, there is a possible out of boun ...) + NOT-FOR-US: Android/Pixel kernel component not in mainline +CVE-2021-0457 (In the FingerTipS touch screen driver, there is a possible out of boun ...) + NOT-FOR-US: Android/Pixel kernel component not in mainline +CVE-2021-0456 (In the Citadel chip firmware, there is a possible out of bounds write ...) + NOT-FOR-US: Citadel chip firmware as used in Android/Pixel +CVE-2021-0455 (In the Citadel chip firmware, there is a possible out of bounds write ...) + NOT-FOR-US: Citadel chip firmware as used in Android/Pixel +CVE-2021-0454 (In the Citadel chip firmware, there is a possible out of bounds write ...) + NOT-FOR-US: Citadel chip firmware as used in Android/Pixel +CVE-2021-0453 (In the Titan-M chip firmware, there is a possible disclosure of stack ...) + NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel +CVE-2021-0452 (In the Titan M chip firmware, there is a possible disclosure of stack ...) + NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel +CVE-2021-0451 (In the Titan M chip firmware, there is a possible disclosure of stack ...) + NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel +CVE-2021-0450 (In the Titan M chip firmware, there is a possible disclosure of stack ...) + NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel +CVE-2021-0449 (In the Titan M chip firmware, there is a possible disclosure of stack ...) + NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel +CVE-2021-0448 + RESERVED +CVE-2021-0447 + RESERVED + - linux 4.15.4-1 + [stretch] - linux 4.9.228-1 +CVE-2021-0446 (In ImportVCardActivity, there is a possible way to bypass user consent ...) + NOT-FOR-US: Android +CVE-2021-0445 (In start of WelcomeActivity.java, there is a possible residual profile ...) + NOT-FOR-US: Android +CVE-2021-0444 (In onActivityResult of QuickContactActivity.java, there is an unnecess ...) + NOT-FOR-US: Android +CVE-2021-0443 (In several functions of ScreenshotHelper.java and related files, there ...) + NOT-FOR-US: Android +CVE-2021-0442 (In updateInfo of android_hardware_input_InputApplicationHandle.cpp, th ...) + NOT-FOR-US: Android +CVE-2021-0441 (In onCreate of PermissionActivity.java, there is a possible permission ...) + NOT-FOR-US: Android +CVE-2021-0440 + RESERVED +CVE-2021-0439 (In setPowerModeWithHandle of com_android_server_power_PowerManagerServ ...) + NOT-FOR-US: Android +CVE-2021-0438 (In several functions of InputDispatcher.cpp, WindowManagerService.java ...) + NOT-FOR-US: Android +CVE-2021-0437 (In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. Th ...) + NOT-FOR-US: Android media framework +CVE-2021-0436 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...) + NOT-FOR-US: Android media framework +CVE-2021-0435 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak o ...) + NOT-FOR-US: Android +CVE-2021-0434 (In onReceive of BluetoothPermissionRequest.java, there is a possible p ...) + NOT-FOR-US: Android +CVE-2021-0433 (In onCreate of DeviceChooserActivity.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2021-0432 (In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPulle ...) + NOT-FOR-US: Android +CVE-2021-0431 (In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds re ...) + NOT-FOR-US: Android +CVE-2021-0430 (In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of boun ...) + NOT-FOR-US: Android +CVE-2021-0429 (In pollOnce of ALooper.cpp, there is possible memory corruption due to ...) + NOT-FOR-US: Android +CVE-2021-0428 (In getSimSerialNumber of TelephonyManager.java, there is a possible wa ...) + NOT-FOR-US: Android +CVE-2021-0427 (In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0426 (In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a pos ...) + NOT-FOR-US: Android +CVE-2021-0425 (In memory management driver, there is a possible side channel informat ...) + NOT-FOR-US: Mediatek +CVE-2021-0424 (In memory management driver, there is a possible system crash due to a ...) + NOT-FOR-US: Mediatek +CVE-2021-0423 (In memory management driver, there is a possible information disclosur ...) + NOT-FOR-US: Mediatek +CVE-2021-0422 (In memory management driver, there is a possible system crash due to a ...) + NOT-FOR-US: Mediatek +CVE-2021-0421 (In memory management driver, there is a possible information disclosur ...) + NOT-FOR-US: Mediatek +CVE-2021-0420 (In memory management driver, there is a possible system crash due to a ...) + NOT-FOR-US: Mediatek +CVE-2021-0419 (In memory management driver, there is a possible system crash due to i ...) + NOT-FOR-US: Mediatek +CVE-2021-0418 (In memory management driver, there is a possible system crash due to i ...) + NOT-FOR-US: Mediatek +CVE-2021-0417 (In memory management driver, there is a possible system crash due to i ...) + NOT-FOR-US: Mediatek +CVE-2021-0416 (In memory management driver, there is a possible system crash due to i ...) + NOT-FOR-US: Mediatek +CVE-2021-0415 (In memory management driver, there is a possible information disclosur ...) + NOT-FOR-US: Mediatek +CVE-2021-0414 (In flv extractor, there is a possible out of bounds read due to a heap ...) + NOT-FOR-US: Mediatek +CVE-2021-0413 (In flv extractor, there is a possible out of bounds read due to a miss ...) + NOT-FOR-US: Mediatek +CVE-2021-0412 (In flv extractor, there is a possible out of bounds read due to a miss ...) + NOT-FOR-US: Mediatek +CVE-2021-0411 (In flv extractor, there is a possible out of bounds read due to an int ...) + NOT-FOR-US: Mediatek +CVE-2021-0410 (In flv extractor, there is a possible out of bounds read due to an inc ...) + NOT-FOR-US: Mediatek +CVE-2021-0409 (In flv extractor, there is a possible out of bounds read due to an inc ...) + NOT-FOR-US: Mediatek +CVE-2021-0408 (In asf extractor, there is a possible out of bounds read due to an inc ...) + NOT-FOR-US: Mediatek +CVE-2021-0407 (In clk driver, there is a possible out of bounds write due to an incor ...) + NOT-FOR-US: Mediatek +CVE-2021-0406 (In cameraisp, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: MediaTek +CVE-2021-0405 (In performance driver, there is a possible out of bounds write due to ...) + NOT-FOR-US: MediaTek +CVE-2021-0404 (In mobile_log_d, there is a possible information disclosure due to imp ...) + NOT-FOR-US: MediaTek +CVE-2021-0403 (In netdiag, there is a possible information disclosure due to a missin ...) + NOT-FOR-US: MediaTek +CVE-2021-0402 (In jpeg, there is a possible out of bounds write due to improper input ...) + NOT-FOR-US: MediaTek +CVE-2021-0401 (In vow, there is a possible memory corruption due to a race condition. ...) + NOT-FOR-US: MediaTek +CVE-2021-0400 (In injectBestLocation and handleUpdateLocation of GnssLocationProvider ...) + NOT-FOR-US: Android +CVE-2021-0399 (In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruptio ...) + - linux <not-affected> (Android-specific xt_qtaguid code) + NOTE: https://source.android.com/security/bulletin/2021-03-01 +CVE-2021-0398 (In bindServiceLocked of ActiveServices.java, there is a possible foreg ...) + NOT-FOR-US: Android +CVE-2021-0397 (In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system c ...) + NOT-FOR-US: Android +CVE-2021-0396 (In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc an ...) + NOT-FOR-US: Android +CVE-2021-0395 (In StopServicesAndLogViolations of reboot.cpp, there is possible memor ...) + NOT-FOR-US: Android +CVE-2021-0394 (In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a ...) + NOT-FOR-US: Android +CVE-2021-0393 (In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-0392 (In main of main.cpp, there is a possible memory corruption due to a do ...) + NOT-FOR-US: Android +CVE-2021-0391 (In onCreate() of ChooseTypeAndAccountActivity.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2021-0390 (In various methods of WifiNetworkSuggestionsManager.java, there is a p ...) + NOT-FOR-US: Android +CVE-2021-0389 (In setNightModeActivated of UiModeManagerService.java, there is a miss ...) + NOT-FOR-US: Android +CVE-2021-0388 (In onReceive of ImsPhoneCallTracker.java, there is a possible misattri ...) + NOT-FOR-US: Android +CVE-2021-0387 (In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-a ...) + NOT-FOR-US: Android +CVE-2021-0386 (In onCreate of UsbConfirmActivity, there is a possible tapjacking vect ...) + NOT-FOR-US: Android +CVE-2021-0385 (In createConnectToAvailableNetworkNotification of ConnectToNetworkNoti ...) + NOT-FOR-US: Android +CVE-2021-0384 + REJECTED +CVE-2021-0383 (In done of CaptivePortalLoginActivity.java, there is a confused deputy ...) + NOT-FOR-US: Android +CVE-2021-0382 (In checkSlicePermission of SliceManagerService.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2021-0381 (In updateNotifications of DeviceStorageMonitorService.java, there is a ...) + NOT-FOR-US: Android +CVE-2021-0380 (In onReceive of DcTracker.java, there is a possible way to trigger a p ...) + NOT-FOR-US: Android +CVE-2021-0379 (In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of boun ...) + NOT-FOR-US: Android media framework +CVE-2021-0378 (In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds re ...) + NOT-FOR-US: Android media framework +CVE-2021-0377 (In DeltaPerformer::Write of delta_performer.cc, there is a possible us ...) + NOT-FOR-US: Android +CVE-2021-0376 (In checkUriPermission and related functions of MediaProvider.java, the ...) + NOT-FOR-US: Android +CVE-2021-0375 (In onPackageModified of VoiceInteractionManagerService.java, there is ...) + NOT-FOR-US: Android +CVE-2021-0374 (In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there ...) + NOT-FOR-US: Android media framework +CVE-2021-0373 + RESERVED +CVE-2021-0372 (In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a poss ...) + NOT-FOR-US: Android +CVE-2021-0371 (In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out ...) + NOT-FOR-US: Android +CVE-2021-0370 (In Write of NxpMfcReader.cc, there is a possible out of bounds write d ...) + NOT-FOR-US: Android +CVE-2021-0369 (In CrossProfileAppsServiceImpl.java, there is the possibility of an ap ...) + NOT-FOR-US: Android +CVE-2021-0368 (In oggpack_look of bitwise.c, there is a possible out of bounds read d ...) + NOT-FOR-US: Android media framework +CVE-2021-0367 (In vpu, there is a possible memory corruption due to a race condition. ...) + NOT-FOR-US: MediaTek +CVE-2021-0366 (In vpu, there is a possible memory corruption due to a race condition. ...) + NOT-FOR-US: MediaTek +CVE-2021-0365 (In display driver, there is a possible memory corruption due to a use ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0364 (In mobile_log_d, there is a possible command injection due to improper ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0363 (In mobile_log_d, there is a possible command injection due to a missin ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0362 (In aee, there is a possible memory corruption due to a stack buffer ov ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0361 (In kisd, there is a possible out of bounds read due to improper input ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0360 (In netdiag, there is a possible out of bounds write due to an incorrec ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0359 (In netdiag, there is a possible out of bounds write due to a missing b ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0358 (In netdiag, there is a possible command injection due to improper inpu ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0357 (In netdiag, there is a possible out of bounds write due to a missing b ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0356 (In netdiag, there is a possible command injection due to improper inpu ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0355 (In kisd, there is a possible out of bounds write due to an integer ove ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0354 (In ged, there is a possible out of bounds write due to an integer over ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0353 (In kisd, there is a possible memory corruption due to a heap buffer ov ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0352 (In RT regmap driver, there is a possible memory corruption due to type ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0351 (In wlan driver, there is a possible system crash due to a missing boun ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0350 (In ged, there is a possible system crash due to an improper input vali ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0349 (In display driver, there is a possible memory corruption due to a use ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0348 (In vpu, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0347 (In ccu, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0346 (In vpu, there is a possible out of bounds write due to an incorrect bo ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0345 (In mobile_log_d, there is a possible escalation of privilege due to im ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0344 (In mtkpower, there is a possible memory corruption due to a missing bo ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0343 (In kisd, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-0342 (In tun_get_user of tun.c, there is possible memory corruption due to a ...) + - linux 5.7.6-1 + [buster] - linux 4.19.131-1 + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f +CVE-2021-0341 (In verifyHostName of OkHostnameVerifier.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2021-0340 (In parseNextBox of IsoInterface.java, there is a possible leak of unre ...) + NOT-FOR-US: Android +CVE-2021-0339 (In loadAnimation of WindowContainer.java, there is a possible way to k ...) + NOT-FOR-US: Android +CVE-2021-0338 (In SystemSettingsValidators, there is a possible permanent denial of s ...) + NOT-FOR-US: Android +CVE-2021-0337 (In moveInMediaStore of FileSystemProvider.java, there is a possible fi ...) + NOT-FOR-US: Android +CVE-2021-0336 (In onReceive of BluetoothPermissionRequest.java, there is a possible p ...) + NOT-FOR-US: Android +CVE-2021-0335 (In process of C2SoftHevcDec.cpp, there is a possible out of bounds wri ...) + NOT-FOR-US: Android media framework +CVE-2021-0334 (In onTargetSelected of ResolverActivity.java, there is a possible sett ...) + NOT-FOR-US: Android +CVE-2021-0333 (In onCreate of BluetoothPermissionActivity.java, there is a possible p ...) + NOT-FOR-US: Android +CVE-2021-0332 (In bootFinished of SurfaceFlinger.cpp, there is a possible memory corr ...) + NOT-FOR-US: Android media framework +CVE-2021-0331 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...) + NOT-FOR-US: Android +CVE-2021-0330 (In add_user_ce and remove_user_ce of storaged.cpp, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-0329 (In several native functions called by AdvertiseManager.java, there is ...) + NOT-FOR-US: Android +CVE-2021-0328 (In onBatchScanReports and deliverBatchScan of GattService.java, there ...) + NOT-FOR-US: Android +CVE-2021-0327 (In getContentProviderImpl of ActivityManagerService.java, there is a p ...) + NOT-FOR-US: Android +CVE-2021-0326 (In p2p_copy_client_info of p2p.c, there is a possible out of bounds wr ...) + {DSA-4898-1 DLA-2572-1} + - wpa 2:2.9.0-17 (bug #981971) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/4 + NOTE: https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt + NOTE: https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch + NOTE: https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e +CVE-2021-0325 (In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible o ...) + NOT-FOR-US: Android media framework +CVE-2021-0324 (Product: AndroidVersions: Android SoCAndroid ID: A-175402462 ...) + NOT-FOR-US: UniSoc components for Android +CVE-2021-0323 + RESERVED + NOTE: Duplicate for CVE-2020-10767, clarification with Android security team pending +CVE-2021-0322 (In onCreate of SlicePermissionActivity.java, there is a possible misle ...) + NOT-FOR-US: Android +CVE-2021-0321 (In enforceDumpPermissionForPackage of ActivityManagerService.java, the ...) + NOT-FOR-US: Android +CVE-2021-0320 (In is_device_locked and set_device_locked of keystore_keymaster_enforc ...) + NOT-FOR-US: Android +CVE-2021-0319 (In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there ...) + NOT-FOR-US: Android +CVE-2021-0318 (In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a ...) + NOT-FOR-US: Android +CVE-2021-0317 (In createOrUpdate of Permission.java and related code, there is possib ...) + NOT-FOR-US: Android +CVE-2021-0316 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2021-0315 (In onCreate of GrantCredentialsPermissionActivity.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2021-0314 (In onCreate of UninstallerActivity, there is a possible way to uninsta ...) + NOT-FOR-US: Android +CVE-2021-0313 (In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slo ...) + NOT-FOR-US: Android +CVE-2021-0312 (In WAVSource::read of WAVExtractor.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android media framework +CVE-2021-0311 (In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, ther ...) + NOT-FOR-US: Android media framework +CVE-2021-0310 (In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possib ...) + NOT-FOR-US: Android +CVE-2021-0309 (In onCreate of grantCredentialsPermissionActivity, there is a confused ...) + NOT-FOR-US: Android +CVE-2021-0308 (In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds ...) + {DLA-2549-1} + - gdisk 1.0.6-1 + [buster] - gdisk <no-dsa> (Minor issue) + NOTE: https://sourceforge.net/p/gptfdisk/code/ci/f523bbc0c2437fe259aa3aff5e819e24101aee29 + NOTE: https://android.googlesource.com/platform/external/gptfdisk/+/6d369451868ce71618144c4f4bd645ae48f0d1c5 +CVE-2021-0307 (In updatePermissionSourcePackage of PermissionManagerService.java, the ...) + NOT-FOR-US: Android +CVE-2021-0306 (In addAllPermissions of PermissionManagerService.java, there is a poss ...) + NOT-FOR-US: Android +CVE-2021-0305 (In PackageInstaller, there is a possible tapjacking attack due to an i ...) + NOT-FOR-US: Android +CVE-2021-0304 (In several functions of GlobalScreenshot.java, there is a possible per ...) + NOT-FOR-US: Android +CVE-2021-0303 (In dispatchGraphTerminationMessage() of packages/services/Car/computep ...) + NOT-FOR-US: Android +CVE-2021-0302 (In PackageInstaller, there is a possible tapjacking attack due to an i ...) + NOT-FOR-US: Android +CVE-2021-0301 (In ged, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek components for Android +CVE-2021-0300 + RESERVED +CVE-2021-0299 (An Improper Handling of Exceptional Conditions vulnerability in the pr ...) + NOT-FOR-US: Juniper +CVE-2021-0298 (A Race Condition in the 'show chassis pic' command in Juniper Networks ...) + NOT-FOR-US: Juniper +CVE-2021-0297 (A vulnerability in the processing of TCP MD5 authentication in Juniper ...) + NOT-FOR-US: Juniper +CVE-2021-0296 (The Juniper Networks CTPView server is not enforcing HTTP Strict Trans ...) + NOT-FOR-US: Juniper +CVE-2021-0295 (A vulnerability in the Distance Vector Multicast Routing Protocol (DVM ...) + NOT-FOR-US: Juniper +CVE-2021-0294 (A vulnerability in Juniper Networks Junos OS, which only affects the r ...) + NOT-FOR-US: Juniper +CVE-2021-0293 (A vulnerability in Juniper Networks Junos OS caused by Missing Release ...) + NOT-FOR-US: Juniper +CVE-2021-0292 (An Uncontrolled Resource Consumption vulnerability in the ARP daemon ( ...) + NOT-FOR-US: Juniper +CVE-2021-0291 (An Exposure of System Data vulnerability in Juniper Networks Junos OS ...) + NOT-FOR-US: Juniper +CVE-2021-0290 (Improper Handling of Exceptional Conditions in Ethernet interface fram ...) + NOT-FOR-US: Juniper +CVE-2021-0289 (When user-defined ARP Policer is configured and applied on one or more ...) + NOT-FOR-US: Juniper +CVE-2021-0288 (A vulnerability in the processing of specific MPLS packets in Juniper ...) + NOT-FOR-US: Juniper +CVE-2021-0287 (In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Netwo ...) + NOT-FOR-US: Juniper +CVE-2021-0286 (A vulnerability in the handling of exceptional conditions in Juniper N ...) + NOT-FOR-US: Juniper +CVE-2021-0285 (An uncontrolled resource consumption vulnerability in Juniper Networks ...) + NOT-FOR-US: Juniper +CVE-2021-0284 (A buffer overflow vulnerability in the TCP/IP stack of Juniper Network ...) + NOT-FOR-US: Juniper +CVE-2021-0283 (A buffer overflow vulnerability in the TCP/IP stack of Juniper Network ...) + NOT-FOR-US: Juniper +CVE-2021-0282 (On Juniper Networks Junos OS devices with Multipath or add-path featur ...) + NOT-FOR-US: Juniper +CVE-2021-0281 (On Juniper Networks Junos OS devices configured with BGP origin valida ...) + NOT-FOR-US: Juniper +CVE-2021-0280 (Due to an Improper Initialization vulnerability in Juniper Networks Ju ...) + NOT-FOR-US: Juniper +CVE-2021-0279 (Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have Rab ...) + NOT-FOR-US: Juniper +CVE-2021-0278 (An Improper Input Validation vulnerability in J-Web of Juniper Network ...) + NOT-FOR-US: Juniper +CVE-2021-0277 (An Out-of-bounds Read vulnerability in the processing of specially cra ...) + NOT-FOR-US: Juniper +CVE-2021-0276 (A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Ca ...) + NOT-FOR-US: Juniper +CVE-2021-0275 (A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Network ...) + NOT-FOR-US: Juniper +CVE-2021-0274 + RESERVED +CVE-2021-0273 (An always-incorrect control flow implementation in the implicit filter ...) + NOT-FOR-US: Juniper +CVE-2021-0272 (A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX1 ...) + NOT-FOR-US: Juniper +CVE-2021-0271 (A Double Free vulnerability in the software forwarding interface daemo ...) + NOT-FOR-US: Juniper +CVE-2021-0270 (On PTX Series and QFX10k Series devices with the "inline-jflow" featur ...) + NOT-FOR-US: Juniper +CVE-2021-0269 (The improper handling of client-side parameters in J-Web of Juniper Ne ...) + NOT-FOR-US: Juniper +CVE-2021-0268 (An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Re ...) + NOT-FOR-US: Juniper +CVE-2021-0267 (An Improper Input Validation vulnerability in the active-lease query p ...) + NOT-FOR-US: Juniper +CVE-2021-0266 (The use of multiple hard-coded cryptographic keys in cSRX Series softw ...) + NOT-FOR-US: Juniper +CVE-2021-0265 (An unvalidated REST API in the AppFormix Agent of Juniper Networks App ...) + NOT-FOR-US: Juniper +CVE-2021-0264 (A vulnerability in the processing of traffic matching a firewall filte ...) + NOT-FOR-US: Juniper +CVE-2021-0263 (A Data Processing vulnerability in the Multi-Service process (multi-sv ...) + NOT-FOR-US: Juniper +CVE-2021-0262 (Through routine static code analysis of the Juniper Networks Junos OS ...) + NOT-FOR-US: Juniper +CVE-2021-0261 (A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentic ...) + NOT-FOR-US: Juniper +CVE-2021-0260 (An improper authorization vulnerability in the Simple Network Manageme ...) + NOT-FOR-US: Juniper +CVE-2021-0259 (Due to a vulnerability in DDoS protection in Juniper Networks Junos OS ...) + NOT-FOR-US: Juniper +CVE-2021-0258 (A vulnerability in the forwarding of transit TCPv6 packets received on ...) + NOT-FOR-US: Juniper +CVE-2021-0257 (On Juniper Networks MX Series and EX9200 Series platforms with Trio-ba ...) + NOT-FOR-US: Juniper +CVE-2021-0256 (A sensitive information disclosure vulnerability in the mosquitto mess ...) + NOT-FOR-US: Juniper +CVE-2021-0255 (A local privilege escalation vulnerability in ethtraceroute of Juniper ...) + NOT-FOR-US: Juniper +CVE-2021-0254 (A buffer size validation vulnerability in the overlayd service of Juni ...) + NOT-FOR-US: Juniper +CVE-2021-0253 (NFX Series devices using Juniper Networks Junos OS are susceptible to ...) + NOT-FOR-US: Juniper +CVE-2021-0252 (NFX Series devices using Juniper Networks Junos OS are susceptible to ...) + NOT-FOR-US: Juniper +CVE-2021-0251 (A NULL Pointer Dereference vulnerability in the Captive Portal Content ...) + NOT-FOR-US: Juniper +CVE-2021-0250 (In segment routing traffic engineering (SRTE) environments where the B ...) + NOT-FOR-US: Juniper +CVE-2021-0249 (On SRX Series devices configured with UTM services a buffer overflow v ...) + NOT-FOR-US: Juniper +CVE-2021-0248 (This issue is not applicable to NFX NextGen Software. On NFX Series de ...) + NOT-FOR-US: Juniper +CVE-2021-0247 (A Race Condition (Concurrent Execution using Shared Resource with Impr ...) + NOT-FOR-US: Juniper +CVE-2021-0246 (On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, ...) + NOT-FOR-US: Juniper +CVE-2021-0245 (A Use of Hard-coded Credentials vulnerability in Juniper Networks Juno ...) + NOT-FOR-US: Juniper +CVE-2021-0244 (A signal handler race condition exists in the Layer 2 Address Learning ...) + NOT-FOR-US: Juniper +CVE-2021-0243 (Improper Handling of Unexpected Data in the firewall policer of Junipe ...) + NOT-FOR-US: Juniper +CVE-2021-0242 (A vulnerability due to the improper handling of direct memory access ( ...) + NOT-FOR-US: Juniper +CVE-2021-0241 (On Juniper Networks Junos OS platforms configured as DHCPv6 local serv ...) + NOT-FOR-US: Juniper +CVE-2021-0240 (On Juniper Networks Junos OS platforms configured as DHCPv6 local serv ...) + NOT-FOR-US: Juniper +CVE-2021-0239 (In Juniper Networks Junos OS Evolved, receipt of a stream of specific ...) + NOT-FOR-US: Juniper +CVE-2021-0238 (When a MX Series is configured as a Broadband Network Gateway (BNG) ba ...) + NOT-FOR-US: Juniper +CVE-2021-0237 (On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QF ...) + NOT-FOR-US: Juniper +CVE-2021-0236 (Due to an improper check for unusual or exceptional conditions in Juni ...) + NOT-FOR-US: Juniper +CVE-2021-0235 (On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, ...) + NOT-FOR-US: Juniper +CVE-2021-0234 (Due to an improper Initialization vulnerability on Juniper Networks Ju ...) + NOT-FOR-US: Juniper +CVE-2021-0233 (A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Se ...) + NOT-FOR-US: Juniper +CVE-2021-0232 (An authentication bypass vulnerability in the Juniper Networks Paragon ...) + NOT-FOR-US: Juniper +CVE-2021-0231 (A path traversal vulnerability in the Juniper Networks SRX and vSRX Se ...) + NOT-FOR-US: Juniper +CVE-2021-0230 (On Juniper Networks SRX Series devices with link aggregation (lag) con ...) + NOT-FOR-US: Juniper +CVE-2021-0229 (An uncontrolled resource consumption vulnerability in Message Queue Te ...) + NOT-FOR-US: Juniper +CVE-2021-0228 (An improper check for unusual or exceptional conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2021-0227 (An improper restriction of operations within the bounds of a memory bu ...) + NOT-FOR-US: Juniper +CVE-2021-0226 (On Juniper Networks Junos OS Evolved devices, receipt of a specific IP ...) + NOT-FOR-US: Juniper +CVE-2021-0225 (An Improper Check for Unusual or Exceptional Conditions in Juniper Net ...) + NOT-FOR-US: Juniper +CVE-2021-0224 (A vulnerability in the handling of internal resources necessary to bri ...) + NOT-FOR-US: Juniper +CVE-2021-0223 (A local privilege escalation vulnerability in telnetd.real of Juniper ...) + NOT-FOR-US: Juniper +CVE-2021-0222 (A vulnerability in Juniper Networks Junos OS allows an attacker to cau ...) + NOT-FOR-US: Juniper +CVE-2021-0221 (In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway ...) + NOT-FOR-US: Juniper +CVE-2021-0220 (The Junos Space Network Management Platform has been found to store sh ...) + NOT-FOR-US: Junos Space Network Management Platform +CVE-2021-0219 (A command injection vulnerability in install package validation subsys ...) + NOT-FOR-US: Juniper +CVE-2021-0218 (A command injection vulnerability in the license-check daemon of Junip ...) + NOT-FOR-US: Juniper +CVE-2021-0217 (A vulnerability in processing of certain DHCP packets from adjacent cl ...) + NOT-FOR-US: Juniper +CVE-2021-0216 (A vulnerability in Juniper Networks Junos OS running on the ACX5448 an ...) + NOT-FOR-US: Juniper +CVE-2021-0215 (On Juniper Networks Junos EX series, QFX Series, MX Series and SRX bra ...) + NOT-FOR-US: Juniper +CVE-2021-0214 (A vulnerability in the distributed or centralized periodic packet mana ...) + NOT-FOR-US: Juniper +CVE-2021-0213 + RESERVED +CVE-2021-0212 (An Information Exposure vulnerability in Juniper Networks Contrail Net ...) + NOT-FOR-US: Juniper +CVE-2021-0211 (An improper check for unusual or exceptional conditions in Juniper Net ...) + NOT-FOR-US: Juniper +CVE-2021-0210 (An Information Exposure vulnerability in J-Web of Juniper Networks Jun ...) + NOT-FOR-US: Juniper +CVE-2021-0209 (In Juniper Networks Junos OS Evolved an attacker sending certain valid ...) + NOT-FOR-US: Juniper +CVE-2021-0208 (An improper input validation vulnerability in the Routing Protocol Dae ...) + NOT-FOR-US: Juniper +CVE-2021-0207 (An improper interpretation conflict of certain data between certain so ...) + NOT-FOR-US: Juniper +CVE-2021-0206 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS ...) + NOT-FOR-US: Juniper +CVE-2021-0205 (When the "Intrusion Detection Service" (IDS) feature is configured on ...) + NOT-FOR-US: Juniper +CVE-2021-0204 (A sensitive information disclosure vulnerability in delta-export confi ...) + NOT-FOR-US: Juniper +CVE-2021-0203 (On Juniper Networks EX and QFX5K Series platforms configured with Redu ...) + NOT-FOR-US: Juniper +CVE-2021-0202 (On Juniper Networks MX Series and EX9200 Series platforms with Trio-ba ...) + NOT-FOR-US: Juniper +CVE-2021-0201 + RESERVED +CVE-2021-0200 (Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series C ...) + NOT-FOR-US: Intel +CVE-2021-0199 (Improper input validation in the firmware for the Intel(R) Ethernet Ne ...) + NOT-FOR-US: Intel +CVE-2021-0198 (Improper access control in the firmware for the Intel(R) Ethernet Netw ...) + NOT-FOR-US: Intel +CVE-2021-0197 (Protection mechanism failure in the firmware for the Intel(R) Ethernet ...) + NOT-FOR-US: Intel +CVE-2021-0196 (Improper access control in kernel mode driver for some Intel(R) NUC 9 ...) + NOT-FOR-US: Intel +CVE-2021-0195 + RESERVED +CVE-2021-0194 + RESERVED +CVE-2021-0193 + RESERVED +CVE-2021-0192 + RESERVED +CVE-2021-0191 + RESERVED +CVE-2021-0190 + RESERVED +CVE-2021-0189 + RESERVED +CVE-2021-0188 + RESERVED +CVE-2021-0187 + RESERVED +CVE-2021-0186 (Improper input validation in the Intel(R) SGX SDK applications compile ...) + NOT-FOR-US: Intel +CVE-2021-0185 + RESERVED +CVE-2021-0184 + RESERVED +CVE-2021-0183 (Improper Validation of Specified Index, Position, or Offset in Input i ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0182 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...) + NOT-FOR-US: Intel Hardware Accelerated Execution Manager +CVE-2021-0181 + RESERVED +CVE-2021-0180 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...) + NOT-FOR-US: Intel Hardware Accelerated Execution Manager +CVE-2021-0179 (Improper Use of Validation Framework in software for Intel(R) PROSet/W ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0178 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0177 (Improper Validation of Consistency within input in software for Intel( ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0176 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0175 (Improper Validation of Specified Index, Position, or Offset in Input i ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0174 (Improper Use of Validation Framework in firmware for some Intel(R) PRO ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0173 (Improper Validation of Consistency within input in firmware for some I ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0172 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0171 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0170 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0169 (Uncontrolled Search Path Element in software for Intel(R) PROSet/Wirel ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0168 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0167 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0166 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0165 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0164 (Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0163 (Improper Validation of Consistency within input in software for Intel( ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0162 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0161 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0160 (Uncontrolled search path in some Intel(R) NUC Pro Chassis Element Aver ...) + NOT-FOR-US: Intel +CVE-2021-0159 + RESERVED +CVE-2021-0158 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...) + NOT-FOR-US: Intel +CVE-2021-0157 (Insufficient control flow management in the BIOS firmware for some Int ...) + NOT-FOR-US: Intel +CVE-2021-0156 (Improper input validation in the firmware for some Intel(R) Processors ...) + TODO: check +CVE-2021-0155 + RESERVED +CVE-2021-0154 + RESERVED +CVE-2021-0153 + RESERVED +CVE-2021-0152 (Improper verification of cryptographic signature in the installer for ...) + NOT-FOR-US: Intel +CVE-2021-0151 (Improper access control in the installer for some Intel(R) Wireless Bl ...) + NOT-FOR-US: Intel +CVE-2021-0150 + RESERVED +CVE-2021-0149 + RESERVED +CVE-2021-0148 (Insertion of information into log file in firmware for some Intel(R) S ...) + NOT-FOR-US: Intel +CVE-2021-0147 (Improper locking in the Power Management Controller (PMC) for some Int ...) + NOT-FOR-US: Intel +CVE-2021-0146 (Hardware allows activation of test or debug logic at runtime for some ...) + - intel-microcode <unfixed> + [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release) + [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207 +CVE-2021-0145 (Improper initialization of shared resources in some Intel(R) Processor ...) + - intel-microcode <unfixed> + [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release) + [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00561.html + NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/fast-store-forwarding-predictor.html +CVE-2021-0144 (Insecure default variable initialization for the Intel BSSA DFT featur ...) + NOT-FOR-US: Intel +CVE-2021-0143 (Improper permissions in the installer for the Intel(R) Brand Verificat ...) + NOT-FOR-US: Intel +CVE-2021-0142 + RESERVED +CVE-2021-0141 + RESERVED +CVE-2021-0140 + RESERVED +CVE-2021-0139 + RESERVED +CVE-2021-0138 + RESERVED +CVE-2021-0137 + RESERVED +CVE-2021-0136 + RESERVED +CVE-2021-0135 (Improper input validation in the Intel(R) Ethernet Diagnostic Driver f ...) + NOT-FOR-US: Intel +CVE-2021-0134 (Improper input validation in an API for the Intel(R) Security Library ...) + NOT-FOR-US: Intel +CVE-2021-0133 (Key exchange without entity authentication in the Intel(R) Security Li ...) + NOT-FOR-US: Intel +CVE-2021-0132 (Missing release of resource after effective lifetime in an API for the ...) + NOT-FOR-US: Intel +CVE-2021-0131 (Use of cryptographically weak pseudo-random number generator (PRNG) in ...) + NOT-FOR-US: Intel +CVE-2021-0130 + RESERVED +CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated user to po ...) + {DSA-4951-1 DLA-2692-1 DLA-2690-1 DLA-2689-1} + - bluez 5.55-3.1 (bug #989614) + - linux 5.10.40-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738 + NOTE: https://git.kernel.org/linus/6d19628f539fccf899298ff02ee4c73e4bf6df3f + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html +CVE-2021-0128 + RESERVED +CVE-2021-0127 (Insufficient control flow management in some Intel(R) Processors may a ...) + - intel-microcode <unfixed> + [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release) + [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207 +CVE-2021-0126 + RESERVED +CVE-2021-0125 (Improper initialization in the firmware for some Intel(R) Processors m ...) + TODO: check +CVE-2021-0124 (Improper access control in the firmware for some Intel(R) Processors m ...) + TODO: check +CVE-2021-0123 + RESERVED +CVE-2021-0122 + RESERVED +CVE-2021-0121 (Improper access control in the installer for some Intel(R) Iris(R) Xe ...) + NOT-FOR-US: Intel +CVE-2021-0120 (Improper initialization in the installer for some Intel(R) Graphics DC ...) + NOT-FOR-US: Intel +CVE-2021-0119 (Improper initialization in the firmware for some Intel(R) Processors m ...) + TODO: check +CVE-2021-0118 (Out-of-bounds read in the firmware for some Intel(R) Processors may al ...) + TODO: check +CVE-2021-0117 (Pointer issues in the firmware for some Intel(R) Processors may allow ...) + TODO: check +CVE-2021-0116 (Out-of-bounds write in the firmware for some Intel(R) Processors may a ...) + TODO: check +CVE-2021-0115 (Buffer overflow in the firmware for some Intel(R) Processors may allow ...) + TODO: check +CVE-2021-0114 (Unchecked return value in the firmware for some Intel(R) Processors ma ...) + NOT-FOR-US: Intel +CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server Board M10J ...) + NOT-FOR-US: Intel +CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows before ...) + NOT-FOR-US: Intel +CVE-2021-0111 (NULL pointer dereference in the firmware for some Intel(R) Processors ...) + TODO: check +CVE-2021-0110 (Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH D ...) + NOT-FOR-US: Intel +CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver package for ...) + NOT-FOR-US: Intel +CVE-2021-0108 (Uncontrolled search path in the Intel Unite(R) Client for Windows befo ...) + NOT-FOR-US: Intel +CVE-2021-0107 (Unchecked return value in the firmware for some Intel(R) Processors ma ...) + TODO: check +CVE-2021-0106 (Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent ...) + NOT-FOR-US: Intel +CVE-2021-0105 (Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi d ...) + NOT-FOR-US: Intel +CVE-2021-0104 (Uncontrolled search path element in the installer for the Intel(R) Rap ...) + NOT-FOR-US: Intel +CVE-2021-0103 (Insufficient control flow management in the firmware for some Intel(R) ...) + TODO: check +CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for Window ...) + NOT-FOR-US: Intel +CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB ...) + NOT-FOR-US: Intel +CVE-2021-0100 (Incorrect default permissions in the installer for the Intel(R) SSD Da ...) + NOT-FOR-US: Intel +CVE-2021-0099 (Insufficient control flow management in the firmware for some Intel(R) ...) + TODO: check +CVE-2021-0098 (Improper access control in the Intel Unite(R) Client for Windows befor ...) + NOT-FOR-US: Intel +CVE-2021-0097 (Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB ...) + NOT-FOR-US: Intel +CVE-2021-0096 (Improper authentication in the software installer for the Intel(R) NUC ...) + NOT-FOR-US: Intel +CVE-2021-0095 (Improper initialization in the firmware for some Intel(R) Processors m ...) + NOT-FOR-US: Intel +CVE-2021-0094 (Improper link resolution before file access in Intel(R) DSA before ver ...) + NOT-FOR-US: Intel +CVE-2021-0093 (Incorrect default permissions in the firmware for some Intel(R) Proces ...) + TODO: check +CVE-2021-0092 (Improper access control in the firmware for some Intel(R) Processors m ...) + TODO: check +CVE-2021-0091 (Improper access control in the firmware for some Intel(R) Processors m ...) + TODO: check +CVE-2021-0090 (Uncontrolled search path element in Intel(R) DSA before version 20.11. ...) + NOT-FOR-US: Intel +CVE-2021-0089 (Observable response discrepancy in some Intel(R) Processors may allow ...) + {DSA-4931-1} + - xen 4.14.2+25-gb6a8c4f72d-1 + [stretch] - xen <end-of-life> (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-375.html + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00516.html +CVE-2021-0088 + RESERVED +CVE-2021-0087 + RESERVED +CVE-2021-0086 (Observable response discrepancy in floating-point operations for some ...) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html + NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in + NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314"). + NOT-FOR-US: Intel +CVE-2021-0085 + RESERVED +CVE-2021-0084 (Improper input validation in the Intel(R) Ethernet Controllers X722 an ...) + NOT-FOR-US: Intel +CVE-2021-0083 (Improper input validation in some Intel(R) Optane(TM) PMem versions be ...) + NOT-FOR-US: Intel +CVE-2021-0082 (Uncontrolled search path in software installer for Intel(R) PROSet/Wir ...) + NOT-FOR-US: Intel +CVE-2021-0081 + RESERVED +CVE-2021-0080 + RESERVED +CVE-2021-0079 (Improper input validation in software for some Intel(R) PROSet/Wireles ...) + NOT-FOR-US: Intel +CVE-2021-0078 (Improper input validation in software for some Intel(R) PROSet/Wireles ...) + NOT-FOR-US: Intel +CVE-2021-0077 (Insecure inherited permissions in the installer for the Intel(R) VTune ...) + NOT-FOR-US: Intel +CVE-2021-0076 (Improper Validation of Specified Index, Position, or Offset in Input i ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0075 (Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi ...) + NOT-FOR-US: Intel +CVE-2021-0074 (Improper permissions in the installer for the Intel(R) Computing Impro ...) + NOT-FOR-US: Intel +CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before version 20 ...) + NOT-FOR-US: Intel +CVE-2021-0072 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0071 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) + NOT-FOR-US: Intel +CVE-2021-0070 (Improper input validation in the BMC firmware for Intel(R) Server Boar ...) + NOT-FOR-US: Intel +CVE-2021-0069 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) + NOT-FOR-US: Intel +CVE-2021-0068 + RESERVED +CVE-2021-0067 (&nbsp;Improper access control in system firmware for some Intel(R) ...) + NOT-FOR-US: Intel +CVE-2021-0066 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...) + - firmware-nonfree <unfixed> + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree +CVE-2021-0065 (Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi sof ...) + NOT-FOR-US: Intel +CVE-2021-0064 (Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi so ...) + NOT-FOR-US: Intel +CVE-2021-0063 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) + NOT-FOR-US: Intel +CVE-2021-0062 (Improper input validation in some Intel(R) Graphics Drivers before ver ...) + NOT-FOR-US: Intel drivers for Windows +CVE-2021-0061 (Improper initialization in some Intel(R) Graphics Driver before versio ...) + NOT-FOR-US: Intel drivers for Windows +CVE-2021-0060 (Insufficient compartmentalization in HECI subsystem for the Intel(R) S ...) + NOT-FOR-US: Intel +CVE-2021-0059 + RESERVED +CVE-2021-0058 (Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Drive ...) + NOT-FOR-US: Intel +CVE-2021-0057 (Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pac ...) + NOT-FOR-US: Intel +CVE-2021-0056 (Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Dri ...) + NOT-FOR-US: Intel +CVE-2021-0055 (Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop ...) + NOT-FOR-US: Intel +CVE-2021-0054 (Improper buffer restrictions in system firmware for some Intel(R) NUCs ...) + NOT-FOR-US: Intel +CVE-2021-0053 (Improper initialization in firmware for some Intel(R) PROSet/Wireless ...) + NOT-FOR-US: Intel +CVE-2021-0052 (Incorrect default privileges in the Intel(R) Computing Improvement Pro ...) + NOT-FOR-US: Intel +CVE-2021-0051 (Improper input validation in the Intel(R) SPS versions before SPS_E5_0 ...) + NOT-FOR-US: Intel +CVE-2021-0050 + RESERVED +CVE-2021-0049 + RESERVED +CVE-2021-0048 + RESERVED +CVE-2021-0047 + RESERVED +CVE-2021-0046 + RESERVED +CVE-2021-0045 + RESERVED +CVE-2021-0044 + RESERVED +CVE-2021-0043 + RESERVED +CVE-2021-0042 + RESERVED +CVE-2021-0041 + RESERVED +CVE-2021-0040 + RESERVED +CVE-2021-0039 + RESERVED +CVE-2021-0038 + RESERVED +CVE-2021-0037 + RESERVED +CVE-2021-0036 + RESERVED +CVE-2021-0035 + RESERVED +CVE-2021-0034 + RESERVED +CVE-2021-0033 + RESERVED +CVE-2021-0032 + RESERVED +CVE-2021-0031 + RESERVED +CVE-2021-0030 + RESERVED +CVE-2021-0029 + RESERVED +CVE-2021-0028 + RESERVED +CVE-2021-0027 + RESERVED +CVE-2021-0026 + RESERVED +CVE-2021-0025 + RESERVED +CVE-2021-0024 + RESERVED +CVE-2021-0023 + RESERVED +CVE-2021-0022 + RESERVED +CVE-2021-0021 + RESERVED +CVE-2021-0020 + RESERVED +CVE-2021-0019 + RESERVED +CVE-2021-0018 + RESERVED +CVE-2021-0017 + RESERVED +CVE-2021-0016 + RESERVED +CVE-2021-0015 + RESERVED +CVE-2021-0014 + RESERVED +CVE-2021-0013 (Improper input validation for Intel(R) EMA before version 1.5.0 may al ...) + NOT-FOR-US: Intel +CVE-2021-0012 (Use after free in some Intel(R) Graphics Driver before version 27.20.1 ...) + NOT-FOR-US: Intel drivers for Windows +CVE-2021-0011 + RESERVED +CVE-2021-0010 + RESERVED +CVE-2021-0009 (Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 ...) + NOT-FOR-US: Intel +CVE-2021-0008 (Uncontrolled resource consumption in firmware for Intel(R) Ethernet Ad ...) + NOT-FOR-US: Intel +CVE-2021-0007 (Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Seri ...) + NOT-FOR-US: Intel +CVE-2021-0006 (Improper conditions check in firmware for Intel(R) Ethernet Adapters 8 ...) + NOT-FOR-US: Intel +CVE-2021-0005 (Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Seri ...) + NOT-FOR-US: Intel +CVE-2021-0004 (Improper buffer restrictions in the firmware of Intel(R) Ethernet Adap ...) + NOT-FOR-US: Intel +CVE-2021-0003 (Improper conditions check in some Intel(R) Ethernet Controllers 800 se ...) + NOT-FOR-US: Intel +CVE-2021-0002 (Improper conditions check in some Intel(R) Ethernet Controllers 800 se ...) + NOT-FOR-US: Intel +CVE-2021-0001 (Observable timing discrepancy in Intel(R) IPP before version 2020 upda ...) + NOT-FOR-US: Intel +CVE-2021-3409 (The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffectiv ...) + {DLA-2623-1} + - qemu 1:5.2+dfsg-10 (bug #986795) + [buster] - qemu <not-affected> (CVE-2020-17380/CVE-2020-25085 weren't backported to Buster) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928146 + NOTE: https://www.openwall.com/lists/oss-security/2021/03/09/1 + NOTE: New patch series: https://lists.nongnu.org/archive/html/qemu-devel/2021-03/msg00949.html + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b263d8f928001b5cfa2a993ea43b7a5b3a1811e8 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8be45cc947832b3c02144c9d52921f499f2d77fe + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=bc6f28995ff88f5d82c38afcfd65406f0ae375aa + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9 +CVE-2021-28375 (An issue was discovered in the Linux kernel through 5.11.6. fastrpc_in ...) + - linux 5.10.24-1 + [buster] - linux <not-affected> (Vulnerable code introduced later) + [stretch] - linux <not-affected> (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6 (5.12-rc3) + NOTE: https://lore.kernel.org/stable/YD03ew7+6v0XPh6l@kroah.com |